Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe
Analysis ID:	1431843
MD5:	99aa185a295411f72303fa9b7a497795
SHA1:	04cbab9197165b1648ef6fcbf0d1b60d2e0f7a95
SHA256:	4c00a2f66bb1d2470b17ef277f5f12a90ff2fc86a258cb82bf294835b87d4e02
Tags:	exe
Infos:

Detection

Score:	26
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Contains functionality to detect virtual machines (IN, VMware)

Detected VMProtect packer

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to delete services

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to query network adapater information

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found evasive API chain checking for process token information

Found potential string decryption / allocating functions

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Registers a DLL

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample is a service DLL but no service has been registered

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

System is w10x64

SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe (PID: 3484 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe" MD5: 99AA185A295411F72303FA9B7A497795)

SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp (PID: 6208 cmdline: "C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp" /SL5="$20446,6484768,412160,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe" MD5: A5E43FF07BF378503CF45D6EE7778021)

_setup64.tmp (PID: 1308 cmdline: helper 105 0x544 MD5: E4211D6D009757C078A9FAC7FF4F03D4)

conhost.exe (PID: 7104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

SoundBoosterTaskHost.exe (PID: 5596 cmdline: "C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe" -InstallAPO MD5: 674B5BE99C119416895FED6B4B54CD85)

conhost.exe (PID: 1700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

regsvr32.exe (PID: 4324 cmdline: "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

regsvr32.exe (PID: 6304 cmdline: /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

SoundBoosterService.exe (PID: 5796 cmdline: "C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe" -install MD5: E45BFFA942994D7921E37BCAA900740F)

conhost.exe (PID: 4208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

SoundBoosterTaskHost.exe (PID: 5920 cmdline: "C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe" -Activate MD5: 674B5BE99C119416895FED6B4B54CD85)

conhost.exe (PID: 916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

svchost.exe (PID: 6496 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 1712 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

System Summary

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p, CommandLine: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p, ProcessId: 6496, ProcessName: svchost.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C4211DA __EH_prolog3_GS,BCryptOpenAlgorithmProvider,SetLastError,	15_2_6C4211DA
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C42138B __EH_prolog3_GS,BCryptGenRandom,SetLastError,	15_2_6C42138B
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C44CE90 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,	15_2_6C44CE90
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C45A850 CertGetNameStringW,CertFindExtension,CryptDecodeObjectEx,	15_2_6C45A850
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C45A541 GetLastError,CreateFileW,GetLastError,GetFileSizeEx,GetLastError,ReadFile,CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,GetLastError,CloseHandle,	15_2_6C45A541
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C44D94F CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,	15_2_6C44D94F
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C491B8B BCryptCloseAlgorithmProvider,	15_2_6C491B8B
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C45D04E CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,	15_2_6C45D04E
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C45D004 CryptAcquireContextW,CryptCreateHash,	15_2_6C45D004
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C45D036 CryptHashData,	15_2_6C45D036
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C42134F BCryptCloseAlgorithmProvider,	15_2_6C42134F

Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_61adbb9d-5

Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-04-25 #001.txt			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\ProgramData\Letasoft\Sound Booster\Logs\Setup Log 2024-04-25 #001.txt.log			Jump to behavior

Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Wyatt\Documents\Visual Studio 2005\Projects\limelm-native-clients\bin\Release\TurboActivate.pdb source: is-470JU.tmp.1.dr
Source:	Binary string: C:\pre\soft\compress\x64\CompressGainLimiter.pdb source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BE5B90 _wcslen,FindFirstFileW,FindNextFileW,FindClose,		8_2_00BE5B90
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BE3C78 __EH_prolog3_GS,FindFirstFileW,_wcslen,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,		8_2_00BE3C78

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 15_2_6C43EFB1 recv,WSAGetLastError,

15_2_6C43EFB1

Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, SoundBoosterTaskHost.exe, 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmp, is-VDVIU.tmp.1.dr, is-UT7AG.tmp.1.dr	String found in binary or memory: http://.css
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, SoundBoosterTaskHost.exe, 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmp, is-VDVIU.tmp.1.dr, is-UT7AG.tmp.1.dr	String found in binary or memory: http://.jpg
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-1AQ6S.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-1AQ6S.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceCodeSigningCA.crt0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: http://ccsca2021.ocsp-certum.com05
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr	String found in binary or memory: http://crl.comodoca.com/COMODORSAExtendedValidationCodeSigningCA.crl0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-1AQ6S.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0O
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-1AQ6S.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-ha-cs-g1.crl00
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-1AQ6S.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-1AQ6S.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-ha-cs-g1.crl0L
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, SoundBoosterTaskHost.exe, 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmp, is-VDVIU.tmp.1.dr, is-UT7AG.tmp.1.dr	String found in binary or memory: http://html4/loose.dtd
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr	String found in binary or memory: http://ocsp.comodoca.com02
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-1AQ6S.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-1AQ6S.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0P
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://ocsp.digicert.com0R
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: http://subca.ocsp-certum.com01
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: http://subca.ocsp-certum.com02
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: http://subca.ocsp-certum.com05
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: http://www.certum.pl/CPS0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.2065768674.0000000002226000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1637946717.0000000002400000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2062141734.0000000002247000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.1641431576.00000000031F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1639199932.000000007FCE0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1638705530.0000000002400000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000000.1640080224.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-EMCVK.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr	String found in binary or memory: http://www.innosetup.com/
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: http://www.letasoft.com
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1639199932.000000007FCE0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1638705530.0000000002400000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000000.1640080224.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-EMCVK.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr	String found in binary or memory: http://www.remobjects.com/ps
Source: SoundBoosterTaskHost.exe, 0000000F.00000002.2048357672.0000000000978000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wyday.com/limelm/api/rest/
Source: is-UT7AG.tmp.1.dr	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: SoundBoosterTaskHost.exe	String found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr	String found in binary or memory: https://sectigo.com/CPS0U
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr	String found in binary or memory: https://secure.comodo.com/CPS0L
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: https://www.certum.pl/CPS0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-1AQ6S.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr, is-VDV7H.tmp.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.2065768674.000000000228D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2062141734.00000000022ED000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.letasoft.com
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.2065768674.000000000228D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2062141734.00000000022ED000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.letasoft.com)
Source: is-A00SO.tmp.1.dr, is-Q7VFD.tmp.1.dr	String found in binary or memory: https://www.letasoft.com/help/#b1
Source: is-A00SO.tmp.1.dr, is-Q7VFD.tmp.1.dr	String found in binary or memory: https://www.letasoft.com/help/#b5
Source: is-0B8RS.tmp.1.dr	String found in binary or memory: https://www.letasoft.com/ru/help/#b1
Source: is-0B8RS.tmp.1.dr	String found in binary or memory: https://www.letasoft.com/ru/help/#b5
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	String found in binary or memory: https://www.letasoft.com0
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1637946717.0000000002400000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.1641431576.00000000031F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.letasoft.com0https://www.letasoft.com0https://www.letasoft.com
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.2065768674.000000000228D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2062141734.00000000022ED000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.letasoft.comq
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, SoundBoosterTaskHost.exe, SoundBoosterTaskHost.exe, 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmp, SoundBoosterTaskHost.exe, 0000000F.00000002.2048357672.0000000000978000.00000004.00000020.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-UT7AG.tmp.1.dr	String found in binary or memory: https://wyday.com/limelm/api/rest/
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, SoundBoosterTaskHost.exe, 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmp, is-VDVIU.tmp.1.dr, is-UT7AG.tmp.1.dr	String found in binary or memory: https://wyday.com/limelm/api/rest/httpsSignature
Source: is-470JU.tmp.1.dr	String found in binary or memory: https://wyday.com/limelm/buy-redirect/%u/admin
Source: is-A00SO.tmp.1.dr, is-Q7VFD.tmp.1.dr, is-0B8RS.tmp.1.dr	String found in binary or memory: https://wyday.com/limelm/help/faq/#fix-broken-wmi
Source: is-470JU.tmp.1.dr	String found in binary or memory: https://wyday.com/limelm/help/faq/#fix-broken-wmivalTranslationtitlestartstitlepluralstitlesingleact

System Summary

Detected VMProtect packer

Source: is-VDVIU.tmp.1.dr

Static PE information: .vmp0 and .vmp1 section names

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 15_2_6C3F5929: SHGetFolderPathW,GetVolumePathNameW,GetVolumeNameForVolumeMountPointW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle,

15_2_6C3F5929

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe

Code function: 13_2_0042359F OpenSCManagerW,GetLastError,GetLastError,GetLastError,OpenServiceW,GetLastError,GetLastError,ControlService,Sleep,Sleep,QueryServiceStatus,DeleteService,GetLastError,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,

13_2_0042359F

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BEA830	8_2_00BEA830
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BF21B0	8_2_00BF21B0
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00C011DC	8_2_00C011DC
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BE99A0	8_2_00BE99A0
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BFC2AE	8_2_00BFC2AE
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BE9DB0	8_2_00BE9DB0
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BF1D52	8_2_00BF1D52
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BFBE00	8_2_00BFBE00
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BE9FA0	8_2_00BE9FA0
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BF1F81	8_2_00BF1F81
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: 13_2_00429843	13_2_00429843
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: 13_2_004368DC	13_2_004368DC
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: 13_2_00431940	13_2_00431940
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: 13_2_004293B7	13_2_004293B7
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: 13_2_004295E6	13_2_004295E6
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: 13_2_00431DEE	13_2_00431DEE
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C3E601A	15_2_6C3E601A
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C480C69	15_2_6C480C69
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C42ACA4	15_2_6C42ACA4
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C430CBC	15_2_6C430CBC
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C428F30	15_2_6C428F30
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C426F8D	15_2_6C426F8D
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C42A849	15_2_6C42A849
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C410979	15_2_6C410979
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C45E920	15_2_6C45E920
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C428BDD	15_2_6C428BDD
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C428BEA	15_2_6C428BEA
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C42A406	15_2_6C42A406
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C46E4D0	15_2_6C46E4D0
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C442484	15_2_6C442484
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C46C568	15_2_6C46C568
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C484629	15_2_6C484629
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C432706	15_2_6C432706
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C432146	15_2_6C432146
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C42A1E2	15_2_6C42A1E2
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C45C1F6	15_2_6C45C1F6
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C488218	15_2_6C488218
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C3F6296	15_2_6C3F6296
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C488338	15_2_6C488338
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C44BC04	15_2_6C44BC04
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C475CC1	15_2_6C475CC1
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C3F1F8C	15_2_6C3F1F8C
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C453801	15_2_6C453801
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C3E1859	15_2_6C3E1859
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C46183E	15_2_6C46183E
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C429899	15_2_6C429899
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C40F981	15_2_6C40F981
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C3F7471	15_2_6C3F7471
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C46907F	15_2_6C46907F
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C3F711B	15_2_6C3F711B
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C43D130	15_2_6C43D130
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C43B206	15_2_6C43B206
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C455237	15_2_6C455237

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: String function: 0042243D appears 35 times
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: String function: 00BE19BD appears 47 times
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: String function: 00BEDA80 appears 35 times
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: String function: 6C43350C appears 149 times
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: String function: 6C43EEAA appears 152 times
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: String function: 6C433AC0 appears 67 times
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: String function: 6C3E9279 appears 70 times
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: String function: 6C432EF2 appears 42 times
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: String function: 6C4334D8 appears 303 times

Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-EMCVK.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-EMCVK.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Source: is-HCK3C.tmp.1.dr	Static PE information: No import functions for PE file found
Source: is-3TFGO.tmp.1.dr	Static PE information: No import functions for PE file found

Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1639199932.000000007FE39000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1638705530.000000000255D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: is-UT7AG.tmp.1.dr

Binary string: ASSOCIATORS OF {Win32_LogicalDisk.DeviceID="WQLDeviceID"} WHERE AssocClass = Win32_LogicalDiskToPartition KEYSONLY"} WHERE AssocClass = Win32_DiskDriveToDiskPartition KEYSONLYASSOCIATORS OF {Win32_DiskPartition.DeviceID=""Select Model, SerialNumber from Win32_DiskDrive WHERE DeviceID="SerialNumberModelPnpInstanceIDSYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%s\Connectionroot\wmi OR DeviceName="\\DEVICE\\SELECT InstanceName, DeviceName FROM MSNdis_EnumerateAdapter WHERE DeviceName="\\DEVICE\\InstanceNameDeviceName OR InstanceName="SELECT InstanceName, NdisPermanentAddress FROM MSNdis_EthernetPermanentAddress WHERE InstanceName="AddressNdisPermanentAddressWin32_NetworkAdapter.DeviceID="EnableDisableReturnValueTRUESELECT DeviceID, PermanentAddress FROM MSFT_NetAdapter WHERE (Virtual = OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%") AND (InterfaceType = 6 OR InterfaceType = 71) AND NOT NdisPhysicalMedium = 10FALSEroot\StandardCimv2PermanentAddressGUIDSELECT GUID, DeviceID FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE AND (PNPDeviceID LIKE "PCI\\%" OR PNPDeviceID LIKE "USB\\%" OR PNPDeviceID LIKE "SD\\%" OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%" OR PNPDeviceID LIKE "%BDRV\\%") AND NOT ServiceName LIKE "usbrndis%"Winmgmtroot\cimv2Select Name, SerialNumber, SMBIOSBIOSVersion, Manufacturer, Version from Win32_BIOSSelect Model from Win32_DiskDriveParallelsVMwareSMBIOSBIOSVersionNameManufacturerVirtualBoxVersionXenProductSelect Product, Manufacturer from Win32_BaseBoardProcessorIdSelect ProcessorId, Name, Manufacturer from Win32_ProcessorCapacitySelect Capacity from Win32_PhysicalMemorySbieDll.dll

Source: classification engine

Classification label: sus26.evad.winEXE@21/57@0/0

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe

Code function: GetModuleFileNameW,GetLastError,GetLastError,GetLastError,OpenSCManagerW,GetLastError,GetLastError,GetLastError,CreateServiceW,GetLastError,GetLastError,ChangeServiceConfig2W,GetLastError,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,

13_2_004232C3

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 15_2_6C3F6F7F __EH_prolog3_GS,CoCreateInstance,SysFreeString,CoSetProxyBlanket,

15_2_6C3F6F7F

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe

Code function: 13_2_00423A4B __EH_prolog3_GS,EnterCriticalSection,LeaveCriticalSection,CreateWellKnownSid,StartServiceCtrlDispatcherW,GetLastError,GetLastError,GetLastError,

13_2_00423A4B

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe

Code function: 13_2_00423A4B __EH_prolog3_GS,EnterCriticalSection,LeaveCriticalSection,CreateWellKnownSid,StartServiceCtrlDispatcherW,GetLastError,GetLastError,GetLastError,

13_2_00423A4B

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp

File created: C:\Program Files (x86)\Letasoft Sound Booster

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7104:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:916:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Mutant created: \Sessions\1\BaseNamedObjects\SetupMutex{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1700:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4208:120:WilError_03

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

File created: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp

Jump to behavior

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe

Command line argument: ^oC

13_2_00436EB0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: SoundBoosterTaskHost.exe	String found in binary or memory: -InstallAPO
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe	String found in binary or memory: /LOADINF="filename"

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-RARHB.tmp\_isetup\_setup64.tmp

Evasive API call chain: GetCommandLine,DecisionNodes,ExitProcess

graph_5-67

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe	Process created: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp "C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp" /SL5="$20446,6484768,412160,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe"
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-RARHB.tmp\_isetup\_setup64.tmp helper 105 0x544
Source: C:\Users\user\AppData\Local\Temp\is-RARHB.tmp\_isetup\_setup64.tmp	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process created: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe "C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe" -InstallAPO
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process created: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe "C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe" -install
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process created: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe "C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe" -Activate
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe	Process created: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp "C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp" /SL5="$20446,6484768,412160,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-RARHB.tmp\_isetup\_setup64.tmp helper 105 0x544	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process created: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe "C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe" -InstallAPO	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process created: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe "C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe" -install	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process created: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe "C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe" -Activate	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RARHB.tmp\_isetup\_setup64.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: apocontrol.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: audioeng.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: audiosrv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: audiosrvpolicymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: hrtfapo.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.media.devices.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: comppkgsup.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coreaudiopolicymanagerext.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.applicationmodel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: turboactivate.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: licensemanagersvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: licensemanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: clipc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: Letasoft Sound Booster.lnk.1.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe
Source: Diagnostics Report Creator.lnk.1.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe
Source: Letasoft Sound Booster.lnk0.1.dr	LNK file: ..\..\..\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Automated click: Next >

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

Static file information: File size 6973352 > 1048576

Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Wyatt\Documents\Visual Studio 2005\Projects\limelm-native-clients\bin\Release\TurboActivate.pdb source: is-470JU.tmp.1.dr
Source:	Binary string: C:\pre\soft\compress\x64\CompressGainLimiter.pdb source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 8_2_00BE20D3 __EH_prolog3_GS,LoadLibraryW,GetProcAddress,FreeLibrary,

8_2_00BE20D3

Source: initial sample

Static PE information: section where entry point is pointing to: .vmp1

Source: is-9OI0H.tmp.1.dr	Static PE information: section name: RT_CODE
Source: is-9OI0H.tmp.1.dr	Static PE information: section name: RT_CONST
Source: is-VDV7H.tmp.1.dr	Static PE information: section name: .text1
Source: is-VDV7H.tmp.1.dr	Static PE information: section name: .data1
Source: is-VDV7H.tmp.1.dr	Static PE information: section name: .trace
Source: is-1AQ6S.tmp.1.dr	Static PE information: section name: _RDATA
Source: is-4PLJA.tmp.1.dr	Static PE information: section name: .giats
Source: is-4PLJA.tmp.1.dr	Static PE information: section name: .vmp0
Source: is-4PLJA.tmp.1.dr	Static PE information: section name: .vmp1
Source: is-VDVIU.tmp.1.dr	Static PE information: section name: .vmp0
Source: is-VDVIU.tmp.1.dr	Static PE information: section name: .vmp1

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BEDAC6 push ecx; ret	8_2_00BEDAD9
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BED5A7 push ecx; ret	8_2_00BED5BA
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: 13_2_00424932 push ecx; ret	13_2_00424945
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: 13_2_00424F66 push ecx; ret	13_2_00424F79
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C43390F push ecx; ret	15_2_6C433932
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C4334A1 push ecx; ret	15_2_6C4334B4

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\SBH.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-EMCVK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Users\user\AppData\Local\Temp\is-RARHB.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\UltraActivate.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-P02PU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-470JU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\Logger64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-HJ5VT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterHelper.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-UT7AG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\Filters\gain.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-U6OVG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\Logger32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\Filters\limit.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe	File created: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-FO5GS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-GVBLF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-HCK3C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-3TFGO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-M1S53.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-1AQ6S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-4PLJA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-VDVIU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-VDV7H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\Lang\SoundBoosterRU.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\Lang\SoundBoosterBR.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-V5IV6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-9OI0H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\ApoControl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Program Files (x86)\Letasoft Sound Booster\is-Q41UV.tmp	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-04-25 #001.txt			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\ProgramData\Letasoft\Sound Booster\Logs\Setup Log 2024-04-25 #001.txt.log			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Letasoft Sound Booster	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Letasoft Sound Booster\Letasoft Sound Booster.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Letasoft Sound Booster\Diagnostics Report Creator.lnk	Jump to behavior

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe

Code function: 13_2_00423A4B __EH_prolog3_GS,EnterCriticalSection,LeaveCriticalSection,CreateWellKnownSid,StartServiceCtrlDispatcherW,GetLastError,GetLastError,GetLastError,

13_2_00423A4B

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 15_2_6C4080C1 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

15_2_6C4080C1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Contains functionality to detect virtual machines (IN, VMware)

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 15_2_6C3F555F in eax, dx

15_2_6C3F555F

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SoundBoosterTaskHost.exe, 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: ?LASSOCIATORS OF {WIN32_LOGICALDISK.DEVICEID="WQLDEVICEID"} WHERE ASSOCCLASS = WIN32_LOGICALDISKTOPARTITION KEYSONLY"} WHERE ASSOCCLASS = WIN32_DISKDRIVETODISKPARTITION KEYSONLYASSOCIATORS OF {WIN32_DISKPARTITION.DEVICEID=""SELECT MODEL, SERIALNUMBER FROM WIN32_DISKDRIVE WHERE DEVICEID="SERIALNUMBERMODELPNPINSTANCEIDSYSTEM\CURRENTCONTROLSET\CONTROL\NETWORK\{4D36E972-E325-11CE-BFC1-08002BE10318}\%S\CONNECTIONROOT\WMI OR DEVICENAME="\\DEVICE\\SELECT INSTANCENAME, DEVICENAME FROM MSNDIS_ENUMERATEADAPTER WHERE DEVICENAME="\\DEVICE\\INSTANCENAMEDEVICENAME OR INSTANCENAME="SELECT INSTANCENAME, NDISPERMANENTADDRESS FROM MSNDIS_ETHERNETPERMANENTADDRESS WHERE INSTANCENAME="ADDRESSNDISPERMANENTADDRESSWIN32_NETWORKADAPTER.DEVICEID="ENABLEDISABLERETURNVALUETRUESELECT DEVICEID, PERMANENTADDRESS FROM MSFT_NETADAPTER WHERE (VIRTUAL = OR PNPDEVICEID LIKE "XEN%\\%" OR PNPDEVICEID LIKE "VMBUS\\%") AND (INTERFACETYPE = 6 OR INTERFACETYPE = 71) AND NOT NDISPHYSICALMEDIUM = 10FALSEROOT\STANDARDCIMV2PERMANENTADDRESSGUIDSELECT GUID, DEVICEID FROM WIN32_NETWORKADAPTER WHERE PHYSICALADAPTER = TRUE AND (PNPDEVICEID LIKE "PCI\\%" OR PNPDEVICEID LIKE "USB\\%" OR PNPDEVICEID LIKE "SD\\%" OR PNPDEVICEID LIKE "XEN%\\%" OR PNPDEVICEID LIKE "VMBUS\\%" OR PNPDEVICEID LIKE "%BDRV\\%") AND NOT SERVICENAME LIKE "USBRNDIS%"WINMGMTROOT\CIMV2SELECT NAME, SERIALNUMBER, SMBIOSBIOSVERSION, MANUFACTURER, VERSION FROM WIN32_BIOSSELECT MODEL FROM WIN32_DISKDRIVEPARALLELSVMWARESMBIOSBIOSVERSIONNAMEMANUFACTURERVIRTUALBOXVERSIONXENPRODUCTSELECT PRODUCT, MANUFACTURER FROM WIN32_BASEBOARDPROCESSORIDSELECT PROCESSORID, NAME, MANUFACTURER FROM WIN32_PROCESSORCAPACITYSELECT CAPACITY FROM WIN32_PHYSICALMEMORYSBIEDLL.DLL
Source: SoundBoosterTaskHost.exe	Binary or memory string: SBIEDLL.DLL
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-UT7AG.tmp.1.dr	Binary or memory string: ASSOCIATORS OF {WIN32_LOGICALDISK.DEVICEID="WQLDEVICEID"} WHERE ASSOCCLASS = WIN32_LOGICALDISKTOPARTITION KEYSONLY"} WHERE ASSOCCLASS = WIN32_DISKDRIVETODISKPARTITION KEYSONLYASSOCIATORS OF {WIN32_DISKPARTITION.DEVICEID=""SELECT MODEL, SERIALNUMBER FROM WIN32_DISKDRIVE WHERE DEVICEID="SERIALNUMBERMODELPNPINSTANCEIDSYSTEM\CURRENTCONTROLSET\CONTROL\NETWORK\{4D36E972-E325-11CE-BFC1-08002BE10318}\%S\CONNECTIONROOT\WMI OR DEVICENAME="\\DEVICE\\SELECT INSTANCENAME, DEVICENAME FROM MSNDIS_ENUMERATEADAPTER WHERE DEVICENAME="\\DEVICE\\INSTANCENAMEDEVICENAME OR INSTANCENAME="SELECT INSTANCENAME, NDISPERMANENTADDRESS FROM MSNDIS_ETHERNETPERMANENTADDRESS WHERE INSTANCENAME="ADDRESSNDISPERMANENTADDRESSWIN32_NETWORKADAPTER.DEVICEID="ENABLEDISABLERETURNVALUETRUESELECT DEVICEID, PERMANENTADDRESS FROM MSFT_NETADAPTER WHERE (VIRTUAL = OR PNPDEVICEID LIKE "XEN%\\%" OR PNPDEVICEID LIKE "VMBUS\\%") AND (INTERFACETYPE = 6 OR INTERFACETYPE = 71) AND NOT NDISPHYSICALMEDIUM = 10FALSEROOT\STANDARDCIMV2PERMANENTADDRESSGUIDSELECT GUID, DEVICEID FROM WIN32_NETWORKADAPTER WHERE PHYSICALADAPTER = TRUE AND (PNPDEVICEID LIKE "PCI\\%" OR PNPDEVICEID LIKE "USB\\%" OR PNPDEVICEID LIKE "SD\\%" OR PNPDEVICEID LIKE "XEN%\\%" OR PNPDEVICEID LIKE "VMBUS\\%" OR PNPDEVICEID LIKE "%BDRV\\%") AND NOT SERVICENAME LIKE "USBRNDIS%"WINMGMTROOT\CIMV2SELECT NAME, SERIALNUMBER, SMBIOSBIOSVERSION, MANUFACTURER, VERSION FROM WIN32_BIOSSELECT MODEL FROM WIN32_DISKDRIVEPARALLELSVMWARESMBIOSBIOSVERSIONNAMEMANUFACTURERVIRTUALBOXVERSIONXENPRODUCTSELECT PRODUCT, MANUFACTURER FROM WIN32_BASEBOARDPROCESSORIDSELECT PROCESSORID, NAME, MANUFACTURER FROM WIN32_PROCESSORCAPACITYSELECT CAPACITY FROM WIN32_PHYSICALMEMORYSBIEDLL.DLL

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: __EH_prolog3_GS_align,GetAdaptersInfo,GetAdaptersInfo,GetAdaptersInfo,CoInitializeEx,CoCreateInstance,OpenSCManagerW,OpenServiceW,QueryServiceConfigW,GetLastError,LocalAlloc,QueryServiceConfigW,ChangeServiceConfigW,LocalFree,CloseServiceHandle,CloseServiceHandle,CoSetProxyBlanket,SysFreeString,SysFreeString,SysFreeString,SysFreeString,VariantClear,SysStringLen,VariantClear,VariantClear,SysStringLen,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,VariantClear,VariantClear,SysFreeString,SysStringLen,VariantClear,SysFreeString,SysStringLen,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,SysFreeString,SysFreeString,VariantClear,CoUninitialize,

15_2_6C3F7471

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\SBH.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\UltraActivate.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\is-P02PU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\is-470JU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\Logger64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\is-HJ5VT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterHelper.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\is-UT7AG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\Filters\gain.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\is-U6OVG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\Logger32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\Filters\limit.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\is-FO5GS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-HCK3C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-3TFGO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-1AQ6S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\is-4PLJA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\is-VDVIU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-VDV7H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\Lang\SoundBoosterBR.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\Lang\SoundBoosterRU.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\is-V5IV6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\is-9OI0H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Letasoft Sound Booster\is-Q41UV.tmp	Jump to dropped file

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_15-71498

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes			graph_8-15778
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes			graph_13-12292

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809			Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BE5B90 _wcslen,FindFirstFileW,FindNextFileW,FindClose,		8_2_00BE5B90
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BE3C78 __EH_prolog3_GS,FindFirstFileW,_wcslen,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,		8_2_00BE3C78

Source: is-Q41UV.tmp.1.dr	Binary or memory string: Hooks\HookEngineLhook.cppCHookEngineLhook::InstallHookALREADY INSTALLEDLhook_SetHook() FAILEDCHookEngineLhook::RemoveHookLhook_Unhook() FAILED SOFTWARE\Letasoft\Sound BoosterMLSCKLHookSharedSoundBoosterdbgmondevenvdwwinjs7jitvsjitdebuggermonitortaskmgrdxerrdllhostsndvoltaskengrundll32werfaultwuauclttsvncachedwmsndvol32errlookconhostexplorerravcpl642gistraynotifiersyntphelpermssecessyntpenhsidebarregeditnotepad++wcouriersourcetreeasscrprotaskhostsvchostwidgetstaskhostwtaskhostexsoftware_reporter_toolsihostcoresyncagsserviceadobeipcbrokeradobe desktop servicemsvsmonrtkngui64dexploresrspremiumpanelvmware-unity-helpervmplayervmware-vmxqt5appwrapperrarextloaderRadeonSettingsunins000turboactivatedbgviewmsascuilmsascuismartscreenKLHookDll.cppCKLHookProcess::AttachAPIsAttachAPIs: m_bIsProcessIgnoredAttaching to api failed more than allowed number of times. api=.exeCKLHookProcess::OnDllProcessDetachDLL_PROCESS_DETACH starting=DetachAPIs() completedSound BoosterCKLHookProcess::Initializecalled for process id=CreateGlobalStructs() FAILEDIVSTManager::Initialize SUCCEEDED FAILEDInitShared FAILEDFAILED TO GET PROCESS START TIME`H
Source: SoundBoosterTaskHost.exe	Binary or memory string: VMware
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2063898887.000000000077D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SoundBoosterTaskHost.exe, 0000000F.00000002.2048357672.0000000000978000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;
Source: SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2063898887.000000000077D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\{
Source: is-UT7AG.tmp.1.dr	Binary or memory string: ASSOCIATORS OF {Win32_LogicalDisk.DeviceID="WQLDeviceID"} WHERE AssocClass = Win32_LogicalDiskToPartition KEYSONLY"} WHERE AssocClass = Win32_DiskDriveToDiskPartition KEYSONLYASSOCIATORS OF {Win32_DiskPartition.DeviceID=""Select Model, SerialNumber from Win32_DiskDrive WHERE DeviceID="SerialNumberModelPnpInstanceIDSYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%s\Connectionroot\wmi OR DeviceName="\\DEVICE\\SELECT InstanceName, DeviceName FROM MSNdis_EnumerateAdapter WHERE DeviceName="\\DEVICE\\InstanceNameDeviceName OR InstanceName="SELECT InstanceName, NdisPermanentAddress FROM MSNdis_EthernetPermanentAddress WHERE InstanceName="AddressNdisPermanentAddressWin32_NetworkAdapter.DeviceID="EnableDisableReturnValueTRUESELECT DeviceID, PermanentAddress FROM MSFT_NetAdapter WHERE (Virtual = OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%") AND (InterfaceType = 6 OR InterfaceType = 71) AND NOT NdisPhysicalMedium = 10FALSEroot\StandardCimv2PermanentAddressGUIDSELECT GUID, DeviceID FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE AND (PNPDeviceID LIKE "PCI\\%" OR PNPDeviceID LIKE "USB\\%" OR PNPDeviceID LIKE "SD\\%" OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%" OR PNPDeviceID LIKE "%BDRV\\%") AND NOT ServiceName LIKE "usbrndis%"Winmgmtroot\cimv2Select Name, SerialNumber, SMBIOSBIOSVersion, Manufacturer, Version from Win32_BIOSSelect Model from Win32_DiskDriveParallelsVMwareSMBIOSBIOSVersionNameManufacturerVirtualBoxVersionXenProductSelect Product, Manufacturer from Win32_BaseBoardProcessorIdSelect ProcessorId, Name, Manufacturer from Win32_ProcessorCapacitySelect Capacity from Win32_PhysicalMemorySbieDll.dll
Source: SoundBoosterTaskHost.exe, 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: ?lASSOCIATORS OF {Win32_LogicalDisk.DeviceID="WQLDeviceID"} WHERE AssocClass = Win32_LogicalDiskToPartition KEYSONLY"} WHERE AssocClass = Win32_DiskDriveToDiskPartition KEYSONLYASSOCIATORS OF {Win32_DiskPartition.DeviceID=""Select Model, SerialNumber from Win32_DiskDrive WHERE DeviceID="SerialNumberModelPnpInstanceIDSYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%s\Connectionroot\wmi OR DeviceName="\\DEVICE\\SELECT InstanceName, DeviceName FROM MSNdis_EnumerateAdapter WHERE DeviceName="\\DEVICE\\InstanceNameDeviceName OR InstanceName="SELECT InstanceName, NdisPermanentAddress FROM MSNdis_EthernetPermanentAddress WHERE InstanceName="AddressNdisPermanentAddressWin32_NetworkAdapter.DeviceID="EnableDisableReturnValueTRUESELECT DeviceID, PermanentAddress FROM MSFT_NetAdapter WHERE (Virtual = OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%") AND (InterfaceType = 6 OR InterfaceType = 71) AND NOT NdisPhysicalMedium = 10FALSEroot\StandardCimv2PermanentAddressGUIDSELECT GUID, DeviceID FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE AND (PNPDeviceID LIKE "PCI\\%" OR PNPDeviceID LIKE "USB\\%" OR PNPDeviceID LIKE "SD\\%" OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%" OR PNPDeviceID LIKE "%BDRV\\%") AND NOT ServiceName LIKE "usbrndis%"Winmgmtroot\cimv2Select Name, SerialNumber, SMBIOSBIOSVersion, Manufacturer, Version from Win32_BIOSSelect Model from Win32_DiskDriveParallelsVMwareSMBIOSBIOSVersionNameManufacturerVirtualBoxVersionXenProductSelect Product, Manufacturer from Win32_BaseBoardProcessorIdSelect ProcessorId, Name, Manufacturer from Win32_ProcessorCapacitySelect Capacity from Win32_PhysicalMemorySbieDll.dll
Source: is-HJ5VT.tmp.1.dr	Binary or memory string: Hooks\HookEngineLhook.cppCHookEngineLhook::InstallHookALREADY INSTALLEDLhook_SetHook() FAILEDCHookEngineLhook::RemoveHookLhook_Unhook() FAILED %s%sSOFTWARE\Letasoft\Sound BoosterMLSCKLHookSharedSoundBoosterdbgmondevenvdwwinjs7jitvsjitdebuggermonitortaskmgrdxerrdllhostsndvoltaskengrundll32werfaultwuauclttsvncachedwmsndvol32errlookconhostexplorerravcpl642gistraynotifiersyntphelpermssecessyntpenhsidebarregeditnotepad++wcouriersourcetreeasscrprotaskhostsvchostwidgetstaskhostwtaskhostexsoftware_reporter_toolsihostcoresyncagsserviceadobeipcbrokeradobe desktop servicemsvsmonrtkngui64dexploresrspremiumpanelvmware-unity-helpervmplayervmware-vmxqt5appwrapperrarextloaderRadeonSettingsunins000turboactivatedbgviewmsascuilmsascuismartscreenKLHookDll.cppCKLHookProcess::AttachAPIsAttachAPIs: m_bIsProcessIgnoredAttaching to api failed more than allowed number of times. api=.exeCKLHookProcess::OnDllProcessDetachDLL_PROCESS_DETACH starting=DetachAPIs() completedSound BoosterCKLHookProcess::Initializecalled for process id=CreateGlobalStructs() FAILEDIVSTManager::Initialize SUCCEEDED FAILEDInitShared FAILEDFAILED TO GET PROCESS START TIME

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 8_2_00BF0667 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

8_2_00BF0667

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 8_2_00BE20D3 __EH_prolog3_GS,LoadLibraryW,GetProcAddress,FreeLibrary,

8_2_00BE20D3

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BF3D31 mov eax, dword ptr fs:[00000030h]	8_2_00BF3D31
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: 13_2_0042AEAB mov eax, dword ptr fs:[00000030h]	13_2_0042AEAB
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C474C77 mov eax, dword ptr fs:[00000030h]	15_2_6C474C77
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C47FCF6 mov eax, dword ptr fs:[00000030h]	15_2_6C47FCF6
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C47FCB2 mov eax, dword ptr fs:[00000030h]	15_2_6C47FCB2

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 8_2_00BFA26A GetProcessHeap,

8_2_00BFA26A

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BED87A SetUnhandledExceptionFilter,	8_2_00BED87A
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BE7180 UnhandledExceptionFilter,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,UnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00BE7180
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BED171 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00BED171
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BF0667 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00BF0667
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 8_2_00BED71B IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00BED71B
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: 13_2_00424A45 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_00424A45
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: 13_2_00427B17 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_00427B17
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: 13_2_00424BB8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_00424BB8
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe	Code function: 13_2_00424D17 SetUnhandledExceptionFilter,	13_2_00424D17
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C432F41 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_6C432F41
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C433B06 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_6C433B06
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C469BB2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_6C469BB2

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-RARHB.tmp\_isetup\_setup64.tmp helper 105 0x544			Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"			Jump to behavior

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 15_2_6C3F31FB AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,

15_2_6C3F31FB

Source: C:\Users\user\AppData\Local\Temp\is-RARHB.tmp\_isetup\_setup64.tmp

Code function: 5_2_0000000140001000 GetNamedSecurityInfoW,AllocateAndInitializeSid,SetEntriesInAclW,SetNamedSecurityInfoW,LocalFree,FreeSid,LocalFree,GetLastError,

5_2_0000000140001000

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 8_2_00BED8D5 cpuid

8_2_00BED8D5

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	15_2_6C486F2A
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: GetLocaleInfoW,	15_2_6C47DE7E
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: EnumSystemLocalesW,	15_2_6C47D8C5
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	15_2_6C48788B
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: GetLocaleInfoW,	15_2_6C487590
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	15_2_6C4876B6
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: GetLocaleInfoW,	15_2_6C4877BC
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: GetLocaleInfoW,	15_2_6C487125
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: EnumSystemLocalesW,	15_2_6C4871CC
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: EnumSystemLocalesW,	15_2_6C487217
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: EnumSystemLocalesW,	15_2_6C4872B2
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	15_2_6C48733D

Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Queries volume information: C:\ProgramData\DIBsection\20986331705021ca58edc424.96250074 VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Queries volume information: C:\ProgramData\DIBsection\20986331705021ca58edc424.96250074 VolumeInformation	Jump to behavior

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe

Code function: 13_2_004210C4 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z,__EH_prolog3,CreateNamedPipeW,CreateThread,SetThreadPriority,ResumeThread,CloseHandle,

13_2_004210C4

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 8_2_00BEB900 GetLocalTime,SystemTimeToFileTime,FileTimeToDosDateTime,

8_2_00BEB900

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 8_2_00BF5576 _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

8_2_00BF5576

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe

Code function: 8_2_00BE1EE8 NetWkstaGetInfo,NetApiBufferFree,GetVersionExW,GetVersionExW,GetVersionExW,

8_2_00BE1EE8

Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C448197 socket,socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,__fprintf_l,send,recv,closesocket,closesocket,closesocket,closesocket,closesocket,		15_2_6C448197
Source: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe	Code function: 15_2_6C4402AC ___from_strstr_to_strchr,htons,htons,htons,bind,bind,htons,htons,bind,getsockname,WSAGetLastError,WSAGetLastError,		15_2_6C4402AC

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	4 Command and Scripting Interpreter	14 Windows Service	14 Windows Service	2 Masquerading	OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	12 Service Execution	1 Registry Run Keys / Startup Folder	12 Process Injection	1 Virtualization/Sandbox Evasion	LSASS Memory	121 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	31 Native API	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	12 Process Injection	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	NTDS	2 System Owner/User Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Regsvr32	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	43 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe	3%	ReversingLabs
SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe	1%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Program Files (x86)\Letasoft Sound Booster\ApoControl.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\ApoControl.dll (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\Letasoft Sound Booster\Filters\gain.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\Filters\gain.dll (copy)	0%	Virustotal	Browse
C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-1AQ6S.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-VDV7H.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\Filters\limit.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\Lang\SoundBoosterBR.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\Lang\SoundBoosterRU.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-3TFGO.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-HCK3C.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\Logger32.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\Logger64.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\SBH.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterHelper.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\UltraActivate.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-470JU.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-4PLJA.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-9OI0H.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-EMCVK.tmp	4%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-FO5GS.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-GVBLF.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-HJ5VT.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-M1S53.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-P02PU.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-Q41UV.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-U6OVG.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-UT7AG.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-V5IV6.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\is-VDVIU.tmp	0%	ReversingLabs
C:\Program Files (x86)\Letasoft Sound Booster\unins000.exe (copy)	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-RARHB.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp	4%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://www.dk-soft.org/	0%	URL Reputation	safe
http://subca.ocsp-certum.com05	0%	URL Reputation	safe
http://subca.ocsp-certum.com02	0%	URL Reputation	safe
http://subca.ocsp-certum.com01	0%	URL Reputation	safe
http://ccsca2021.ocsp-certum.com05	0%	URL Reputation	safe
http://www.remobjects.com/ps	0%	URL Reputation	safe
http://www.innosetup.com/	0%	Avira URL Cloud	safe
https://wyday.com/limelm/help/faq/#fix-broken-wmi	0%	Avira URL Cloud	safe
https://wyday.com/limelm/buy-redirect/%u/admin	0%	Avira URL Cloud	safe
https://wyday.com/limelm/api/rest/httpsSignature	0%	Avira URL Cloud	safe
http://html4/loose.dtd	0%	Avira URL Cloud	safe
https://www.letasoft.com0	0%	Avira URL Cloud	safe
https://www.letasoft.com)	0%	Avira URL Cloud	safe
https://www.letasoft.com0https://www.letasoft.com0https://www.letasoft.com	0%	Avira URL Cloud	safe
http://www.innosetup.com/	2%	Virustotal		Browse
https://wyday.com/limelm/help/faq/#fix-broken-wmi	0%	Virustotal		Browse
https://curl.se/docs/alt-svc.html	0%	Avira URL Cloud	safe
https://wyday.com/limelm/buy-redirect/%u/admin	0%	Virustotal		Browse
http://.css	0%	Avira URL Cloud	safe
http://wyday.com/limelm/api/rest/	0%	Avira URL Cloud	safe
https://wyday.com/limelm/help/faq/#fix-broken-wmivalTranslationtitlestartstitlepluralstitlesingleact	0%	Avira URL Cloud	safe
https://sectigo.com/CPS0U	0%	Avira URL Cloud	safe
https://www.letasoft.comq	0%	Avira URL Cloud	safe
https://curl.se/docs/alt-svc.html	0%	Virustotal		Browse
https://curl.se/docs/alt-svc.html#	0%	Avira URL Cloud	safe
https://wyday.com/limelm/api/rest/httpsSignature	0%	Virustotal		Browse
http://.jpg	0%	Avira URL Cloud	safe
https://wyday.com/limelm/api/rest/	0%	Avira URL Cloud	safe
https://wyday.com/limelm/help/faq/#fix-broken-wmivalTranslationtitlestartstitlepluralstitlesingleact	0%	Virustotal		Browse
https://sectigo.com/CPS0U	0%	Virustotal		Browse
https://curl.se/docs/alt-svc.html#	0%	Virustotal		Browse
https://wyday.com/limelm/api/rest/	0%	Virustotal		Browse
http://wyday.com/limelm/api/rest/	0%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.innosetup.com/	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1639199932.000000007FCE0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1638705530.0000000002400000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000000.1640080224.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-EMCVK.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://html4/loose.dtd	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, SoundBoosterTaskHost.exe, 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmp, is-VDVIU.tmp.1.dr, is-UT7AG.tmp.1.dr	false	Avira URL Cloud: safe	low
https://wyday.com/limelm/help/faq/#fix-broken-wmi	is-A00SO.tmp.1.dr, is-Q7VFD.tmp.1.dr, is-0B8RS.tmp.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.certum.pl/ctsca2021.crl0o	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false		high
http://repository.certum.pl/ctnca.cer09	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false		high
https://wyday.com/limelm/api/rest/httpsSignature	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, SoundBoosterTaskHost.exe, 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmp, is-VDVIU.tmp.1.dr, is-UT7AG.tmp.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://wyday.com/limelm/buy-redirect/%u/admin	is-470JU.tmp.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.certum.pl/ctnca.crl0k	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false		high
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe	false		high
https://www.letasoft.com	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.2065768674.000000000228D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2062141734.00000000022ED000.00000004.00001000.00020000.00000000.sdmp	false		high
http://ccsca2021.crl.certum.pl/ccsca2021.crl0s	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false		high
https://www.letasoft.com0	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false	Avira URL Cloud: safe	unknown
https://www.letasoft.com)	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.2065768674.000000000228D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2062141734.00000000022ED000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://www.letasoft.com0https://www.letasoft.com0https://www.letasoft.com	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1637946717.0000000002400000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.1641431576.00000000031F0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://curl.se/docs/alt-svc.html	is-UT7AG.tmp.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.certum.pl/CPS0	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false		high
http://.css	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, SoundBoosterTaskHost.exe, 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmp, is-VDVIU.tmp.1.dr, is-UT7AG.tmp.1.dr	false	Avira URL Cloud: safe	low
http://wyday.com/limelm/api/rest/	SoundBoosterTaskHost.exe, 0000000F.00000002.2048357672.0000000000978000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://wyday.com/limelm/help/faq/#fix-broken-wmivalTranslationtitlestartstitlepluralstitlesingleact	is-470JU.tmp.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://repository.certum.pl/ccsca2021.cer0	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false		high
https://sectigo.com/CPS0U	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.letasoft.comq	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.2065768674.000000000228D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2062141734.00000000022ED000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dk-soft.org/	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.2065768674.0000000002226000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1637946717.0000000002400000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2062141734.0000000002247000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.1641431576.00000000031F0000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://curl.se/docs/alt-svc.html#	SoundBoosterTaskHost.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.letasoft.com/ru/help/#b1	is-0B8RS.tmp.1.dr	false		high
https://www.letasoft.com/ru/help/#b5	is-0B8RS.tmp.1.dr	false		high
http://repository.certum.pl/ctsca2021.cer0	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false		high
http://subca.ocsp-certum.com05	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false	URL Reputation: safe	unknown
http://subca.ocsp-certum.com02	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false	URL Reputation: safe	unknown
http://subca.ocsp-certum.com01	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false	URL Reputation: safe	unknown
http://www.letasoft.com	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-1AQ6S.tmp.1.dr, is-VDV7H.tmp.1.dr	false		high
http://crl.certum.pl/ctnca2.crl0l	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false		high
http://repository.certum.pl/ctnca2.cer09	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false		high
https://www.letasoft.com/help/#b5	is-A00SO.tmp.1.dr, is-Q7VFD.tmp.1.dr	false		high
https://secure.comodo.com/CPS0L	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-470JU.tmp.1.dr, is-UT7AG.tmp.1.dr	false		high
http://ccsca2021.ocsp-certum.com05	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false	URL Reputation: safe	unknown
https://www.letasoft.com/help/#b1	is-A00SO.tmp.1.dr, is-Q7VFD.tmp.1.dr	false		high
http://www.remobjects.com/ps	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1639199932.000000007FCE0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, 00000000.00000003.1638705530.0000000002400000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000000.1640080224.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-EMCVK.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr	false	URL Reputation: safe	unknown
http://.jpg	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, SoundBoosterTaskHost.exe, 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmp, is-VDVIU.tmp.1.dr, is-UT7AG.tmp.1.dr	false	Avira URL Cloud: safe	low
http://www.certum.pl/CPS0	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe, is-U6OVG.tmp.1.dr, is-FO5GS.tmp.1.dr, is-V5IV6.tmp.1.dr, is-EMCVK.tmp.1.dr, is-Q41UV.tmp.1.dr, is-VDVIU.tmp.1.dr, is-P02PU.tmp.1.dr, is-HCK3C.tmp.1.dr, is-GVBLF.tmp.1.dr, is-4PLJA.tmp.1.dr, is-M1S53.tmp.1.dr, SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp.0.dr, is-HJ5VT.tmp.1.dr, is-3TFGO.tmp.1.dr, is-9OI0H.tmp.1.dr	false		high
https://wyday.com/limelm/api/rest/	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp, 00000001.00000003.2056520577.00000000064ED000.00000004.00001000.00020000.00000000.sdmp, SoundBoosterTaskHost.exe, SoundBoosterTaskHost.exe, 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmp, SoundBoosterTaskHost.exe, 0000000F.00000002.2048357672.0000000000978000.00000004.00000020.00020000.00000000.sdmp, is-VDVIU.tmp.1.dr, is-UT7AG.tmp.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431843
Start date and time:	2024-04-25 21:28:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe
Detection:	SUS
Classification:	sus26.evad.winEXE@21/57@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 97% Number of executed functions: 102 Number of non-executed functions: 321
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\Letasoft Sound Booster\Filters\gain.dll (copy)	3ud5fWWHHP.exe	Get hash	malicious	Socks5Systemz	Browse
	mDxw0fYXcL.exe	Get hash	malicious	Socks5Systemz	Browse
	3AJpLa42W3.exe	Get hash	malicious	Socks5Systemz	Browse
	4KYzwbWhyI.exe	Get hash	malicious	Socks5Systemz	Browse
	Ty0li34KWE.exe	Get hash	malicious	Socks5Systemz	Browse
	JtgFhcZpcx.exe	Get hash	malicious	Socks5Systemz	Browse
	pucZFJ63d7.exe	Get hash	malicious	Socks5Systemz	Browse
	SecuriteInfo.com.Trojan.Win32.Crypt.13970.25752.exe	Get hash	malicious	Socks5Systemz	Browse
	SecuriteInfo.com.Trojan.Win32.Crypt.8779.30796.exe	Get hash	malicious	Socks5Systemz	Browse
	SecuriteInfo.com.Trojan.Win32.Crypt.1178.11191.exe	Get hash	malicious	Socks5Systemz	Browse
C:\Program Files (x86)\Letasoft Sound Booster\ApoControl.dll (copy)	SecuriteInfo.com.Trojan.Win32.Crypt.13970.25752.exe	Get hash	malicious	Socks5Systemz	Browse
	SecuriteInfo.com.Trojan.Win32.Crypt.8779.30796.exe	Get hash	malicious	Socks5Systemz	Browse
	SecuriteInfo.com.Trojan.Win32.Crypt.1178.11191.exe	Get hash	malicious	Socks5Systemz	Browse

Created / dropped Files

C:\Program Files (x86)\Letasoft Sound Booster\ApoControl.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	208816
Entropy (8bit):	6.646069643453431
Encrypted:	false
SSDEEP:	6144:gwOh40q7GA3GjisAO70m3nIx0IjvaDvvD:K4d77mVSxBjvaDv7
MD5:	18CC066A5DAF36920CEA0094FAD8EE2F
SHA1:	624A394DDEF12E8CE588626DF20199565CCF1715
SHA-256:	B7EFD8423A3DAF6CE666AB52BCE1205D703069387678686849AC7E93AED061F6
SHA-512:	26715F812B36D0783017579C2D0A47171AEFB533B75193D87870DBA6273718100AAE966F653FA7353207078363D4E12CD35D81C1CF08878C992A9DA60330B420
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: SecuriteInfo.com.Trojan.Win32.Crypt.13970.25752.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Trojan.Win32.Crypt.8779.30796.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Trojan.Win32.Crypt.1178.11191.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y.U....y.U...d.y.U.....y...z...y...\|..y...}...y.<c...y..x.h.y.v.p..y.v.y...y.s....y......y.v.{...y.Rich.y.................PE..L.....ab...........!.........L......,........................................p............@.............................T............0..8................)...@..."......................................@............................................text............................... ..`.rdata..............................@..@.data...............................@....gfids..D...........................@..@.tls......... ......................@....rsrc...8....0......................@..@.reloc..."...@...$..................@..B........................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\Filters\gain.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	597688
Entropy (8bit):	6.6797399445991426
Encrypted:	false
SSDEEP:	12288:BaxfsiWQaokdQWLemvDWiBaJmq0OWvhSCQGwzRTFWOapLHaYT3paQfz:ExfsiPmhSCQ7tT5oHaC3pa2z
MD5:	0CEF09D078FF9367B418384D57B145DB
SHA1:	3041BF7F8EB4C04318B91270FE712F0EFE23F99F
SHA-256:	7B74B2E74A484E25954839A9DEF5F39E7DD03269B93A8577BF8E76D4BC16A766
SHA-512:	BAB9C045457415863A49684EBB2ADFFF84A2AC41A199943A6362E267FB7C8ACBE4B1F68E281C581B72B7E19CD1642E9C880688999B5730E5B0CBAB9C8EAD0F2A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: 3ud5fWWHHP.exe, Detection: malicious, Browse Filename: mDxw0fYXcL.exe, Detection: malicious, Browse Filename: 3AJpLa42W3.exe, Detection: malicious, Browse Filename: 4KYzwbWhyI.exe, Detection: malicious, Browse Filename: Ty0li34KWE.exe, Detection: malicious, Browse Filename: JtgFhcZpcx.exe, Detection: malicious, Browse Filename: pucZFJ63d7.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Trojan.Win32.Crypt.13970.25752.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Trojan.Win32.Crypt.8779.30796.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Trojan.Win32.Crypt.1178.11191.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<5R>xT<mxT<mxT<m}X3m{T<m.H2mmT<m.K6m.T<m.K7mrT<m.K/mqT<mxT=m.T<mxT<m[T<m.R:myT<m.t8myT<mRichxT<m........................PE..L...g[.V...........!.........*.......l....... ......................................................................`4..O....(..d.... ...................:...0...>................................................... ..4............................text............................... ..`.text1.............................. ..`.rdata....... ......................@..@.data........@...>..................@....data1...............V..............@....trace..`%.......&...j..............@..@.rsrc........ ......................@..@.reloc...P...0...R..................@..B........................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-1AQ6S.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	315064
Entropy (8bit):	6.503201411592494
Encrypted:	false
SSDEEP:	6144:yqNvComP+VN+f8+OlfoubbTjCNzTNj1AOXIoFoTwjfW:Tdfo6sF4ocwbW
MD5:	ABB08E6024CC803FF0BCA0095282DAEF
SHA1:	A090596845595DFBF31CC2A7F0804E70ABC37A7F
SHA-256:	6FFA2975FDE93C5764DA2E4CA2FCE35E1D30D1517233BE3371F917C1D2A13424
SHA-512:	F8CC34070190672160062957B5D237EDE55D09574CE4697B56F51250F1307B296FB2BA79618FBC331E795BD9050F9F047ACF80CDAB5A8D10312725BA7062381D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.Q!...!...!...g.=.....g.<.Z...g...?....}..(...!.......\.9. ...\... ...,... ...!.K. ...\... ...Rich!...........PE..d....Y.V.........." .....0..........`........................................0.......)....`..........................................2..X...h2..d................ .......:... ......0E..8...............................p............@...............................text..../.......0.................. ..`.rdata..d....@.......4..............@..@.data...xc...P.......6..............@....pdata... ......."...P..............@..@_RDATA..P............r..............@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-VDV7H.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	597688
Entropy (8bit):	6.6797399445991426
Encrypted:	false
SSDEEP:	12288:BaxfsiWQaokdQWLemvDWiBaJmq0OWvhSCQGwzRTFWOapLHaYT3paQfz:ExfsiPmhSCQ7tT5oHaC3pa2z
MD5:	0CEF09D078FF9367B418384D57B145DB
SHA1:	3041BF7F8EB4C04318B91270FE712F0EFE23F99F
SHA-256:	7B74B2E74A484E25954839A9DEF5F39E7DD03269B93A8577BF8E76D4BC16A766
SHA-512:	BAB9C045457415863A49684EBB2ADFFF84A2AC41A199943A6362E267FB7C8ACBE4B1F68E281C581B72B7E19CD1642E9C880688999B5730E5B0CBAB9C8EAD0F2A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<5R>xT<mxT<mxT<m}X3m{T<m.H2mmT<m.K6m.T<m.K7mrT<m.K/mqT<mxT=m.T<mxT<m[T<m.R:myT<m.t8myT<mRichxT<m........................PE..L...g[.V...........!.........*.......l....... ......................................................................`4..O....(..d.... ...................:...0...>................................................... ..4............................text............................... ..`.text1.............................. ..`.rdata....... ......................@..@.data........@...>..................@....data1...............V..............@....trace..`%.......&...j..............@..@.rsrc........ ......................@..@.reloc...P...0...R..................@..B........................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\Filters\limit.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	315064
Entropy (8bit):	6.503201411592494
Encrypted:	false
SSDEEP:	6144:yqNvComP+VN+f8+OlfoubbTjCNzTNj1AOXIoFoTwjfW:Tdfo6sF4ocwbW
MD5:	ABB08E6024CC803FF0BCA0095282DAEF
SHA1:	A090596845595DFBF31CC2A7F0804E70ABC37A7F
SHA-256:	6FFA2975FDE93C5764DA2E4CA2FCE35E1D30D1517233BE3371F917C1D2A13424
SHA-512:	F8CC34070190672160062957B5D237EDE55D09574CE4697B56F51250F1307B296FB2BA79618FBC331E795BD9050F9F047ACF80CDAB5A8D10312725BA7062381D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.Q!...!...!...g.=.....g.<.Z...g...?....}..(...!.......\.9. ...\... ...,... ...!.K. ...\... ...Rich!...........PE..d....Y.V.........." .....0..........`........................................0.......)....`..........................................2..X...h2..d................ .......:... ......0E..8...............................p............@...............................text..../.......0.................. ..`.rdata..d....@.......4..............@..@.data...xc...P.......6..............@....pdata... ......."...P..............@..@_RDATA..P............r..............@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\Lang\SoundBoosterBR.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17328
Entropy (8bit):	6.467854152012464
Encrypted:	false
SSDEEP:	192:zCoSPU8+fLLfUl96+PBo21ZtDYNDxEdRkVV/LkghFbr9LB+HPTSofousUwz2T3+y:9kU9vWI2mNDOQ/osFFBaSofousWu4zV
MD5:	04836C4C3228B9E5FCD8A995D38030C5
SHA1:	2D0E8049ED5392A2FE072E0FCDC30328B3CCA62F
SHA-256:	FAAA95455F9C516CBDB02E233533A7D44E7F6FFB3F850A2ED0482E553FF18E71
SHA-512:	38D1B94CB990120B5C846977BDC7109E62EE994241A2F84774C27395D6153DBD1F08562C08DAD3E66D8EC73C31AB9B18071308BAD7360AE4AC2A42E3A7E2AAE2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7.<.s.R.s.R.s.R...r.R...P.r.R.Richs.R.........PE..L.....ab...........!.........................................................@......sk....@.......................................... ...................)..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@..............ab........T...8...8.........ab....................GCTL....8....rdata..8...T....rdata$zzzdbg.... .......rsrc$01....."..8....rsrc$02................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\Lang\SoundBoosterRU.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17328
Entropy (8bit):	6.676071373993445
Encrypted:	false
SSDEEP:	384:FtzAeV53Ic52mNDOQafElFFBaSofousWu4vFt:FtzJ53Ic5h0Q0El1aSoQuSM
MD5:	56916EA3B9A10D00FEB9818C3068F4A8
SHA1:	16976619882AA3E1BE24AAACC775C16AA2AB5963
SHA-256:	C64E4820A0B8A29ECC71B4EF43C318D7CF2682270D39C53CB3980BEF0E24D2CC
SHA-512:	FA8BF43756F4C4E6A1951E566FB585C05B0CD2C89EE93B92212B9C14C36DE3FDA9D9F9C00B0F2729F4EEB4C2182436560BE271B48ED897375D115A68D9EB437D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7.<.s.R.s.R.s.R...r.R...P.r.R.Richs.R.........PE..L.....ab...........!.........................................................@............@.......................................... ...................)..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@..............ab........T...8...8.........ab....................GCTL....8....rdata..8...T....rdata$zzzdbg.... .......rsrc$01....."..P....rsrc$02................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\Lang\TurboActivate.xml (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	XML 1.0 document, ASCII text, with very long lines (307), with CRLF line terminators
Category:	dropped
Size (bytes):	5928
Entropy (8bit):	4.941433138906401
Encrypted:	false
SSDEEP:	96:xHd59ENEuceB3e5g7M8xvkeFwnnxOmp/T9eqsDYzPYFFWKDs9QxhkmEwIkmxI9GL:5d59ENEuJI5g7Vv7kxB/5PYFFWKY07de
MD5:	4D50E1FDE63F8505865CB6C9ED40F1C2
SHA1:	392D085138BE9959DF9DF40477D275A6D291EC7B
SHA-256:	A4D3E7E3BCC79045581CEF6D1A86F651C43834567DBFB0A1F0F87ECBBE7984B2
SHA-512:	01055014611B4E2E60F43DF9F2692A9B059903BA0C2EDF8C3C1213EBFABBBDE0F8A90E2762127BD0B8C832C662DE34F0E357193AA552B69F8A2E16DD022B6E17
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<Translation>...<title val="Activation"/>...<start>....<title val="Activate %1 now"/>....<stitleplural val="You must activate %1 within %2 days to continue using it."/>....<stitlesingle val="You must activate %1 within 1 day to continue using it."/>....<activate val="&Activate %1 online now"/>....<asklater val="Activate &later"/>...</start>...<startexp>....<stitle val="Your trial period has expired and %1 is no longer working. To continue using this software you must activate it."/>....<buy val="&Buy a new product key online"/>....<newpkey val="&Retype your product key"/>....<manualact val="&Manually activate %1 offline"/>....<otheropts val="Other options (trial extension, offline activation)"/>...</startexp>...<otheropts>....<title val="Other options"/>....<stitle val="Either manually activate %1 or extend your trial."/>....<extend val="Extend your trial"/>...</otheropts>...<trial>....<title val="Extend your trial"/>....<stit

C:\Program Files (x86)\Letasoft Sound Booster\Lang\TurboActivateBR.xml (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Category:	dropped
Size (bytes):	6885
Entropy (8bit):	4.992604235635313
Encrypted:	false
SSDEEP:	96:1e2z4Ya1lp0rwCJSX748QbchJ/D0QC3A28tjeR8qYMUiZMlDD62WckK7GjB7kK75:Jec0b1CkLqMM2bGtRVk8
MD5:	3F329982989AD24E151F51F513284C12
SHA1:	E744D34F2A85807A32D79960BD3C47488783E8E9
SHA-256:	400B886854892F976A8E327D66F895DC71C3C9CCE42C0E576A69D0A7D129FA88
SHA-512:	365ED067DE73C4C1B27D30BD41D9DAECF5926A1A3D7F6766ABD499A73EB3E6471B8F6BD21C259C91192B1262D03FC9E47905A4D5C295CA99F981D360AB26DBBC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<Translation>...<title val="Ativando"/>...<start>....<title val="Ativar o %1 agora"/>....<stitleplural val="Voc. tem que ativar o %1 em %2 dias para continuar a usu.-lo."/>....<stitlesingle val="Voc. precisa ativar o %1 em 1 dia para continuar a us.-lo."/>....<activate val="&Ativar o %1 online agora"/>....<asklater val="Ativar &depois"/>...</start>...<startexp>....<stitle val="Seu per.odo de teste expirou e o %1 n.o funcionar. mais. Para continuar a usar este programa, voc. precisa licenci.-lo."/>....<buy val="&Comprar um licen.a do produto online"/>....<newpkey val="&Redigite sua licen.a"/>....<manualact val="&Licenciar o %1 offline"/>....<otheropts val="Outras op..es (estender a avalia..o, licenciar offline)"/>...</startexp>...<otheropts>....<title val="Outras Op..es"/>....<stitle val="Licenciar o %1 ou estender seu per.odo de teste."/>....<extend val="Estender minha avalia..o"/>...</otheropts>...<trial>.

C:\Program Files (x86)\Letasoft Sound Booster\Lang\TurboActivateRU.xml (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (322), with CRLF line terminators
Category:	dropped
Size (bytes):	9798
Entropy (8bit):	4.8452059295897865
Encrypted:	false
SSDEEP:	192:d3EVlV2jLtsgL8J7MWcrIAsIcIJsaL/r7gB9iez6KsuAPdwkjbT2FhDWYLJGVyfa:d3hjLt38J7MWcrIAsIcIJlLHQx+uydwe
MD5:	9D478BEA4276BF33D8556701E8E4045C
SHA1:	5E58309576B8D27C8999818AACB12D061F5328A5
SHA-256:	70972039E093BD7201A01DC8D9EF315A788752E274D3F6DF433E4196AF1DC67C
SHA-512:	ED7ADA8E78E0A858D1A075A4DB620F139FF171995F2C254F320FB6CE797B1717268964690D580A1EB3B240A647578D49D57D973E3CCCDA8A8B5F6CCC3D0FB8ED
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<Translation>...<title val="........."/>...<start>....<title val="........... %1 ......"/>....<stitleplural val=".. ...... ............ %1 . ....... %2 ...., ..... .......... ............ ... ....... %1."/>....<stitlesingle val=".. ...... ............ %1 . ....... 1 ..., ..... .......... ............ ... ....... %1."/>....<activate val="............ %1 ...... ..... ........"/>....<asklater val="............ ....."/>...</start>...<startexp>....<stitle val="... ....... ...... .......... . %1 ...... .. ......... ..... .......... ............ ... ......... .. ...... ............ ... ..... %1."/>....<buy val="...... ..... ..

C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-0B8RS.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (322), with CRLF line terminators
Category:	dropped
Size (bytes):	9798
Entropy (8bit):	4.8452059295897865
Encrypted:	false
SSDEEP:	192:d3EVlV2jLtsgL8J7MWcrIAsIcIJsaL/r7gB9iez6KsuAPdwkjbT2FhDWYLJGVyfa:d3hjLt38J7MWcrIAsIcIJlLHQx+uydwe
MD5:	9D478BEA4276BF33D8556701E8E4045C
SHA1:	5E58309576B8D27C8999818AACB12D061F5328A5
SHA-256:	70972039E093BD7201A01DC8D9EF315A788752E274D3F6DF433E4196AF1DC67C
SHA-512:	ED7ADA8E78E0A858D1A075A4DB620F139FF171995F2C254F320FB6CE797B1717268964690D580A1EB3B240A647578D49D57D973E3CCCDA8A8B5F6CCC3D0FB8ED
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<Translation>...<title val="........."/>...<start>....<title val="........... %1 ......"/>....<stitleplural val=".. ...... ............ %1 . ....... %2 ...., ..... .......... ............ ... ....... %1."/>....<stitlesingle val=".. ...... ............ %1 . ....... 1 ..., ..... .......... ............ ... ....... %1."/>....<activate val="............ %1 ...... ..... ........"/>....<asklater val="............ ....."/>...</start>...<startexp>....<stitle val="... ....... ...... .......... . %1 ...... .. ......... ..... .......... ............ ... ......... .. ...... ............ ... ..... %1."/>....<buy val="...... ..... ..

C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-3TFGO.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17328
Entropy (8bit):	6.467854152012464
Encrypted:	false
SSDEEP:	192:zCoSPU8+fLLfUl96+PBo21ZtDYNDxEdRkVV/LkghFbr9LB+HPTSofousUwz2T3+y:9kU9vWI2mNDOQ/osFFBaSofousWu4zV
MD5:	04836C4C3228B9E5FCD8A995D38030C5
SHA1:	2D0E8049ED5392A2FE072E0FCDC30328B3CCA62F
SHA-256:	FAAA95455F9C516CBDB02E233533A7D44E7F6FFB3F850A2ED0482E553FF18E71
SHA-512:	38D1B94CB990120B5C846977BDC7109E62EE994241A2F84774C27395D6153DBD1F08562C08DAD3E66D8EC73C31AB9B18071308BAD7360AE4AC2A42E3A7E2AAE2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7.<.s.R.s.R.s.R...r.R...P.r.R.Richs.R.........PE..L.....ab...........!.........................................................@......sk....@.......................................... ...................)..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@..............ab........T...8...8.........ab....................GCTL....8....rdata..8...T....rdata$zzzdbg.... .......rsrc$01....."..8....rsrc$02................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-A00SO.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Category:	dropped
Size (bytes):	6885
Entropy (8bit):	4.992604235635313
Encrypted:	false
SSDEEP:	96:1e2z4Ya1lp0rwCJSX748QbchJ/D0QC3A28tjeR8qYMUiZMlDD62WckK7GjB7kK75:Jec0b1CkLqMM2bGtRVk8
MD5:	3F329982989AD24E151F51F513284C12
SHA1:	E744D34F2A85807A32D79960BD3C47488783E8E9
SHA-256:	400B886854892F976A8E327D66F895DC71C3C9CCE42C0E576A69D0A7D129FA88
SHA-512:	365ED067DE73C4C1B27D30BD41D9DAECF5926A1A3D7F6766ABD499A73EB3E6471B8F6BD21C259C91192B1262D03FC9E47905A4D5C295CA99F981D360AB26DBBC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<Translation>...<title val="Ativando"/>...<start>....<title val="Ativar o %1 agora"/>....<stitleplural val="Voc. tem que ativar o %1 em %2 dias para continuar a usu.-lo."/>....<stitlesingle val="Voc. precisa ativar o %1 em 1 dia para continuar a us.-lo."/>....<activate val="&Ativar o %1 online agora"/>....<asklater val="Ativar &depois"/>...</start>...<startexp>....<stitle val="Seu per.odo de teste expirou e o %1 n.o funcionar. mais. Para continuar a usar este programa, voc. precisa licenci.-lo."/>....<buy val="&Comprar um licen.a do produto online"/>....<newpkey val="&Redigite sua licen.a"/>....<manualact val="&Licenciar o %1 offline"/>....<otheropts val="Outras op..es (estender a avalia..o, licenciar offline)"/>...</startexp>...<otheropts>....<title val="Outras Op..es"/>....<stitle val="Licenciar o %1 ou estender seu per.odo de teste."/>....<extend val="Estender minha avalia..o"/>...</otheropts>...<trial>.

C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-HCK3C.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17328
Entropy (8bit):	6.676071373993445
Encrypted:	false
SSDEEP:	384:FtzAeV53Ic52mNDOQafElFFBaSofousWu4vFt:FtzJ53Ic5h0Q0El1aSoQuSM
MD5:	56916EA3B9A10D00FEB9818C3068F4A8
SHA1:	16976619882AA3E1BE24AAACC775C16AA2AB5963
SHA-256:	C64E4820A0B8A29ECC71B4EF43C318D7CF2682270D39C53CB3980BEF0E24D2CC
SHA-512:	FA8BF43756F4C4E6A1951E566FB585C05B0CD2C89EE93B92212B9C14C36DE3FDA9D9F9C00B0F2729F4EEB4C2182436560BE271B48ED897375D115A68D9EB437D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7.<.s.R.s.R.s.R...r.R...P.r.R.Richs.R.........PE..L.....ab...........!.........................................................@............@.......................................... ...................)..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@..............ab........T...8...8.........ab....................GCTL....8....rdata..8...T....rdata$zzzdbg.... .......rsrc$01....."..P....rsrc$02................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-Q7VFD.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	XML 1.0 document, ASCII text, with very long lines (307), with CRLF line terminators
Category:	dropped
Size (bytes):	5928
Entropy (8bit):	4.941433138906401
Encrypted:	false
SSDEEP:	96:xHd59ENEuceB3e5g7M8xvkeFwnnxOmp/T9eqsDYzPYFFWKDs9QxhkmEwIkmxI9GL:5d59ENEuJI5g7Vv7kxB/5PYFFWKY07de
MD5:	4D50E1FDE63F8505865CB6C9ED40F1C2
SHA1:	392D085138BE9959DF9DF40477D275A6D291EC7B
SHA-256:	A4D3E7E3BCC79045581CEF6D1A86F651C43834567DBFB0A1F0F87ECBBE7984B2
SHA-512:	01055014611B4E2E60F43DF9F2692A9B059903BA0C2EDF8C3C1213EBFABBBDE0F8A90E2762127BD0B8C832C662DE34F0E357193AA552B69F8A2E16DD022B6E17
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<Translation>...<title val="Activation"/>...<start>....<title val="Activate %1 now"/>....<stitleplural val="You must activate %1 within %2 days to continue using it."/>....<stitlesingle val="You must activate %1 within 1 day to continue using it."/>....<activate val="&Activate %1 online now"/>....<asklater val="Activate &later"/>...</start>...<startexp>....<stitle val="Your trial period has expired and %1 is no longer working. To continue using this software you must activate it."/>....<buy val="&Buy a new product key online"/>....<newpkey val="&Retype your product key"/>....<manualact val="&Manually activate %1 offline"/>....<otheropts val="Other options (trial extension, offline activation)"/>...</startexp>...<otheropts>....<title val="Other options"/>....<stitle val="Either manually activate %1 or extend your trial."/>....<extend val="Extend your trial"/>...</otheropts>...<trial>....<title val="Extend your trial"/>....<stit

C:\Program Files (x86)\Letasoft Sound Booster\Logger32.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	260528
Entropy (8bit):	6.697233046928663
Encrypted:	false
SSDEEP:	3072:nD+1kCmZf1p43zi/wFOVoO0bSiZOkfGwLHpB2L0tjb1vpoLBl9Ag0Fubr4Vsk8TY:nD+1BmVui/Q8oeaHX2Atp+AO4i1Tnp+f
MD5:	862CA43FD8CCEA3E00A41E177CAA957B
SHA1:	8888EBBFCC1462A4F253217DB1A112AF2699F6E2
SHA-256:	BB2F0854892FAE554C6C999FAD1DDDD53A8204FFBE4AC9103001D5E2DE106AFD
SHA-512:	02034C39190E7DD8A05E44AC2E394C7E298C5BD509B01C862A8ABDF7B09826C9163DA672CE914CD990B257770B66BDA40113CCD06908169B6CE13A9A985BFEC9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f..]".y.".y.".y..Y....y..Y....y..Y..?.y...z.5.y...\|...y...}...y.+...+.y.".x.T.y...p.!.y...y.#.y.....#.y."...#.y...{.#.y.Rich".y.........................PE..L.....ab...........!.........>.......................................................}....@.............................h.......P.......8................).......&..@t..............................`t..@...............l............................text............................... ..`.rdata..p...........................@..@.data...............................@....gfids..P...........................@..@.rsrc...8...........................@..@.reloc...&.......(..................@..B........................................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\Logger64.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	317360
Entropy (8bit):	6.3189859386488685
Encrypted:	false
SSDEEP:	6144:9c68TAPyuUPg3wi/UxynB5wnFcTCb2lUKMAQoh2vKydBZqNHZG:98TAausg3wYCSlEo8N0s
MD5:	C69917647354E03FFEA016B86D3BC973
SHA1:	E6385500AAEB50F3E2C36D7FC23789DFBAFBE802
SHA-256:	5B273FC8597B541AD86D3650362BCBAA592CED0163D56499BADD344306CB99ED
SHA-512:	DAF7E027EFF292AD39E93EC8E0BB0AF2437DE3546E1E8431A80C752FDEB1D57D2F477D45FB736B22A321B3CC4DA02B8F0E3C1F5C106CB4D4112ADC65ED0167A0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z..4T.4T.4T^,.T.4T^,.Td.4T^,.T.4T..7U.4T..1U.4T..0U.4T..T.4T.5T..4T}.=U.4T}.4U.4Tx..T.4T.T.4T}.6U.4TRich.4T................PE..d.....ab.........." ................................................................2.....`......................................... _..h...._..P.......8........+.......)......X...................................0................................................text............................... ..`.rdata...i.......j..................@..@.data....(...p.......Z..............@....pdata...+.......,...j..............@..@.gfids..............................@..@.rsrc...8...........................@..@.reloc..X...........................@..B........................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\SBH.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	588720
Entropy (8bit):	5.6097958863819475
Encrypted:	false
SSDEEP:	12288:GQEMpHTqsxDaFFUf7Pzq05/M64p0g0YHn8gtgPQ9:FBTqsxDZf7PzqUEtP9
MD5:	B2DFC74F0C0ED8C1B949C545315F309B
SHA1:	E96D97EEA104E68EAAB215BAF08D80D5CD9084FD
SHA-256:	D17B8A74494E9E9A2FEF7F469B7E78E8E4BBBAB5CA5F6723DA64116B346A54D0
SHA-512:	B239AE5EDDBEAFCB73B1C1677FA9C49361ED6410C12E92FECB1A7CA891ADAA4E985145774FC0EFB87E78726ABD890FE01BA12721CBC28D9692B0902EC5DE6B35
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i*...D..D..D.-....D.-.....D.-....D......D.VG..D.V@..D.VA..D.p...D..E.P.D..VM..D..VD..D..V...D.....D..VF..D.Rich..D.................PE..L.....ab...........!.........0......W........................................ ......Er....@..........................-..H....-...........................).......I.. ...............................@...@...............l............................text............................... ..`.rdata...l.......n..................@..@.data....o...@...Z...&..............@....gfids..d...........................@..@.rsrc...............................@..@.reloc...I.......J..................@..B........................................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	653232
Entropy (8bit):	5.25211511018816
Encrypted:	false
SSDEEP:	12288:CMh6Hvxi+QyVQWCDeRRWaSS93xvqkhoHnJeI9u:2HvxiFyVQWCDeRkPS93xCkh2g
MD5:	66B510D2C5FA5BCCF1062EDB55C7E957
SHA1:	54073B7FE3FE8E3954623D14BAE7080251A9AD2D
SHA-256:	9145177E4B4A4539E729176DCEBFD7E3BC2F49753DBBE428C7D93D77E0648979
SHA-512:	C7A809976D5EE1FBDF6A82F4E55C77BB56B5FCE46DA35167A9BE45602F9F5F08692E9287346D7466FF2C5060A9EBBB9E080CA1ED8C4EBBB5018C92F919931396
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........dg.............m.......m.......m.......G.......[.......[.......[.......}..............N[......N[......K[..............N[......Rich............PE..d.....ab.........." ................H........................................@............`.............................................L.......................X8.......)... .......<...............................<...............................................text...:........................... ..`.rdata..............................@..@.data...@...........................@....pdata..X8.......:...z..............@..@.gfids..$...........................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2159536
Entropy (8bit):	6.254542738408364
Encrypted:	false
SSDEEP:	49152:/UJRX/ser5Na+YpqBM1P2Cr6ehrPfYZaBXSa/5G:GrTaBPfY2XSa/I
MD5:	7FBBDD31BA4CC5B2D0C230C5783274A7
SHA1:	731D6CA422FEA64337D5EB52F6F5FABA9F4036A5
SHA-256:	D7B991F054CD6CAB9A68EB692E4A1983DB87EF6A6B6EC95D3B9FCA553C063B70
SHA-512:	721E2EE04676D3D1E7972FD6BEBFE8297A67FBF4A78A0924C2017C50CA66A131D33450F6118BBA0CC9A38B78A2A9E0C07BFA4C8372D0E2BF358C1BCDDE3CD3AF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R..<..<..<.Q.....<.Q...j.<.Q.....<...?..<...8..<...9..<.8}...<.8}...<.8}....<..=.z.<.r.5..<.r.<..<.w....<.r.>..<.Rich.<.................PE..d.....ab.........." .....L...................................................`!.....`.!...`.........................................P...........x.... !.x.... .d..... ..)...0!..!...;.......................;..(... ;...............p...............................text...\3.......4.................. ..`RT_CODE.4....P.......8.............. ..`.rdata...`...p...b...P..............@..@.data....;..........................@....pdata..d.... .....................@..@.gfids.. ..... ....... .............@..@.tls..........!....... .............@...RT_CONST......!....... .............@..@.rsrc...x.... !....... .............@..@.reloc...!...0!..".... .............@..B........................................................

C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2809776
Entropy (8bit):	7.803245296293172
Encrypted:	false
SSDEEP:	49152:11stWYmRkasRDSlvxPRQWnYHKE6DPmVeiXSswDenby1xl7Puh0p3YrFh2hRPm/4l:1CYgDCJPiWnOaNJwGhRPL0V1APB
MD5:	73284BAC5AE39DDC8A67EFFE040A3349
SHA1:	C7253DA38CBD782822805B82AFB740712CFAA0EC
SHA-256:	E0DD2F06DD96E8167168517CFB611456E3FBEA57A116916D4C4A1AA4D84D35CA
SHA-512:	3AC7D8CD732D4E68CA9E27EA7BA0D242B3233415619C6E302D529FAAAD78017DDE9B4832A8EF4F68DB3E8301597464EC2678A8888F6E12A575B3F55208A9E1BC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............D...D...D.Xb....D.Xb..u.D.Xb....D...A...D......D......D..G...D..@...D..A.h.D.{.E...D......D...E.y.D.{.M...D.~.....D.{.F...D.Rich..D.................PE..L.....ab..................... ......o.M...........@...........................S.......+...@...................................M.\|.....O.................)....O.......N.....................p.(.......N.@............ *..............................text............................... ..`.rdata.............................@..@.data....R..........................@....gfids..@...........................@..@.giats..............................@..@.tls................................@....vmp0...[.!.. ......................`....vmp1.....&...(...&.................`....reloc........O......$&.............@..@.rsrc.........O......&&.............@..@................................................................

C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterHelper.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	141744
Entropy (8bit):	6.310466554679651
Encrypted:	false
SSDEEP:	3072:pYrytIQSxZ7F4rcDRExbMl2+b182m3opvAS3DdUZ3m0fSA2R:pY2Kz7FqcuJM8u182BBzdeW0f2R
MD5:	EDDD2980547E2DD5694798E38BB1F7E3
SHA1:	316FF3F4140BEB28ECC4152FA2F90D1D1C1C2C78
SHA-256:	13C3EE12390F7A339C9CC6570B2480ED9537A703F6A9BBF21EF2D935FED0BA5C
SHA-512:	6747B68A030BB44E6A347C2497A575801A1C4D32463886A6FD70E5BB3634C9B21B08BB9BB8F3F8386C3DE917EA880C4087ACF2E2CA925AE0A6696616AF695B41
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0...^...^...^..~....^..~....^..~....^...]...^...[...^...Z...^......^..._...^.'.W...^.".....^.'.\...^.Rich..^.................PE..d.....ab.........."......"...........,.........@.............................p.......)....`.....................................................P....P..P.......\|........)...`..L...@...........................(...`................@...............................text...\!.......".................. ..`.rdata.......@.......&..............@..@.data...4...........................@....pdata..\|...........................@..@.gfids.......0......................@..@.tls.........@......................@....rsrc...P....P......................@..@.reloc..L....`......................@..B................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	152496
Entropy (8bit):	6.589764644303553
Encrypted:	false
SSDEEP:	3072:BfpNA68cNtveiWjPVbVja8VMjYzvM7kwCnV+HSm1eEmg2fS+:q68ezWjVBG8kYLMx8+yhg2H
MD5:	E45BFFA942994D7921E37BCAA900740F
SHA1:	E5258BC57166013C328EA4EC2CAB04196172B58A
SHA-256:	5C9DB93EA5EEE603B10EC200CF92AB0CC86BF539C04DD343D94582A0DC607248
SHA-512:	99E02E7CD7CB85DD6F825A6189035EB04823B200ED09FAE84D6504AF07ADD00169368913BCC9B9D5728241498675EB0D5903349794431EFBDA836E8FB2FBCE43
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..P...P...P..".I..P..".K..P..".J..P.......P.......P.......P...(+..P...P...P.......P....G..P...P/..P.......P..Rich.P..........................PE..L.....ab.................h..........(I............@..................................;....@.....................................d....`..h............*...)...p..$...........................l...........@............................................text....g.......h.................. ..`.rdata...............l..............@..@.data........ ......................@....gfids.. ....@......................@..@.tls.........P......................@....rsrc...h....`......................@..@.reloc..$....p......................@..B........................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	203184
Entropy (8bit):	6.628918274511852
Encrypted:	false
SSDEEP:	3072:wxqoWKbkzphHQb5pibQrvaWzO/0DPSBtwVfvy+8WbrPml33kn9ymsEZJmF21fSl:4qHNdQbLibQY/aPutAvyXE9z1ZkF6Y
MD5:	674B5BE99C119416895FED6B4B54CD85
SHA1:	856B482B7076CCF2FBE016970599A82108F084AB
SHA-256:	EA40D34882B21D56CC9663B43065E127AC36E9A249164A7E1EFEB891F5F22B12
SHA-512:	5EC42AB1B7A85D4C6AA1BDC7D1B8317A79CAF3621053239F0C8671FFF9F44117C663E6E63E107C24B00F6314E957D42D9EFB04CC788DF64879B2E65E0B12F766
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-jt.~jt.~jt.~..D~ft.~..F~.t.~..G~rt.~..r~ht.~Q...t.~Q..yt.~Q..At.~c.&~et.~jt.~.t.~...lt.~...kt.~.J~kt.~.*..kt.~Richjt.~........PE..L.....ab.....................................0....@..........................P...........@.......................................... ..h................)...0..\.......................................@............0...............................text............................... ..`.rdata.......0......................@..@.data...............................@....gfids..$...........................@..@.tls................................@....rsrc...h.... ......................@..@.reloc..\....0......................@..B................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.dat (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	data
Category:	dropped
Size (bytes):	4055
Entropy (8bit):	7.947774952367895
Encrypted:	false
SSDEEP:	96:cuHmxvfZ4zvycZDIZSqAF03QC1VFz9Ore4Xx4Zl4SU5JpOwOA:cRxHZ4zjDIZFAaLVfyxCGSMJpr
MD5:	3089E085B28661C439006E94C9FA6103
SHA1:	A557D88969933DF3DBC5F9BE8B05D8322840C6B5
SHA-256:	616295A5A4FC875BDB3AC4C05B0A782B2687C7FCB2638324FC70616912903819
SHA-512:	D7E063EFDEBC1CA761A3A584C7CA851C71CCFA89D718FD3FDFF0975893A8110B16C3C3909E4D0BC8705FCE377A79B60414829EB19B6A24F4A73F0537DA44947D
Malicious:	false
Preview:	TAPDFV1.....0......0....H............0.............r..../...J..r.h....+/oXs2F'.U.....&.H.$..Ax8....?...f....kbm..L..>..Sc...k.}w.`.v.KJ.6..e...`..D..`.q...A...#:.&.....p...\|...h....>.o..L./Q...........d......E.;W......A.6B.z...../w...Q..4.N.f..h....$+.s...h.N...%.\|T... 3c.....)L....-.`n/.>../.!........%...q.}q.O.)B2X.&..s4.".A.W......r....zX.o.S.`.^Y./. .=..Y..:..B..Jv.....093\|f.....$...0.r......u....A@.M....~...u!..."...p....aNn..K...~..]...c...l...\d..Xiu..qE9V.b.....iD.M....`..t6.'.u.a......R..;.......Gs..p.s\..Q.b.I...a...9P...N.l.o....}.....\|.......+.ej.[a...e6.o.'.U[..cdA...l....t.R.......v...Qq.{a.S..B}.>.b<..7..h.....F.....T..$y.dT.._r.?.=..(...'.R"hYt...=......_p....}.e+...s.@...K.R>.....$z)..e.,u)....$.......EV.....M_.!...e,..R..ig\|.n..x.~.D.:=d..Y......c...l&...U....I.z.....:'............].>~..h...>V...5.........[.......yi'....t.,!.>G...n..$..H...K......nF"..$....uG....M..m...1.`/([W.7..>............D....T}.:....F.a.'?o<.dY.B.

C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1123424
Entropy (8bit):	6.8590789183904795
Encrypted:	false
SSDEEP:	24576:9aP+O7H+M/0w2aGulCw87cZsAmMegOAt3ck:9aPb+M/bpwimMegB3D
MD5:	D47D64E3EEAA388E4E944AF226756CF6
SHA1:	F6A04D0B1C152EE0F7F5022C2405525286FE2F41
SHA-256:	1DD842549904842BD3F72A8F3DDFB96E3674F1826265EB0627271143E9C4B1EB
SHA-512:	0644C14AECD835FA05195B25262366818FF053D0210E74727CE83E7DBC6ECD5DC2F6F466A38C9498122B544A5B4252495F2F9E762094DA144FAEEB4ABDED3091
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$......................... ............3.......1...0....0.....3....0................3....3....3.3....[...3....Rich..........................PE..L......`...........!................~4....... ...............................P............@.............................8...............................`..............8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...x........x..................@....rsrc................R..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	293472
Entropy (8bit):	6.712886412345847
Encrypted:	false
SSDEEP:	6144:BnAsc2eGG1DZLVl2ewejQjkHLOSUiynC971ELz/E8QiufNBuCqOk:BrtG1DZLVl2ewJjkHiSV1bVVBjqOk
MD5:	D9C75A5749132D77AE709C5EAE6FE9DD
SHA1:	0142E7C95D4E5A691160D3330FDB626E196715A3
SHA-256:	5A4A4AEBA559B86DB6D95EACC289AD27F84749E35CB51587D26355BF7732548A
SHA-512:	56B4971ECD595F2198557204EEEAF05E465C31728E2DF776202199E28668C42344A7E0F52B191604B45EA0EBAA4FE050B97C7243A5F809A42C5E322F74326975
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Z.Z.Z.N...P.N.........H.....I.....n.N...O.N...J.....Y.Z......._...D.[.Z.,.[.....[.RichZ.................PE..L...y..`.....................h......I........ ....@.................................\@....@.................................4........ .. J...........^..`....p...%..h...p..............................@............ ...............................text...5........................... ..`.rdata....... ......................@..@.data...`%..........................@....rsrc... J... ...L..................@..@.reloc...%...p...&...8..............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\UltraActivate.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2488752
Entropy (8bit):	7.467597033816071
Encrypted:	false
SSDEEP:	49152:E4ZRwT9AdAyECT11/3AOaPb+M/bpwimMegB3Dhv:xfwT9AdAydrfxaPb+M/1rZbhv
MD5:	FEDE08587BCE8D2931BAECC55BF2D0C1
SHA1:	F0E9A18993E3B19A94DE40A2CE77F991E9CAAC55
SHA-256:	9508EEBBDBAE1FC2EB6A4D3D3CF7E12B4EA2CC05DF7F7219B259D5AFC2A7C8CC
SHA-512:	382513CD2BB09EC9DE8A4D5B3E8BE55B8C6C0563754B5888C7EE4D443982B9B15C64A6F7A2565313E0F198B79E193842D8E79F710733DA18092C9EF2C262A9DC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$......................... ............3.......1...0....0.....3....0................3....3....3.3....[...3....Rich..........................PE..L......`...........!................QG!...... ...............................P:.....2.&...@...........................!.5....g.......@:...............%..)....9..S..0.9.8....................:(.$...X.(.@............0!.\|............................text............................... ..`.rdata....... ......................@..@.data...x...........................@....vmp0...............................`....vmp1..... ..0.... .................`....reloc...S....9..T...p%.............@..@.rsrc........@:.......%.............@..@................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-470JU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	293472
Entropy (8bit):	6.712886412345847
Encrypted:	false
SSDEEP:	6144:BnAsc2eGG1DZLVl2ewejQjkHLOSUiynC971ELz/E8QiufNBuCqOk:BrtG1DZLVl2ewJjkHiSV1bVVBjqOk
MD5:	D9C75A5749132D77AE709C5EAE6FE9DD
SHA1:	0142E7C95D4E5A691160D3330FDB626E196715A3
SHA-256:	5A4A4AEBA559B86DB6D95EACC289AD27F84749E35CB51587D26355BF7732548A
SHA-512:	56B4971ECD595F2198557204EEEAF05E465C31728E2DF776202199E28668C42344A7E0F52B191604B45EA0EBAA4FE050B97C7243A5F809A42C5E322F74326975
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Z.Z.Z.N...P.N.........H.....I.....n.N...O.N...J.....Y.Z......._...D.[.Z.,.[.....[.RichZ.................PE..L...y..`.....................h......I........ ....@.................................\@....@.................................4........ .. J...........^..`....p...%..h...p..............................@............ ...............................text...5........................... ..`.rdata....... ......................@..@.data...`%..........................@....rsrc... J... ...L..................@..@.reloc...%...p...&...8..............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-4PLJA.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2809776
Entropy (8bit):	7.803245296293172
Encrypted:	false
SSDEEP:	49152:11stWYmRkasRDSlvxPRQWnYHKE6DPmVeiXSswDenby1xl7Puh0p3YrFh2hRPm/4l:1CYgDCJPiWnOaNJwGhRPL0V1APB
MD5:	73284BAC5AE39DDC8A67EFFE040A3349
SHA1:	C7253DA38CBD782822805B82AFB740712CFAA0EC
SHA-256:	E0DD2F06DD96E8167168517CFB611456E3FBEA57A116916D4C4A1AA4D84D35CA
SHA-512:	3AC7D8CD732D4E68CA9E27EA7BA0D242B3233415619C6E302D529FAAAD78017DDE9B4832A8EF4F68DB3E8301597464EC2678A8888F6E12A575B3F55208A9E1BC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............D...D...D.Xb....D.Xb..u.D.Xb....D...A...D......D......D..G...D..@...D..A.h.D.{.E...D......D...E.y.D.{.M...D.~.....D.{.F...D.Rich..D.................PE..L.....ab..................... ......o.M...........@...........................S.......+...@...................................M.\|.....O.................)....O.......N.....................p.(.......N.@............ *..............................text............................... ..`.rdata.............................@..@.data....R..........................@....gfids..@...........................@..@.giats..............................@..@.tls................................@....vmp0...[.!.. ......................`....vmp1.....&...(...&.................`....reloc........O......$&.............@..@.rsrc.........O......&&.............@..@................................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-9OI0H.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2159536
Entropy (8bit):	6.254542738408364
Encrypted:	false
SSDEEP:	49152:/UJRX/ser5Na+YpqBM1P2Cr6ehrPfYZaBXSa/5G:GrTaBPfY2XSa/I
MD5:	7FBBDD31BA4CC5B2D0C230C5783274A7
SHA1:	731D6CA422FEA64337D5EB52F6F5FABA9F4036A5
SHA-256:	D7B991F054CD6CAB9A68EB692E4A1983DB87EF6A6B6EC95D3B9FCA553C063B70
SHA-512:	721E2EE04676D3D1E7972FD6BEBFE8297A67FBF4A78A0924C2017C50CA66A131D33450F6118BBA0CC9A38B78A2A9E0C07BFA4C8372D0E2BF358C1BCDDE3CD3AF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R..<..<..<.Q.....<.Q...j.<.Q.....<...?..<...8..<...9..<.8}...<.8}...<.8}....<..=.z.<.r.5..<.r.<..<.w....<.r.>..<.Rich.<.................PE..d.....ab.........." .....L...................................................`!.....`.!...`.........................................P...........x.... !.x.... .d..... ..)...0!..!...;.......................;..(... ;...............p...............................text...\3.......4.................. ..`RT_CODE.4....P.......8.............. ..`.rdata...`...p...b...P..............@..@.data....;..........................@....pdata..d.... .....................@..@.gfids.. ..... ....... .............@..@.tls..........!....... .............@...RT_CONST......!....... .............@..@.rsrc...x.... !....... .............@..@.reloc...!...0!..".... .............@..B........................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-EMCVK.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1481648
Entropy (8bit):	6.478030464508085
Encrypted:	false
SSDEEP:	24576:9tdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt52ZTx9MjiQ:zqTytRFk6ek12fI
MD5:	A5E43FF07BF378503CF45D6EE7778021
SHA1:	EF988979192938D07C4DD146FB749ED32C8F5568
SHA-256:	48CC8C44E665CC3A24A1EF0807BCD87BDCC0AD9FF179C8D5C96924EBA48888F2
SHA-512:	E039F2834F9ADA5BF4E0F6EA0C94C9213C433785B99D31B2C288EA29732672A60D9F213FFB4CF47403BB696E19884F18840F1C00ED3861EA7D0FE0E6028126B5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W.....................t......l........ ....@..........................@............@......@..............................@8...0...............r...)................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc........0.......l..............@..@....................................@..@........................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-FO5GS.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	208816
Entropy (8bit):	6.646069643453431
Encrypted:	false
SSDEEP:	6144:gwOh40q7GA3GjisAO70m3nIx0IjvaDvvD:K4d77mVSxBjvaDv7
MD5:	18CC066A5DAF36920CEA0094FAD8EE2F
SHA1:	624A394DDEF12E8CE588626DF20199565CCF1715
SHA-256:	B7EFD8423A3DAF6CE666AB52BCE1205D703069387678686849AC7E93AED061F6
SHA-512:	26715F812B36D0783017579C2D0A47171AEFB533B75193D87870DBA6273718100AAE966F653FA7353207078363D4E12CD35D81C1CF08878C992A9DA60330B420
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y.U....y.U...d.y.U.....y...z...y...\|..y...}...y.<c...y..x.h.y.v.p..y.v.y...y.s....y......y.v.{...y.Rich.y.................PE..L.....ab...........!.........L......,........................................p............@.............................T............0..8................)...@..."......................................@............................................text............................... ..`.rdata..............................@..@.data...............................@....gfids..D...........................@..@.tls......... ......................@....rsrc...8....0......................@..@.reloc..."...@...$..................@..B........................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-GVBLF.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	152496
Entropy (8bit):	6.589764644303553
Encrypted:	false
SSDEEP:	3072:BfpNA68cNtveiWjPVbVja8VMjYzvM7kwCnV+HSm1eEmg2fS+:q68ezWjVBG8kYLMx8+yhg2H
MD5:	E45BFFA942994D7921E37BCAA900740F
SHA1:	E5258BC57166013C328EA4EC2CAB04196172B58A
SHA-256:	5C9DB93EA5EEE603B10EC200CF92AB0CC86BF539C04DD343D94582A0DC607248
SHA-512:	99E02E7CD7CB85DD6F825A6189035EB04823B200ED09FAE84D6504AF07ADD00169368913BCC9B9D5728241498675EB0D5903349794431EFBDA836E8FB2FBCE43
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..P...P...P..".I..P..".K..P..".J..P.......P.......P.......P...(+..P...P...P.......P....G..P...P/..P.......P..Rich.P..........................PE..L.....ab.................h..........(I............@..................................;....@.....................................d....`..h............*...)...p..$...........................l...........@............................................text....g.......h.................. ..`.rdata...............l..............@..@.data........ ......................@....gfids.. ....@......................@..@.tls.........P......................@....rsrc...h....`......................@..@.reloc..$....p......................@..B........................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-HJ5VT.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	588720
Entropy (8bit):	5.6097958863819475
Encrypted:	false
SSDEEP:	12288:GQEMpHTqsxDaFFUf7Pzq05/M64p0g0YHn8gtgPQ9:FBTqsxDZf7PzqUEtP9
MD5:	B2DFC74F0C0ED8C1B949C545315F309B
SHA1:	E96D97EEA104E68EAAB215BAF08D80D5CD9084FD
SHA-256:	D17B8A74494E9E9A2FEF7F469B7E78E8E4BBBAB5CA5F6723DA64116B346A54D0
SHA-512:	B239AE5EDDBEAFCB73B1C1677FA9C49361ED6410C12E92FECB1A7CA891ADAA4E985145774FC0EFB87E78726ABD890FE01BA12721CBC28D9692B0902EC5DE6B35
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i*...D..D..D.-....D.-.....D.-....D......D.VG..D.V@..D.VA..D.p...D..E.P.D..VM..D..VD..D..V...D.....D..VF..D.Rich..D.................PE..L.....ab...........!.........0......W........................................ ......Er....@..........................-..H....-...........................).......I.. ...............................@...@...............l............................text............................... ..`.rdata...l.......n..................@..@.data....o...@...Z...&..............@....gfids..d...........................@..@.rsrc...............................@..@.reloc...I.......J..................@..B........................................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-L5NEQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	data
Category:	dropped
Size (bytes):	4055
Entropy (8bit):	7.947774952367895
Encrypted:	false
SSDEEP:	96:cuHmxvfZ4zvycZDIZSqAF03QC1VFz9Ore4Xx4Zl4SU5JpOwOA:cRxHZ4zjDIZFAaLVfyxCGSMJpr
MD5:	3089E085B28661C439006E94C9FA6103
SHA1:	A557D88969933DF3DBC5F9BE8B05D8322840C6B5
SHA-256:	616295A5A4FC875BDB3AC4C05B0A782B2687C7FCB2638324FC70616912903819
SHA-512:	D7E063EFDEBC1CA761A3A584C7CA851C71CCFA89D718FD3FDFF0975893A8110B16C3C3909E4D0BC8705FCE377A79B60414829EB19B6A24F4A73F0537DA44947D
Malicious:	false
Preview:	TAPDFV1.....0......0....H............0.............r..../...J..r.h....+/oXs2F'.U.....&.H.$..Ax8....?...f....kbm..L..>..Sc...k.}w.`.v.KJ.6..e...`..D..`.q...A...#:.&.....p...\|...h....>.o..L./Q...........d......E.;W......A.6B.z...../w...Q..4.N.f..h....$+.s...h.N...%.\|T... 3c.....)L....-.`n/.>../.!........%...q.}q.O.)B2X.&..s4.".A.W......r....zX.o.S.`.^Y./. .=..Y..:..B..Jv.....093\|f.....$...0.r......u....A@.M....~...u!..."...p....aNn..K...~..]...c...l...\d..Xiu..qE9V.b.....iD.M....`..t6.'.u.a......R..;.......Gs..p.s\..Q.b.I...a...9P...N.l.o....}.....\|.......+.ej.[a...e6.o.'.U[..cdA...l....t.R.......v...Qq.{a.S..B}.>.b<..7..h.....F.....T..$y.dT.._r.?.=..(...'.R"hYt...=......_p....}.e+...s.@...K.R>.....$z)..e.,u)....$.......EV.....M_.!...e,..R..ig\|.n..x.~.D.:=d..Y......c...l&...U....I.z.....:'............].>~..h...>V...5.........[.......yi'....t.,!.>G...n..$..H...K......nF"..$....uG....M..m...1.`/([W.7..>............D....T}.:....F.a.'?o<.dY.B.

C:\Program Files (x86)\Letasoft Sound Booster\is-M1S53.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	203184
Entropy (8bit):	6.628918274511852
Encrypted:	false
SSDEEP:	3072:wxqoWKbkzphHQb5pibQrvaWzO/0DPSBtwVfvy+8WbrPml33kn9ymsEZJmF21fSl:4qHNdQbLibQY/aPutAvyXE9z1ZkF6Y
MD5:	674B5BE99C119416895FED6B4B54CD85
SHA1:	856B482B7076CCF2FBE016970599A82108F084AB
SHA-256:	EA40D34882B21D56CC9663B43065E127AC36E9A249164A7E1EFEB891F5F22B12
SHA-512:	5EC42AB1B7A85D4C6AA1BDC7D1B8317A79CAF3621053239F0C8671FFF9F44117C663E6E63E107C24B00F6314E957D42D9EFB04CC788DF64879B2E65E0B12F766
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-jt.~jt.~jt.~..D~ft.~..F~.t.~..G~rt.~..r~ht.~Q...t.~Q..yt.~Q..At.~c.&~et.~jt.~.t.~...lt.~...kt.~.J~kt.~.*..kt.~Richjt.~........PE..L.....ab.....................................0....@..........................P...........@.......................................... ..h................)...0..\.......................................@............0...............................text............................... ..`.rdata.......0......................@..@.data...............................@....gfids..$...........................@..@.tls................................@....rsrc...h.... ......................@..@.reloc..\....0......................@..B................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-P02PU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	317360
Entropy (8bit):	6.3189859386488685
Encrypted:	false
SSDEEP:	6144:9c68TAPyuUPg3wi/UxynB5wnFcTCb2lUKMAQoh2vKydBZqNHZG:98TAausg3wYCSlEo8N0s
MD5:	C69917647354E03FFEA016B86D3BC973
SHA1:	E6385500AAEB50F3E2C36D7FC23789DFBAFBE802
SHA-256:	5B273FC8597B541AD86D3650362BCBAA592CED0163D56499BADD344306CB99ED
SHA-512:	DAF7E027EFF292AD39E93EC8E0BB0AF2437DE3546E1E8431A80C752FDEB1D57D2F477D45FB736B22A321B3CC4DA02B8F0E3C1F5C106CB4D4112ADC65ED0167A0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z..4T.4T.4T^,.T.4T^,.Td.4T^,.T.4T..7U.4T..1U.4T..0U.4T..T.4T.5T..4T}.=U.4T}.4U.4Tx..T.4T.T.4T}.6U.4TRich.4T................PE..d.....ab.........." ................................................................2.....`......................................... _..h...._..P.......8........+.......)......X...................................0................................................text............................... ..`.rdata...i.......j..................@..@.data....(...p.......Z..............@....pdata...+.......,...j..............@..@.gfids..............................@..@.rsrc...8...........................@..@.reloc..X...........................@..B........................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-Q41UV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	653232
Entropy (8bit):	5.25211511018816
Encrypted:	false
SSDEEP:	12288:CMh6Hvxi+QyVQWCDeRRWaSS93xvqkhoHnJeI9u:2HvxiFyVQWCDeRkPS93xCkh2g
MD5:	66B510D2C5FA5BCCF1062EDB55C7E957
SHA1:	54073B7FE3FE8E3954623D14BAE7080251A9AD2D
SHA-256:	9145177E4B4A4539E729176DCEBFD7E3BC2F49753DBBE428C7D93D77E0648979
SHA-512:	C7A809976D5EE1FBDF6A82F4E55C77BB56B5FCE46DA35167A9BE45602F9F5F08692E9287346D7466FF2C5060A9EBBB9E080CA1ED8C4EBBB5018C92F919931396
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........dg.............m.......m.......m.......G.......[.......[.......[.......}..............N[......N[......K[..............N[......Rich............PE..d.....ab.........." ................H........................................@............`.............................................L.......................X8.......)... .......<...............................<...............................................text...:........................... ..`.rdata..............................@..@.data...@...........................@....pdata..X8.......:...z..............@..@.gfids..$...........................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-U6OVG.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	141744
Entropy (8bit):	6.310466554679651
Encrypted:	false
SSDEEP:	3072:pYrytIQSxZ7F4rcDRExbMl2+b182m3opvAS3DdUZ3m0fSA2R:pY2Kz7FqcuJM8u182BBzdeW0f2R
MD5:	EDDD2980547E2DD5694798E38BB1F7E3
SHA1:	316FF3F4140BEB28ECC4152FA2F90D1D1C1C2C78
SHA-256:	13C3EE12390F7A339C9CC6570B2480ED9537A703F6A9BBF21EF2D935FED0BA5C
SHA-512:	6747B68A030BB44E6A347C2497A575801A1C4D32463886A6FD70E5BB3634C9B21B08BB9BB8F3F8386C3DE917EA880C4087ACF2E2CA925AE0A6696616AF695B41
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0...^...^...^..~....^..~....^..~....^...]...^...[...^...Z...^......^..._...^.'.W...^.".....^.'.\...^.Rich..^.................PE..d.....ab.........."......"...........,.........@.............................p.......)....`.....................................................P....P..P.......\|........)...`..L...@...........................(...`................@...............................text...\!.......".................. ..`.rdata.......@.......&..............@..@.data...4...........................@....pdata..\|...........................@..@.gfids.......0......................@..@.tls.........@......................@....rsrc...P....P......................@..@.reloc..L....`......................@..B................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-UT7AG.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1123424
Entropy (8bit):	6.8590789183904795
Encrypted:	false
SSDEEP:	24576:9aP+O7H+M/0w2aGulCw87cZsAmMegOAt3ck:9aPb+M/bpwimMegB3D
MD5:	D47D64E3EEAA388E4E944AF226756CF6
SHA1:	F6A04D0B1C152EE0F7F5022C2405525286FE2F41
SHA-256:	1DD842549904842BD3F72A8F3DDFB96E3674F1826265EB0627271143E9C4B1EB
SHA-512:	0644C14AECD835FA05195B25262366818FF053D0210E74727CE83E7DBC6ECD5DC2F6F466A38C9498122B544A5B4252495F2F9E762094DA144FAEEB4ABDED3091
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$......................... ............3.......1...0....0.....3....0................3....3....3.3....[...3....Rich..........................PE..L......`...........!................~4....... ...............................P............@.............................8...............................`..............8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...x........x..................@....rsrc................R..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-V5IV6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	260528
Entropy (8bit):	6.697233046928663
Encrypted:	false
SSDEEP:	3072:nD+1kCmZf1p43zi/wFOVoO0bSiZOkfGwLHpB2L0tjb1vpoLBl9Ag0Fubr4Vsk8TY:nD+1BmVui/Q8oeaHX2Atp+AO4i1Tnp+f
MD5:	862CA43FD8CCEA3E00A41E177CAA957B
SHA1:	8888EBBFCC1462A4F253217DB1A112AF2699F6E2
SHA-256:	BB2F0854892FAE554C6C999FAD1DDDD53A8204FFBE4AC9103001D5E2DE106AFD
SHA-512:	02034C39190E7DD8A05E44AC2E394C7E298C5BD509B01C862A8ABDF7B09826C9163DA672CE914CD990B257770B66BDA40113CCD06908169B6CE13A9A985BFEC9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f..]".y.".y.".y..Y....y..Y....y..Y..?.y...z.5.y...\|...y...}...y.+...+.y.".x.T.y...p.!.y...y.#.y.....#.y."...#.y...{.#.y.Rich".y.........................PE..L.....ab...........!.........>.......................................................}....@.............................h.......P.......8................).......&..@t..............................`t..@...............l............................text............................... ..`.rdata..p...........................@..@.data...............................@....gfids..P...........................@..@.rsrc...8...........................@..@.reloc...&.......(..................@..B........................................................................................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\is-VDVIU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2488752
Entropy (8bit):	7.467597033816071
Encrypted:	false
SSDEEP:	49152:E4ZRwT9AdAyECT11/3AOaPb+M/bpwimMegB3Dhv:xfwT9AdAydrfxaPb+M/1rZbhv
MD5:	FEDE08587BCE8D2931BAECC55BF2D0C1
SHA1:	F0E9A18993E3B19A94DE40A2CE77F991E9CAAC55
SHA-256:	9508EEBBDBAE1FC2EB6A4D3D3CF7E12B4EA2CC05DF7F7219B259D5AFC2A7C8CC
SHA-512:	382513CD2BB09EC9DE8A4D5B3E8BE55B8C6C0563754B5888C7EE4D443982B9B15C64A6F7A2565313E0F198B79E193842D8E79F710733DA18092C9EF2C262A9DC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$......................... ............3.......1...0....0.....3....0................3....3....3.3....[...3....Rich..........................PE..L......`...........!................QG!...... ...............................P:.....2.&...@...........................!.5....g.......@:...............%..)....9..S..0.9.8....................:(.$...X.(.@............0!.\|............................text............................... ..`.rdata....... ......................@..@.data...x...........................@....vmp0...............................`....vmp1..... ..0.... .................`....reloc...S....9..T...p%.............@..@.rsrc........@:.......%.............@..@................................................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	InnoSetup Log Letasoft Sound Booster {6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}, version 0x418, 19535 bytes, 965969\37\user\376, C:\Program Files (x86)\Letasoft Sound Boos
Category:	dropped
Size (bytes):	19535
Entropy (8bit):	4.171403780737048
Encrypted:	false
SSDEEP:	384:Y5+hkMI/MQeOB/1MZbqcwbPIx0pX8gg6lDekH3:YQfI/pey+bhwbhj
MD5:	39009047ADEFE68323DE6F7ADD450880
SHA1:	F09AC14AED574C6EEEE946E78B790A8CBCC74F09
SHA-256:	49F52F30EF4591F0313DCD66570B7959D0291BAA274605CBDEE15DBCE41B1D86
SHA-512:	04332BA0A0948701845251C24855227C2129A38666117C4EF30357342ABC7224A34E9F23FB5C4065D05C55439BF70E318BE8C18515F1642F6DF59BCF390C8375
Malicious:	false
Preview:	Inno Setup Uninstall Log (b)....................................{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}..........................................................................................Letasoft Sound Booster..............................................................................................................:...OL..%...............................................................................................................:..........1..................9.6.5.9.6.9......j.o.n.e.s......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.e.t.a.s.o.f.t. .S.o.u.n.d. .B.o.o.s.t.e.r....................... ......+.......IFPS....#...(...........................................................................................................................................................BOOLEAN..................................................TWINDOWSVERSION..........................(................TEXECWAIT.........TSETUPSTEP.........TUNINSTALLSTEP.................!MAIN....-1....

C:\Program Files (x86)\Letasoft Sound Booster\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1481648
Entropy (8bit):	6.478030464508085
Encrypted:	false
SSDEEP:	24576:9tdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt52ZTx9MjiQ:zqTytRFk6ek12fI
MD5:	A5E43FF07BF378503CF45D6EE7778021
SHA1:	EF988979192938D07C4DD146FB749ED32C8F5568
SHA-256:	48CC8C44E665CC3A24A1EF0807BCD87BDCC0AD9FF179C8D5C96924EBA48888F2
SHA-512:	E039F2834F9ADA5BF4E0F6EA0C94C9213C433785B99D31B2C288EA29732672A60D9F213FFB4CF47403BB696E19884F18840F1C00ED3861EA7D0FE0E6028126B5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W.....................t......l........ ....@..........................@............@......@..............................@8...0...............r...)................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc........0.......l..............@..@....................................@..@........................................................................................................................................

C:\Program Files (x86)\Letasoft Sound Booster\unins000.msg

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	InnoSetup messages, version 5.5.3, 221 messages (UTF-16), &About Setup...
Category:	dropped
Size (bytes):	22709
Entropy (8bit):	3.2704486925356004
Encrypted:	false
SSDEEP:	192:Q41EjXgkg3Sqf8sfr69FT0AKanzLYfMa1tzvL7Vzo+Fc51USQDztXfbKJUfvo:Q41Elvqf9r6fKVfMmRo+y1USQDztP3o
MD5:	79173DA528082489A43F39CF200A7647
SHA1:	AA253B477CE2BF9D886D07694CD5DDB7C7FE9EEC
SHA-256:	4F36E6BE09CD12E825C2A12AB33544744E7256C9094D7149258EA926705E8FFD
SHA-512:	C46EB9DD3D03A993FDC4F65AE2751ECFDCB1FB6E1FB69A119105FD40290CE5EC4427B04F813EED47415390689943D05B5432D4571B1ACA0CE37EE52391790D18
Malicious:	false
Preview:	Inno Setup Messages (5.5.3) (u).....................................hX..........&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s... .A.f.

C:\ProgramData\DIBsection\20986331705021ca58edc424.96250074

Download File

Process:	C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe
File Type:	data
Category:	dropped
Size (bytes):	51
Entropy (8bit):	4.391974971210587
Encrypted:	false
SSDEEP:	3:Qp9lrjP5LnJllllCbN:Y9ln5LnwJ
MD5:	CCEF2C4D1C5615305D81C8FB68655165
SHA1:	2B61831C8C244291B6E8DEC397FEF4B37FE9B01F
SHA-256:	B7596AF0DB7ECC123D3115ECC8A4362E8E588EAC8FE279B343594B59777FC9C1
SHA-512:	F7052FF19B4B79EF67A9DC4F2DE8ECDC0436141FED3081D98632321C4126A59ADEAF342691972D70A0BDDA0E700447634C5F9044EE86485CC049B8B9F61E1E9A
Malicious:	false
Preview:	TATFV1.........A.2."r2..................!........

C:\ProgramData\Letasoft\Sound Booster\Logs\Setup Log 2024-04-25 #001.txt.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	11789
Entropy (8bit):	5.04180614171052
Encrypted:	false
SSDEEP:	96:kPoo04uStArwTzOigT6AKPGs3CkfTHvHtqDTtttVlC:q3uYtTzOig+AKPGpMSRttVlC
MD5:	7DB4DA641FB9C75071C7414CA1D36951
SHA1:	1B1456D17887D5ADDF95CD5614758671AD1FE2D3
SHA-256:	CC5F4197A9AB554640B94703C1B52D8072BE2C034C8DC1A43D9D86C1D8F7BD29
SHA-512:	20F98622BEA5127216F4F91B46F1079D3E883C2C5D4DB7CE322687D491494A8739E3F47BF0146BF53F6A8DC8F5ECFC4D878E806DBB358FFDEA3C95CD2B94EB31
Malicious:	false
Preview:	.2024-04-25 21:28:53.077 Log opened. (Time zone: UTC+02:00)..2024-04-25 21:28:53.077 Setup version: Inno Setup version 5.5.9 (u)..2024-04-25 21:28:53.077 Original Setup EXE: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe..2024-04-25 21:28:53.077 Setup command line: /SL5="$20446,6484768,412160,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe" ..2024-04-25 21:28:53.077 Windows version: 10.0.19045 (NT platform: Yes)..2024-04-25 21:28:53.077 64-bit Windows: Yes..2024-04-25 21:28:53.077 Processor architecture: x64..2024-04-25 21:28:53.077 User privileges: Administrative..2024-04-25 21:28:53.140 64-bit install mode: No..2024-04-25 21:28:57.296 Created temporary directory: C:\Users\user\AppData\Local\Temp\is-RARHB.tmp..2024-04-25 21:29:28.687 Starting the installation process...2024-04-25 21:29:28.702 Creating directory: C:\Program Files (x86)\Letasoft Sound Booster..2024-04-25 21:29:28.702 Creating director

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Letasoft Sound Booster\Diagnostics Report Creator.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Thu Apr 25 18:29:30 2024, mtime=Thu Apr 25 18:29:30 2024, atime=Thu Apr 21 12:35:52 2022, length=203184, window=hide
Category:	dropped
Size (bytes):	1363
Entropy (8bit):	4.645385723676603
Encrypted:	false
SSDEEP:	24:8gPEXdOEPf208RloUAoedvO4lQdvGUU0bTzPUqyFm:8gsXdOkfgRl8oednlQdnbhyF
MD5:	8B1C8983F34C4EFBC62192CEE554A1C1
SHA1:	67DFE43C75AE0A87F1030316EAE16D4F6CF409AB
SHA-256:	44C67C26518106A4943AA307ABE7B846250227D770394AB12A175D92F68F83EB
SHA-512:	B76E13758DB1F84D04A170FFF6013CABD55B84529036C5CADFBD4F8E5C7C60C0524ECE806ACD8A8ED0629ED4C5B79F333867806595DCBAFDCF53EFB6AC8A82AB
Malicious:	false
Preview:	L..................F.... ...9...F...k...F....,...U...............................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....y...P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....v.1......X....LETASO~1..^......X...X............................@ .L.e.t.a.s.o.f.t. .S.o.u.n.d. .B.o.o.s.t.e.r.....~.2......Tzl .SOUNDB~2.EXE..b......X...X......?.........................S.o.u.n.d.B.o.o.s.t.e.r.T.a.s.k.H.o.s.t...e.x.e.......u...............-.......t...................C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe..U.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.e.t.a.s.o.f.t. .S.o.u.n.d. .B.o.o.s.t.e.r.\.S.o.u.n.d.B.o.o.s.t.e.r.T.a.s.k.H.o.s.t...e.x.e.-.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.e.t.a.s.o.f.t. .S.o.u.n.d. .B.o.o.s.t.e.r...-.C.r.e.a.t.e.R.e.p.o.r.t.........*................@Z\|...K.J.........`.......X.......965969....

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Letasoft Sound Booster\Letasoft Sound Booster.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Apr 25 18:29:28 2024, mtime=Thu Apr 25 18:29:29 2024, atime=Thu Apr 21 12:35:32 2022, length=2809776, window=hide
Category:	dropped
Size (bytes):	1295
Entropy (8bit):	4.655732613724393
Encrypted:	false
SSDEEP:	24:8mk2SxMHEl0dOEPf202q4KfxJl3UAgwMdvO4lddvAUU0bzzPUqyFm:8mkdx1l0dOkfsWxJl3jgwMdnldddbhyF
MD5:	84321B17AEA9560FAC3F69FD7AD3C051
SHA1:	28C79596B52D4AD02F1604E0494A54F36949CC74
SHA-256:	6D23C5D805E2DDD792F60FF56390D744C9CDAD1C4841D8C90ECC4FB767E5DC64
SHA-512:	4210DF2C4D8CEDC2FFB2AAB53B75C90B2EDB4F71DDB8CF5CCBBE754CB61900EBBD5EB96AD64019A442CCC52DAA0E7DB6B92464DA3D68B3682DD1E9827D1A5B5D
Malicious:	false
Preview:	L..................F.... .......F.......F....j+..U..............................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....v9..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....v.1......X....LETASO~1..^......X...X............................@ .L.e.t.a.s.o.f.t. .S.o.u.n.d. .B.o.o.s.t.e.r.....n.2.....Tpl .SOUNDB~1.EXE..R......X...X......y.........................S.o.u.n.d.B.o.o.s.t.e.r...e.x.e.......m...............-.......l...................C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe..M.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.e.t.a.s.o.f.t. .S.o.u.n.d. .B.o.o.s.t.e.r.\.S.o.u.n.d.B.o.o.s.t.e.r...e.x.e.-.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.e.t.a.s.o.f.t. .S.o.u.n.d. .B.o.o.s.t.e.r.........*................@Z\|...K.J.........`.......X.......965969...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,....

C:\Users\Public\Desktop\Letasoft Sound Booster.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Apr 25 18:29:28 2024, mtime=Thu Apr 25 18:29:30 2024, atime=Thu Apr 21 12:35:32 2022, length=2809776, window=hide
Category:	dropped
Size (bytes):	1198
Entropy (8bit):	4.672478715620797
Encrypted:	false
SSDEEP:	24:8mkYxPEXdOEPf202q4KfxJl3UAgcdvO4lddvAUU0bPqyFm:8mkYxsXdOkfsWxJl3jgcdnldddayF
MD5:	30E2D9D4B0B3E028A69C5290F0E23747
SHA1:	04FF77F018A43019F7FE55EE0771592A2C62D791
SHA-256:	0235B9CAD44089C6BB4EA2380359619D64E4BE3BA4F9D76547CB5252433ADB02
SHA-512:	31021586EE6472EEFEEFC436A425731A2E263489F81545F6EC7FAE73CF95BDD26614E3DE20C24401903FEB69218B6944244733823B1D27F43A5FCD57699E97A5
Malicious:	false
Preview:	L..................F.... .......F......F....j+..U..............................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....y...P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....v.1......X....LETASO~1..^......X...X............................@ .L.e.t.a.s.o.f.t. .S.o.u.n.d. .B.o.o.s.t.e.r.....n.2.....Tpl .SOUNDB~1.EXE..R......X...X......y.........................S.o.u.n.d.B.o.o.s.t.e.r...e.x.e.......m...............-.......l...................C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe..D.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.e.t.a.s.o.f.t. .S.o.u.n.d. .B.o.o.s.t.e.r.\.S.o.u.n.d.B.o.o.s.t.e.r...e.x.e.-.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.e.t.a.s.o.f.t. .S.o.u.n.d. .B.o.o.s.t.e.r.........................@Z\|...K.J.........`.......X.......965969...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,..................1SPS

C:\Users\user\AppData\Local\Temp\Setup Log 2024-04-25 #001.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	11949
Entropy (8bit):	5.04220027258965
Encrypted:	false
SSDEEP:	96:kPoo04uStArwTzOigT6AKPGs3CkfTHvHtqDTtttVl3:q3uYtTzOig+AKPGpMSRttVl3
MD5:	1309B2F7FE6DADB906F93F704689CFE0
SHA1:	6A26BF37D322C5FE7350D77ECC075EC317E82E8C
SHA-256:	6EC16578B5B61A318788AF75FE64F2A1C81ADD0A77B1868F375F2BB17FA83145
SHA-512:	2D6F9E90A51A4C8E833C932A7C45F42108DFB161AB05EA80E53D2D63D509828B7288AD23535D2B8FAED9B72BAD86F93E15170D7D851BFF546C71286624CCF801
Malicious:	false
Preview:	.2024-04-25 21:28:53.077 Log opened. (Time zone: UTC+02:00)..2024-04-25 21:28:53.077 Setup version: Inno Setup version 5.5.9 (u)..2024-04-25 21:28:53.077 Original Setup EXE: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe..2024-04-25 21:28:53.077 Setup command line: /SL5="$20446,6484768,412160,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe" ..2024-04-25 21:28:53.077 Windows version: 10.0.19045 (NT platform: Yes)..2024-04-25 21:28:53.077 64-bit Windows: Yes..2024-04-25 21:28:53.077 Processor architecture: x64..2024-04-25 21:28:53.077 User privileges: Administrative..2024-04-25 21:28:53.140 64-bit install mode: No..2024-04-25 21:28:57.296 Created temporary directory: C:\Users\user\AppData\Local\Temp\is-RARHB.tmp..2024-04-25 21:29:28.687 Starting the installation process...2024-04-25 21:29:28.702 Creating directory: C:\Program Files (x86)\Letasoft Sound Booster..2024-04-25 21:29:28.702 Creating director

C:\Users\user\AppData\Local\Temp\is-RARHB.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.720366600008286
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
MD5:	E4211D6D009757C078A9FAC7FF4F03D4
SHA1:	019CD56BA687D39D12D4B13991C9A42EA6BA03DA
SHA-256:	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
SHA-512:	17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1481648
Entropy (8bit):	6.478030464508085
Encrypted:	false
SSDEEP:	24576:9tdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt52ZTx9MjiQ:zqTytRFk6ek12fI
MD5:	A5E43FF07BF378503CF45D6EE7778021
SHA1:	EF988979192938D07C4DD146FB749ED32C8F5568
SHA-256:	48CC8C44E665CC3A24A1EF0807BCD87BDCC0AD9FF179C8D5C96924EBA48888F2
SHA-512:	E039F2834F9ADA5BF4E0F6EA0C94C9213C433785B99D31B2C288EA29732672A60D9F213FFB4CF47403BB696E19884F18840F1C00ED3861EA7D0FE0E6028126B5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W.....................t......l........ ....@..........................@............@......@..............................@8...0...............r...)................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc........0.......l..............@..@....................................@..@........................................................................................................................................

\Device\ConDrv

Download File

Process:	C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	77
Entropy (8bit):	4.600803749298878
Encrypted:	false
SSDEEP:	3:PvKhKQLzkCBQSOA4jFRXphS:XKh/xmi4xhS
MD5:	27E6313C935435E1E1F63069A5903425
SHA1:	FCDCECA938CF429CC0128D797BA1792E58F32DD2
SHA-256:	AE237E9123CA5C39646C34B4F313B2301A591D68D1AD12EF11777868B2BB12B0
SHA-512:	FE73609B8494C91BEE50757E93F346865152C94624D38A255996A23DEAE642AE88FD5A245C11F3C24AF63660E82610B20D4E1198D8FFC38F8C74A6A709966DAC
Malicious:	false
Preview:	Activating Sound Booster...Product key=..Starting trial SUCCEEDED..Succeded..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.97089666067935
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe
File size:	6'973'352 bytes
MD5:	99aa185a295411f72303fa9b7a497795
SHA1:	04cbab9197165b1648ef6fcbf0d1b60d2e0f7a95
SHA256:	4c00a2f66bb1d2470b17ef277f5f12a90ff2fc86a258cb82bf294835b87d4e02
SHA512:	91e885c217a4753cbc115ce0f2d8fed11092e7562f2a4ac790ccf973ccde46792af5b42315416f0878bbc5e5c2b107c315881a10c8024d2a9ffd59dbfbc7e90f
SSDEEP:	196608:ROn0dc1+6+wfqsXYJyHXDGzETzV4L2amU:Q0i1P+wFIJIDGoTJ4L2ax
TLSH:	DA663352B97659BAD9E4323C0F1598873F31B094B0E0111A2CFBEA2D797CE734876D1A
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	2d96236d6933172b

Static PE Info

General

Entrypoint:	0x4117dc
Entrypoint Section:	.itext
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x57051F88 [Wed Apr 6 14:39:04 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	20dd26497880c05caed9305b3c8b9109

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	31/03/2022 09:01:32 30/03/2025 09:01:31
Subject Chain	CN=Letasoft LLC, O=Letasoft LLC, L=Coquitlam, S=British Columbia, C=CA
Version:	3
Thumbprint MD5:	7E0864E1AE3B26A7D225D1A4427A6AA6
Thumbprint SHA-1:	467C00B2DDD6EBDB910E2DAE8E57679B5BBD4A37
Thumbprint SHA-256:	10C2300CB5FA99605BAE929FBF864EC57BF9A7833938DD6011B4C1C1A4D26DF9
Serial:	7511BA1253CEF0A567F3DF301B633E8C

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFA4h
push ebx
push esi
push edi
xor eax, eax
mov dword ptr [ebp-3Ch], eax
mov dword ptr [ebp-40h], eax
mov dword ptr [ebp-5Ch], eax
mov dword ptr [ebp-30h], eax
mov dword ptr [ebp-38h], eax
mov dword ptr [ebp-34h], eax
mov dword ptr [ebp-2Ch], eax
mov dword ptr [ebp-28h], eax
mov dword ptr [ebp-14h], eax
mov eax, 00410144h
call 00007F6AED8E723Dh
xor eax, eax
push ebp
push 00411EBEh
push dword ptr fs:[eax]
mov dword ptr fs:[eax], esp
xor edx, edx
push ebp
push 00411E7Ah
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
mov eax, dword ptr [00415B48h]
call 00007F6AED8EF983h
call 00007F6AED8EF4D2h
cmp byte ptr [00412ADCh], 00000000h
je 00007F6AED8F247Eh
call 00007F6AED8EFA98h
xor eax, eax
call 00007F6AED8E52D5h
lea edx, dword ptr [ebp-14h]
xor eax, eax
call 00007F6AED8EC51Bh
mov edx, dword ptr [ebp-14h]
mov eax, 00418658h
call 00007F6AED8E58AAh
push 00000002h
push 00000000h
push 00000001h
mov ecx, dword ptr [00418658h]
mov dl, 01h
mov eax, dword ptr [0040C04Ch]
call 00007F6AED8ECE32h
mov dword ptr [0041865Ch], eax
xor edx, edx
push ebp
push 00411E26h
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
call 00007F6AED8EF9F6h
mov dword ptr [00418664h], eax
mov eax, dword ptr [00418664h]
cmp dword ptr [eax+0Ch], 01h
jne 00007F6AED8F24BAh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x19000	0xe04	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1c000	0x521e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x6a3df8	0x29b0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x1b000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x19304	0x214	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xf244	0xf400	a33e9ff7181115027d121cd377c28c8f	False	0.5481717469262295	data	6.3752135040515485	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0x11000	0xf64	0x1000	caec456c18277b579a94c9508daf36ec	False	0.55859375	data	5.732200666157372	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x12000	0xc88	0xe00	746954890499546d73dce0e994642192	False	0.2533482142857143	data	2.2967209087898324	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x13000	0x56bc	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x19000	0xe04	0x1000	e9b9c0328fd9628ad4d6ab8283dcb20e	False	0.321533203125	data	4.597812557707959	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x1a000	0x8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x1b000	0x18	0x200	3dffc444ccc131c9dcee18db49ee6403	False	0.05078125	data	0.2044881574398449	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1c000	0x521e0	0x52200	998a3467ecaf55180287a4c07defb923	False	0.2805424752663623	data	5.849082028376391	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x1c53c	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	English	United States	0.4792682926829268
RT_ICON	0x1cba4	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States	0.5887096774193549
RT_ICON	0x1ce8c	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	United States	0.6081081081081081
RT_ICON	0x1cfb4	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.6273987206823027
RT_ICON	0x1de5c	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.6340252707581228
RT_ICON	0x1e704	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.4111271676300578
RT_ICON	0x1ec6c	0x42028	Device independent bitmap graphic, 256 x 512 x 32, image size 270336	English	United States	0.26884782673018315
RT_ICON	0x60c94	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.5533195020746888
RT_ICON	0x6323c	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.6625234521575984
RT_ICON	0x642e4	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.7863475177304965
RT_STRING	0x6474c	0x68	data			0.6538461538461539
RT_STRING	0x647b4	0xd4	data			0.5283018867924528
RT_STRING	0x64888	0xa4	data			0.6524390243902439
RT_STRING	0x6492c	0x2ac	data			0.45614035087719296
RT_STRING	0x64bd8	0x34c	data			0.4218009478672986
RT_STRING	0x64f24	0x294	data			0.4106060606060606
RT_RCDATA	0x651b8	0x82e8	data	English	United States	0.11261637622344235
RT_RCDATA	0x6d4a0	0x10	data			1.5
RT_RCDATA	0x6d4b0	0x150	data			0.8392857142857143
RT_RCDATA	0x6d600	0x2c	data			1.2045454545454546
RT_GROUP_ICON	0x6d62c	0x92	data	English	United States	0.6301369863013698
RT_VERSION	0x6d6c0	0x4f4	data	English	United States	0.29337539432176657
RT_MANIFEST	0x6dbb4	0x62c	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.4240506329113924

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey
user32.dll	GetKeyboardType, LoadStringW, MessageBoxA, CharNextW
kernel32.dll	GetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
user32.dll	CreateWindowExW, TranslateMessage, SetWindowLongW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, ExitWindowsEx, DispatchMessageW, DestroyWindow, CharUpperBuffW, CallWindowProcW
kernel32.dll	WriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SizeofResource, SignalObjectAndWait, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, MultiByteToWideChar, LockResource, LoadResource, LoadLibraryW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetThreadLocale, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeProcess, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetCurrentProcess, GetCommandLineW, GetCPInfo, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, EnumCalendarInfoW, DeleteFileW, CreateProcessW, CreateFileW, CreateEventW, CreateDirectoryW, CloseHandle
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW
comctl32.dll	InitCommonControls
kernel32.dll	Sleep
advapi32.dll	AdjustTokenPrivileges

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	21:28:52
Start date:	25/04/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe"
Imagebase:	0x400000
File size:	6'973'352 bytes
MD5 hash:	99AA185A295411F72303FA9B7A497795
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	21:28:52
Start date:	25/04/2024
Path:	C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp" /SL5="$20446,6484768,412160,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe"
Imagebase:	0x400000
File size:	1'481'648 bytes
MD5 hash:	A5E43FF07BF378503CF45D6EE7778021
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 4%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	21:29:30
Start date:	25/04/2024
Path:	C:\Users\user\AppData\Local\Temp\is-RARHB.tmp\_isetup\_setup64.tmp
Wow64 process (32bit):	false
Commandline:	helper 105 0x544
Imagebase:	0x140000000
File size:	6'144 bytes
MD5 hash:	E4211D6D009757C078A9FAC7FF4F03D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	21:29:30
Start date:	25/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	21:29:30
Start date:	25/04/2024
Path:	C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe" -InstallAPO
Imagebase:	0xbe0000
File size:	203'184 bytes
MD5 hash:	674B5BE99C119416895FED6B4B54CD85
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	21:29:30
Start date:	25/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	21:29:30
Start date:	25/04/2024
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"
Imagebase:	0x850000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	21:29:30
Start date:	25/04/2024
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	/s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"
Imagebase:	0x7ff60b000000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	21:29:32
Start date:	25/04/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	21:29:33
Start date:	25/04/2024
Path:	C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe" -install
Imagebase:	0x420000
File size:	152'496 bytes
MD5 hash:	E45BFFA942994D7921E37BCAA900740F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	21:29:33
Start date:	25/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	21:29:33
Start date:	25/04/2024
Path:	C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe" -Activate
Imagebase:	0xbe0000
File size:	203'184 bytes
MD5 hash:	674B5BE99C119416895FED6B4B54CD85
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	21:29:33
Start date:	25/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	21:29:39
Start date:	25/04/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	56.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	33.3%
Total number of Nodes:	33
Total number of Limit Nodes:	5

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 0000000140001000 Relevance: 12.1, APIs: 8, Instructions: 120
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNamedSecurityInfoW.ADVAPI32 ref: 0000000140001079
AllocateAndInitializeSid.ADVAPI32 ref: 00000001400010DE
SetEntriesInAclW.ADVAPI32 ref: 0000000140001131
SetNamedSecurityInfoW.ADVAPI32 ref: 000000014000115F
LocalFree.KERNEL32 ref: 000000014000116C
FreeSid.ADVAPI32 ref: 0000000140001187
LocalFree.KERNEL32 ref: 000000014000119C
GetLastError.KERNEL32 ref: 00000001400011C5

Memory Dump Source

Source File: 00000005.00000002.2060162722.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000005.00000002.2060146441.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2060180764.0000000140002000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2060202151.0000000140025000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_140000000__setup64.jbxd

Similarity

API ID: Free$InfoLocalNamedSecurity$AllocateEntriesErrorInitializeLast
String ID:
API String ID: 1336570144-0
Opcode ID: b35f34b64a9d6aa6b81e16b13b2f1c0d38c8c3b1546899b34faa1a97c6582e21
Instruction ID: 9ad65f9ffd8baecdb197e09b536dbb51b96e9a581e15e5332d3d6b3fb358d4f4
Opcode Fuzzy Hash: b35f34b64a9d6aa6b81e16b13b2f1c0d38c8c3b1546899b34faa1a97c6582e21
Instruction Fuzzy Hash: A35147B2614B8186E765CF12F88078EB7E6F7887D4F504425EB8943B64DF38D9A5CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400012A4 Relevance: 25.6, APIs: 17, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#17.COMCTL32(?,?,?,?,?,?,00000001400014E9), ref: 00000001400012AF
SetErrorMode.KERNELBASE(?,?,?,?,?,?,00000001400014E9), ref: 00000001400012BA
GetSystemDirectoryW.KERNEL32 ref: 00000001400012CC
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001400014E9), ref: 00000001400012D9
SetProcessShutdownParameters.KERNEL32(?,?,?,?,?,?,00000001400014E9), ref: 00000001400012E6
SetConsoleCtrlHandler.KERNEL32(?,?,?,?,?,?,00000001400014E9), ref: 00000001400012F5
GetCommandLineW.KERNEL32(?,?,?,?,?,?,00000001400014E9), ref: 00000001400012FB
CommandLineToArgvW.SHELL32(?,?,?,?,?,?,00000001400014E9), ref: 0000000140001309
GetLastError.KERNEL32(?,?,?,?,?,?,00000001400014E9), ref: 0000000140001317
CloseHandle.KERNEL32 ref: 00000001400014AD
GetLastError.KERNEL32 ref: 00000001400014C5

Memory Dump Source

Source File: 00000005.00000002.2060162722.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000005.00000002.2060146441.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2060180764.0000000140002000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2060202151.0000000140025000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_140000000__setup64.jbxd

Similarity

API ID: Error$CommandDirectoryLastLine$ArgvCloseConsoleCtrlCurrentHandleHandlerModeParametersProcessShutdownSystem
String ID:
API String ID: 1351133944-0
Opcode ID: 9d6e473d000c958ab654ea6524e99b93636dd2550909cc2fdf2d0baeb0bae34d
Instruction ID: bed22989135500286ff082a5b8534ee6a98307118f748591786f601728a80f93
Opcode Fuzzy Hash: 9d6e473d000c958ab654ea6524e99b93636dd2550909cc2fdf2d0baeb0bae34d
Instruction Fuzzy Hash: 435106B160464686EB13DF27F8843E963A1F78C7C5F904125FB4A476B5CB3C8989CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400014E0 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400012A4: #17.COMCTL32(?,?,?,?,?,?,00000001400014E9), ref: 00000001400012AF
Part of subcall function 00000001400012A4: SetErrorMode.KERNELBASE(?,?,?,?,?,?,00000001400014E9), ref: 00000001400012BA
Part of subcall function 00000001400012A4: GetSystemDirectoryW.KERNEL32 ref: 00000001400012CC
Part of subcall function 00000001400012A4: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001400014E9), ref: 00000001400012D9
Part of subcall function 00000001400012A4: SetProcessShutdownParameters.KERNEL32(?,?,?,?,?,?,00000001400014E9), ref: 00000001400012E6
Part of subcall function 00000001400012A4: SetConsoleCtrlHandler.KERNEL32(?,?,?,?,?,?,00000001400014E9), ref: 00000001400012F5
Part of subcall function 00000001400012A4: GetCommandLineW.KERNEL32(?,?,?,?,?,?,00000001400014E9), ref: 00000001400012FB
Part of subcall function 00000001400012A4: CommandLineToArgvW.SHELL32(?,?,?,?,?,?,00000001400014E9), ref: 0000000140001309
Part of subcall function 00000001400012A4: GetLastError.KERNEL32(?,?,?,?,?,?,00000001400014E9), ref: 0000000140001317

ExitProcess.KERNEL32 ref: 00000001400014EB

Memory Dump Source

Source File: 00000005.00000002.2060162722.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000005.00000002.2060146441.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2060180764.0000000140002000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000005.00000002.2060202151.0000000140025000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_140000000__setup64.jbxd

Similarity

API ID: CommandDirectoryErrorLineProcess$ArgvConsoleCtrlCurrentExitHandlerLastModeParametersShutdownSystem
String ID:
API String ID: 596749235-0
Opcode ID: d409c78e300c7577bde50c236e3745e62975251c616abf16af35a2c2feadab5b
Instruction ID: 20a652f16b87ba7830b4ae42eb4563c7e1ed9e0c7b0ce7c62722bbd31286e835
Opcode Fuzzy Hash: d409c78e300c7577bde50c236e3745e62975251c616abf16af35a2c2feadab5b
Instruction Fuzzy Hash: CEA001B0E2168282EA0ABBB6695A3D911626FD8781F540414A242872A2DD7884698612

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: SoundBoosterTaskHost.exePID: 5596, Parent PID: 6208COMMON

Execution Graph

Execution Coverage:	4.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.1%
Total number of Nodes:	1464
Total number of Limit Nodes:	32

Executed Functions

Function 00BE20D3 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 56
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 00BE20DA

Part of subcall function 00BE222C: _wcslen.LIBCMT ref: 00BE223F

Part of subcall function 00BE2573: __EH_prolog3.LIBCMT ref: 00BE257A

LoadLibraryW.KERNELBASE(?,?,?,?,?,?,.dll,?,?,?,?,?,00000034), ref: 00BE2137
GetProcAddress.KERNEL32(00000000,CreateApoControl), ref: 00BE214A
FreeLibrary.KERNEL32(00000001,?,?,?,?,?,.dll,?,?,?,?,?,00000034), ref: 00BE215F

Strings

CreateApoControl, xrefs: 00BE2144
ApoControl, xrefs: 00BE2119
.dll, xrefs: 00BE20FE

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Library$AddressFreeH_prolog3H_prolog3_LoadProc_wcslen
String ID: .dll$ApoControl$CreateApoControl
API String ID: 3857411221-1396397024
Opcode ID: b68460ea561068397dab16c41fb2d8ddc898c2fa4749cbf80d272d1c8884d124
Instruction ID: e8c6be94819f46d6a8f33d33722636231a06267702b761561357cdca7713ba39
Opcode Fuzzy Hash: b68460ea561068397dab16c41fb2d8ddc898c2fa4749cbf80d272d1c8884d124
Instruction Fuzzy Hash: F7113D70900384DECF10EFA6CD05B9EBBF8EF54710F504459E545B3290DB709A45CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00BE1EE8 Relevance: 6.1, APIs: 4, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NetWkstaGetInfo.NETAPI32(00000000,00000064,?), ref: 00BE1F1E
NetApiBufferFree.NETAPI32(?), ref: 00BE1F44
GetVersionExW.KERNEL32(?), ref: 00BE1F78
GetVersionExW.KERNEL32(?), ref: 00BE1F8F

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Version$BufferFreeInfoWksta
String ID:
API String ID: 4063530079-0
Opcode ID: 1c68efa8e490afd26f6f50babc33764aae8fc754408896fa8c96b71aa7da530a
Instruction ID: dac995bccf9325613a8f50ab6ea1cf039f8f4ffe1d3f3b8f5dd758f76ca8a083
Opcode Fuzzy Hash: 1c68efa8e490afd26f6f50babc33764aae8fc754408896fa8c96b71aa7da530a
Instruction Fuzzy Hash: C9218CB4A012199BDB24DF29DC41BE9B7F8FB5C300F1045EAA889A3340DB309D548FD0

Uniqueness

Uniqueness Score: -1.00%

Function 00BF3D31 Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(00000000,?,00BF3D07,00000000,00C0C2C0,0000000C,00BF3E1A,00000000,00000002,00000000), ref: 00BF3D52
TerminateProcess.KERNEL32(00000000,?,00BF3D07,00000000,00C0C2C0,0000000C,00BF3E1A,00000000,00000002,00000000), ref: 00BF3D59
ExitProcess.KERNEL32 ref: 00BF3D6B

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 50950a4a2c54450bf5aae19eecc30753cb79a0102811654875262452b0549029
Instruction ID: 8d7a448c7bb98332c9849402f4f214523e2f71846e7e9466b600031381132ed0
Opcode Fuzzy Hash: 50950a4a2c54450bf5aae19eecc30753cb79a0102811654875262452b0549029
Instruction Fuzzy Hash: B0E09235000588ABCB11AF54DD09B6D7BAEEB45741F014064FA099B132CF35DA46CA90

Uniqueness

Uniqueness Score: -1.00%

Function 00BE2A50 Relevance: 61.8, APIs: 6, Strings: 29, Instructions: 563
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 00BE2A5A

Part of subcall function 00BE1B5F: InitializeCriticalSection.KERNEL32(00C0F5C8,?,00BE3BA4,?), ref: 00BE1BB3
Part of subcall function 00BE1B5F: __Init_thread_footer.LIBCMT ref: 00BE1BC4

EnterCriticalSection.KERNEL32(00000004,00000260), ref: 00BE2A7B
LeaveCriticalSection.KERNEL32(00000004), ref: 00BE2A96
CoInitialize.OLE32(00000000), ref: 00BE2A9D
CoUninitialize.OLE32(00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000001,00000000), ref: 00BE319F

Part of subcall function 00BE39CC: RegOpenKeyExW.KERNELBASE(80000002,SOFTWARE\Letasoft\Sound Booster,00000000,00000101,?), ref: 00BE39ED
Part of subcall function 00BE39CC: RegQueryValueExW.KERNELBASE(?,MLS,00000000,?,?,?), ref: 00BE3A19
Part of subcall function 00BE39CC: RegCloseKey.KERNELBASE(?), ref: 00BE3A34

Part of subcall function 00BE3B16: GetModuleHandleExW.KERNEL32(00000006,00000000,?), ref: 00BE3BA7
Part of subcall function 00BE3B16: GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00BE3BC3
Part of subcall function 00BE3B16: _wcsrchr.LIBVCRUNTIME ref: 00BE3BD6
Part of subcall function 00BE3B16: _wcsrchr.LIBVCRUNTIME ref: 00BE3BEA
Part of subcall function 00BE3B16: LoadLibraryW.KERNELBASE(?), ref: 00BE3C16
Part of subcall function 00BE3B16: GetProcAddress.KERNEL32(00000000,ProvideLogger), ref: 00BE3C29

Part of subcall function 00BE21D5: std::_Deallocate.LIBCONCRT ref: 00BE2205

SetConsoleTitleW.KERNEL32(Diagnostics Report Creator,00000001,00000000,00000001,00000000,00000001,00000000), ref: 00BE2D90

Part of subcall function 00BE17E7: GetCurrentThreadId.KERNEL32 ref: 00BE1863

Strings

Wrong arguments passed, xrefs: 00BE3194
ActivateSoundBooster, xrefs: 00BE2FBD, 00BE2FF3
ApoInstaller.cpp, xrefs: 00BE2AC1, 00BE2B46, 00BE2B52, 00BE2BFA, 00BE2C24, 00BE2CD5, 00BE2D0A, 00BE2DDB, 00BE2E18, 00BE2F05, 00BE2FA2, 00BE2FD8, 00BE3063, 00BE306F, 00BE30E6, 00BE3110, 00BE315B
Wrong arguments passed, xrefs: 00BE3176
DeactivateSoundBooster, xrefs: 00BE30FA, 00BE3125
ApoControlManager::DoUninstall, xrefs: 00BE2CEE, 00BE2D22
-Activate, xrefs: 00BE2E46
Diagnostics Report Creator, xrefs: 00BE2D8B
Deactivating Sound Booster, xrefs: 00BE30A3
Installing APO, xrefs: 00BE2B68
Uninstalling APO, xrefs: 00BE2C70
-UninstallAPO, xrefs: 00BE2C4E
Wrong number of arguments, xrefs: 00BE2ADB
Deactivating Sound Booster, xrefs: 00BE3085
CreateReport, xrefs: 00BE2DF4, 00BE2E31
ApoControlManager::DoInstall, xrefs: 00BE2C0E, 00BE2C39
Activating Sound Booster.Product key=, xrefs: 00BE2F42
Installing APO, xrefs: 00BE2B86
Creating diagnostics report. Please wait., xrefs: 00BE2D96
Activating Sound Booster. Product key=, xrefs: 00BE2F1A
-Deactivate, xrefs: 00BE3039
Failed, xrefs: 00BE2BC4, 00BE2CA8, 00BE2DB7, 00BE2F80, 00BE30C1
FAILED, xrefs: 00BE2D30, 00BE2FFF, 00BE3133
-InstallAPO, xrefs: 00BE2B1C
wmain, xrefs: 00BE2AC8, 00BE2B55, 00BE2BFD, 00BE2C27, 00BE2CDC, 00BE2D11, 00BE2DE2, 00BE2E1F, 00BE2F0C, 00BE2FA9, 00BE2FDF, 00BE3072, 00BE30E9, 00BE3113, 00BE3162
-CreateReport, xrefs: 00BE2D69
SUCCEEDED, xrefs: 00BE2CFC, 00BE2E02, 00BE2FC9
Wrong number of arguments, xrefs: 00BE2AF9
Succeded, xrefs: 00BE2BD2, 00BE2BDA, 00BE2CB5, 00BE2CBD, 00BE2DA8, 00BE2DBF, 00BE2F71, 00BE2F88, 00BE30BC, 00BE30CB

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalSection$InitializeModule_wcsrchr$AddressCloseConsoleCurrentDeallocateEnterFileH_prolog3_HandleInit_thread_footerLeaveLibraryLoadNameOpenProcQueryThreadTitleUninitializeValuestd::_
String ID: FAILED$ SUCCEEDED$-Activate$-CreateReport$-Deactivate$-InstallAPO$-UninstallAPO$ActivateSoundBooster$Activating Sound Booster.Product key=$Activating Sound Booster. Product key=$ApoControlManager::DoInstall$ApoControlManager::DoUninstall$ApoInstaller.cpp$CreateReport$Creating diagnostics report. Please wait.$DeactivateSoundBooster$Deactivating Sound Booster$Deactivating Sound Booster$Diagnostics Report Creator$Failed$Installing APO$Installing APO$Succeded$Uninstalling APO$Wrong arguments passed$Wrong arguments passed$Wrong number of arguments$Wrong number of arguments$wmain
API String ID: 305132156-1221785053
Opcode ID: 3924f917917dee7f8bf86ccf7aea641c98c9814ef877c0f92d7499e996d834c9
Instruction ID: b6ac476d2e34971d3ee6292edcd77d0459f07438da3be530b2f714d1948c35da
Opcode Fuzzy Hash: 3924f917917dee7f8bf86ccf7aea641c98c9814ef877c0f92d7499e996d834c9
Instruction Fuzzy Hash: CE12B370740390ABDB24AB76CC5BFAD73E5AF44B05F1440E8F60A6B1D2DBB09A45CB46

Uniqueness

Uniqueness Score: -1.00%

Function 00BE2871 Relevance: 26.3, APIs: 3, Strings: 12, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00BE287B

Part of subcall function 00BE1DFC: GetCurrentProcess.KERNEL32(00000008,?,00000000,00000000,00000000), ref: 00BE1E1A
Part of subcall function 00BE1DFC: OpenProcessToken.ADVAPI32(00000000), ref: 00BE1E21
Part of subcall function 00BE1DFC: GetLastError.KERNEL32 ref: 00BE1E2B
Part of subcall function 00BE1DFC: FindCloseChangeNotification.KERNELBASE(00000000), ref: 00BE1EB0
Part of subcall function 00BE1DFC: LocalFree.KERNEL32(00000000), ref: 00BE1EBF

_strcat.LIBCMT ref: 00BE28A4
_strcat.LIBCMT ref: 00BE28F4

Strings

High, xrefs: 00BE28D6
ApoInstaller.cpp, xrefs: 00BE290C
Unknown, xrefs: 00BE289E
Untrusted, xrefs: 00BE28EB
System, xrefs: 00BE28CF
Medium, xrefs: 00BE28DD
isElevatedProc=, xrefs: 00BE295D
integrity=, xrefs: 00BE2978
LogProcessInfo, xrefs: 00BE2913
isUserAdmin=, xrefs: 00BE2927
Low, xrefs: 00BE28E4
runAsAdmin=, xrefs: 00BE2942

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Process_strcat$ChangeCloseCurrentErrorFindFreeH_prolog3_catch_LastLocalNotificationOpenToken
String ID: integrity=$ isElevatedProc=$ runAsAdmin=$ApoInstaller.cpp$High$LogProcessInfo$Low$Medium$System$Unknown$Untrusted$isUserAdmin=
API String ID: 2350065001-3084008850
Opcode ID: 0a6dd1f810f9e7f33ed25884a835c1116ec6bcd5d519d7de7ba54d9c6ed74d22
Instruction ID: c8a4eb6c7cb41a93fc2d8fea344cb9f3bc3c2a5f0340910b16ede945ad863039
Opcode Fuzzy Hash: 0a6dd1f810f9e7f33ed25884a835c1116ec6bcd5d519d7de7ba54d9c6ed74d22
Instruction Fuzzy Hash: 7321D835A403A42AEA14B3A64C57FAC23C94F40B04F1044F5F506BB1C2DFB49D44D29B

Uniqueness

Uniqueness Score: -1.00%

Function 00BE1DFC Relevance: 19.6, APIs: 13, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(00000008,?,00000000,00000000,00000000), ref: 00BE1E1A
OpenProcessToken.ADVAPI32(00000000), ref: 00BE1E21
GetLastError.KERNEL32 ref: 00BE1E2B
GetTokenInformation.KERNELBASE(?,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 00BE1E42
GetLastError.KERNEL32 ref: 00BE1E52
GetLastError.KERNEL32 ref: 00BE1E59
FindCloseChangeNotification.KERNELBASE(00000000), ref: 00BE1EB0
LocalFree.KERNEL32(00000000), ref: 00BE1EBF
__CxxThrowException@8.LIBVCRUNTIME ref: 00BE1EE2

Part of subcall function 00BEFC6B: RaiseException.KERNEL32(?,?,?,00BECC03,?,?,?,?,?,?,?,?,00BECC03,?,00C0BFD8), ref: 00BEFCCA

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast$ProcessToken$ChangeCloseCurrentExceptionException@8FindFreeInformationLocalNotificationOpenRaiseThrow
String ID:
API String ID: 1071881940-0
Opcode ID: 9d919c32a25f98ece0b4ef752cf2694f086ed1cedcf12c44340ecd63801c861e
Instruction ID: 06ae7c9228d97f0cc8c0d20845e3f647da5340df3a721c46ed4293cdf7098743
Opcode Fuzzy Hash: 9d919c32a25f98ece0b4ef752cf2694f086ed1cedcf12c44340ecd63801c861e
Instruction Fuzzy Hash: D4314635E01244FBDB21DBA6DC89B9EBBFCEB48755F2145A4FD05A2150D7709E00DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00BE3B16 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 120
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BE1B5F: InitializeCriticalSection.KERNEL32(00C0F5C8,?,00BE3BA4,?), ref: 00BE1BB3
Part of subcall function 00BE1B5F: __Init_thread_footer.LIBCMT ref: 00BE1BC4

GetModuleHandleExW.KERNEL32(00000006,00000000,?), ref: 00BE3BA7
GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00BE3BC3
_wcsrchr.LIBVCRUNTIME ref: 00BE3BD6
_wcsrchr.LIBVCRUNTIME ref: 00BE3BEA
LoadLibraryW.KERNELBASE(?), ref: 00BE3C16
GetProcAddress.KERNEL32(00000000,ProvideLogger), ref: 00BE3C29
FreeLibrary.KERNEL32(00000000), ref: 00BE3C5C

Strings

ProvideLogger, xrefs: 00BE3C23
Logger, xrefs: 00BE3B49
Sound Booster, xrefs: 00BE3C35
.dll, xrefs: 00BE3B6B

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: LibraryModule_wcsrchr$AddressCriticalFileFreeHandleInit_thread_footerInitializeLoadNameProcSection
String ID: .dll$Logger$ProvideLogger$Sound Booster
API String ID: 3089204199-3424903129
Opcode ID: d61daf26ede8b6a023b157279ac860f9b32698e30833083ef9f0a137934fe80d
Instruction ID: e404f61338d4ed81cd478dc457a3587b7773f30db0d3b94277f31222886b0255
Opcode Fuzzy Hash: d61daf26ede8b6a023b157279ac860f9b32698e30833083ef9f0a137934fe80d
Instruction Fuzzy Hash: 09418575600345ABD714DB76DD49B9EB7F8EF08B10F2045AAE546E71C0EB70DB44CA20

Uniqueness

Uniqueness Score: -1.00%

Function 00BE39CC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000002,SOFTWARE\Letasoft\Sound Booster,00000000,00000101,?), ref: 00BE39ED
RegQueryValueExW.KERNELBASE(?,MLS,00000000,?,?,?), ref: 00BE3A19
RegCloseKey.KERNELBASE(?), ref: 00BE3A34

Strings

MLS, xrefs: 00BE3A11
SOFTWARE\Letasoft\Sound Booster, xrefs: 00BE39E3

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: MLS$SOFTWARE\Letasoft\Sound Booster
API String ID: 3677997916-2912749924
Opcode ID: af3db21341b868da59d0086bc0158a8348f92cece7c3ac18dfd55d0e9b010efa
Instruction ID: f1cce94effab4ea176d18ee90d816586db5d1adbe3e54ac7653efdd4e19ba476
Opcode Fuzzy Hash: af3db21341b868da59d0086bc0158a8348f92cece7c3ac18dfd55d0e9b010efa
Instruction Fuzzy Hash: 48012871A01298FADB20DB969C08EDFBFBCEB80B15F1041A6E951A2150D3709B44DA91

Uniqueness

Uniqueness Score: -1.00%

Function 00BE1AE5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(00000000,ReleaseLogger), ref: 00BE1B24
FreeLibrary.KERNELBASE(?,?,?,00C0203F,000000FF,?,00BE1AA2), ref: 00BE1B39
DeleteCriticalSection.KERNEL32(?,973E4C43,?,?,00C0203F,000000FF,?,00BE1AA2), ref: 00BE1B43

Strings

ReleaseLogger, xrefs: 00BE1B1C

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AddressCriticalDeleteFreeLibraryProcSection
String ID: ReleaseLogger
API String ID: 1152769218-621462491
Opcode ID: c5c53613e247f2f68e74fedb1bf34c66314b7e50d8fa3083ef6ee8ea1df9939e
Instruction ID: 6bbe091d356455cb7ccc8ad8640bad9eb1ff1c13ab009136d44287e2cca68833
Opcode Fuzzy Hash: c5c53613e247f2f68e74fedb1bf34c66314b7e50d8fa3083ef6ee8ea1df9939e
Instruction Fuzzy Hash: 94016271504744EFD7309F65DC08B56B7FCFB04715F104A6EE45A82AE0EBB6A900CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00BFE404 Relevance: 4.7, APIs: 3, Instructions: 186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be5bc7721f4cf6843248d8d8a76ad138f1aebe1f69d3e911d64e8279ea69889f
Instruction ID: 6776146400307b30fbc10452d47c1dc0747957106b0e1df1807b5c04533c17cb
Opcode Fuzzy Hash: be5bc7721f4cf6843248d8d8a76ad138f1aebe1f69d3e911d64e8279ea69889f
Instruction Fuzzy Hash: 6351A57190015D9BCB119FA8C845FBEBBF4EF55318F1400D9FA24AB2A1E770D909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00BF95A9 Relevance: 3.1, APIs: 2, Instructions: 91
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BF6768: GetLastError.KERNEL32(?,00000000,00BF0F83,00000000,?,?,00BF09DB,?,?,00000000,?), ref: 00BF676C
Part of subcall function 00BF6768: _free.LIBCMT ref: 00BF679F
Part of subcall function 00BF6768: SetLastError.KERNEL32(00000000,?,00000000,?), ref: 00BF67E0
Part of subcall function 00BF6768: _abort.LIBCMT ref: 00BF67E6

Part of subcall function 00BF96C8: _abort.LIBCMT ref: 00BF96FA
Part of subcall function 00BF96C8: _free.LIBCMT ref: 00BF972E

Part of subcall function 00BF933D: GetOEMCP.KERNEL32(00000000), ref: 00BF9368

_free.LIBCMT ref: 00BF9621
_free.LIBCMT ref: 00BF9657

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$ErrorLast_abort
String ID:
API String ID: 2991157371-0
Opcode ID: 619ff34383c36894e134bf78772027f3cac5d40f64dd051f26b63d3c5fb4d43d
Instruction ID: ac08ae7e11a460d9a1dc01a32d99a48bfe65bfc2aebb0294ce1c289a1adab9b1
Opcode Fuzzy Hash: 619ff34383c36894e134bf78772027f3cac5d40f64dd051f26b63d3c5fb4d43d
Instruction Fuzzy Hash: B7318F3190420CBFDB14EF68D441BBDB7E5DF41320F2540D9EA149B2A2EB329D49CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00BFE01F Relevance: 3.1, APIs: 2, Instructions: 77
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,00BFE55B,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00BFE0BA
GetLastError.KERNEL32(?,00BFE55B,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00BFD73D,00000000,00000000,?,?), ref: 00BFE0E3

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 9448ec843de9b3971c29b73e91d14dde66dc6419dc6008cae25197094f51d366
Instruction ID: 49a0769d85cbba1c095475b4a1ddeece6ac61f232e899d0fadc4cb621a78893e
Opcode Fuzzy Hash: 9448ec843de9b3971c29b73e91d14dde66dc6419dc6008cae25197094f51d366
Instruction Fuzzy Hash: 8E219135A002199FCB25CF69C881BF9B7F9EB48301F1044E9E65AD7261DA70EA85CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00BF7ECB Relevance: 3.1, APIs: 2, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00BF7F17
GetFileType.KERNELBASE(00000000), ref: 00BF7F29

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 6e0764503fe3fba0bb4e00b1642eac91b58566f9078f8e410abe1d9de0513aab
Instruction ID: 5802ceb74de0b74337e2ae64a391a4e8aa9218a8dd2eaba183e9395b0f8ba756
Opcode Fuzzy Hash: 6e0764503fe3fba0bb4e00b1642eac91b58566f9078f8e410abe1d9de0513aab
Instruction Fuzzy Hash: 4911D23154C7D647C7304A3D8C8873AAAD9DB56334B3807DED2B6875F1CA60D98A9284

Uniqueness

Uniqueness Score: -1.00%

Function 00BF4750 Relevance: 1.6, APIs: 1, Instructions: 116
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 00BF4826

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: d17d75bb40dda0745c4f9c9525e4bc724d579c77c68bf5619ae8beb98bbd7958
Instruction ID: 7ed360c9fac006ca18d0eacfd19aeaf9252993c6411457d1128b2447d3e688d3
Opcode Fuzzy Hash: d17d75bb40dda0745c4f9c9525e4bc724d579c77c68bf5619ae8beb98bbd7958
Instruction Fuzzy Hash: 7641A231A00618CFDB18CF69D8C466EB7F1EF8D320B2582AAE615DB3A1D7709C44CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00BF7D27 Relevance: 1.6, APIs: 1, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 00BF7D9F

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 2915e3f1ba4d9757e64beada39af1f650c26a1c8520354db013099649313a29c
Instruction ID: afb38389c587bb932c360ecb59ff637c9b8bdfb4a2569b8f87bcd6e731c91909
Opcode Fuzzy Hash: 2915e3f1ba4d9757e64beada39af1f650c26a1c8520354db013099649313a29c
Instruction Fuzzy Hash: 8711E4B914870A9BD7209F29E481BB277E8EF14364B6000FDE64A8B241EB71A9898750

Uniqueness

Uniqueness Score: -1.00%

Function 00BF5915 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,00BECC8F,?,?,00BE1050,?,?,?,?,?), ref: 00BF5947

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9d45a18d1a136fbd7cb3396bdee63fd99ecb5c30fd8d404bdab0929c2ed4e33a
Instruction ID: c63d794a6ab15ce3dd7307ddb6f32a93eff9d01d77d20c5bdfa6bc60d32a8c66
Opcode Fuzzy Hash: 9d45a18d1a136fbd7cb3396bdee63fd99ecb5c30fd8d404bdab0929c2ed4e33a
Instruction Fuzzy Hash: 3AE0303210091DD7D7352A65AC0577F77CCDB417B0F15C1A4AF0597190DAD0CD1985A1

Uniqueness

Uniqueness Score: -1.00%

Function 00BE2186 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

FreeLibrary.KERNELBASE(?), ref: 00BE219E

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: de0870a361a11b58374821d75137a556346104628d718ad8d41e0801106d9926
Instruction ID: 9c2d11715040004c9223115ca92e900f4ea4f3dc4fcaf9bf050ad9a7033fe88f
Opcode Fuzzy Hash: de0870a361a11b58374821d75137a556346104628d718ad8d41e0801106d9926
Instruction Fuzzy Hash: 99D0A930202200CFE7288F09E808B9573E9EF08705F0044ADA156AB0A0CBB15C80CB40

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00BE3C78 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00BE3C82

Part of subcall function 00BE5228: __EH_prolog3.LIBCMT ref: 00BE522F

FindFirstFileW.KERNEL32(?,?,0000029C,00BE4C1F,00000001,00000000,00000001,00000000,Sound Booster,?,?,?,?,000000B8,00BE2DA6), ref: 00BE3CBA
_wcslen.LIBCMT ref: 00BE3D83
SetFileAttributesW.KERNEL32(?,00000000,00000000,00000000), ref: 00BE3DA6
DeleteFileW.KERNEL32(?), ref: 00BE3DB8
FindNextFileW.KERNEL32(00000000,00000010,00000001,00000000), ref: 00BE3DD4
FindClose.KERNEL32(00000000), ref: 00BE3DE3

Part of subcall function 00BE222C: _wcslen.LIBCMT ref: 00BE223F

Part of subcall function 00BE384A: _wcslen.LIBCMT ref: 00BE3861

Part of subcall function 00BE5228: _wcslen.LIBCMT ref: 00BE5278

Strings

\*.*, xrefs: 00BE3C94

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: File_wcslen$Find$AttributesCloseDeleteFirstH_prolog3H_prolog3_Next
String ID: \*.*
API String ID: 1341830500-1173974218
Opcode ID: 191fd0ade8909760a8246b1bbbd5fbef964caefc68218060dc5b7796e4a7724a
Instruction ID: abdb119a31b3ab7dcde8414928b463f1367a1accb7d1d048c12a2ee00bea36c0
Opcode Fuzzy Hash: 191fd0ade8909760a8246b1bbbd5fbef964caefc68218060dc5b7796e4a7724a
Instruction Fuzzy Hash: 53415831900288EFCB10EBA1CC99AEEB7FCEB18714F5441A9E511B3191DB749B89CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00BFC2AE Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1488COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00BFC3F4

Strings

1#IND, xrefs: 00BFD5EC
1#QNAN, xrefs: 00BFD5FA
1#INF, xrefs: 00BFD601
1#SNAN, xrefs: 00BFD5F3

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 9d10460ca100a1b629bde79c0c557ec36b9f6ef5c2b610665d819de90136c512
Instruction ID: b3c1f9b3a9630cadcd2a1a0a267e122da29f42643f3bc8d8f58d5c15f42e6299
Opcode Fuzzy Hash: 9d10460ca100a1b629bde79c0c557ec36b9f6ef5c2b610665d819de90136c512
Instruction Fuzzy Hash: 8DD23872E0862C8BDB25CE28DD407EAB7F5EB44314F1541EADA0DE7241E774AE898F40

Uniqueness

Uniqueness Score: -1.00%

Function 00BE5B90 Relevance: 6.2, APIs: 4, Instructions: 231fileCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00BE5BAE
FindFirstFileW.KERNEL32(?,?), ref: 00BE5CA1
FindNextFileW.KERNEL32(000000FF,?), ref: 00BE5EA3
FindClose.KERNEL32(000000FF), ref: 00BE5EB9

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Find$File$CloseFirstNext_wcslen
String ID:
API String ID: 712028750-0
Opcode ID: f83538156e5606328c0c70f92fe85d6647241597af859c4686b6b0fd3d76c6a3
Instruction ID: 3fb74007782c1157ad90b1ea1e68f1390587570b8fcb8064b25f14d4da294a71
Opcode Fuzzy Hash: f83538156e5606328c0c70f92fe85d6647241597af859c4686b6b0fd3d76c6a3
Instruction Fuzzy Hash: A19173B1E00358AACB30DB61CC45BEE73F9AF59704F0485D9E50996281EB759B88CF62

Uniqueness

Uniqueness Score: -1.00%

Function 00BF5576 Relevance: 6.1, APIs: 4, Instructions: 91timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00BF5588

Part of subcall function 00BF58DB: HeapFree.KERNEL32(00000000,00000000,?,00BFABE6,?,00000000,?,00000000,?,00BFAC0D,?,00000007,?,?,00BFB06F,?), ref: 00BF58F1
Part of subcall function 00BF58DB: GetLastError.KERNEL32(?,?,00BFABE6,?,00000000,?,00000000,?,00BFAC0D,?,00000007,?,?,00BFB06F,?,?), ref: 00BF5903

GetTimeZoneInformation.KERNEL32 ref: 00BF559A
WideCharToMultiByte.KERNEL32(00000000,?,00C0F084,000000FF,?,0000003F,?,?), ref: 00BF5612
WideCharToMultiByte.KERNEL32(00000000,?,00C0F0D8,000000FF,?,0000003F,?,?,?,00C0F084,000000FF,?,0000003F,?,?), ref: 00BF563F

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 806657224-0
Opcode ID: b0db0f689dd30af0cacfb57ca5f39270d14f0fb39b31117604f18c888e697f7f
Instruction ID: ae4aa8da39f51a91f8c40a6ac8028ed7211543c62790f0e3fcfa74a4a30bcb97
Opcode Fuzzy Hash: b0db0f689dd30af0cacfb57ca5f39270d14f0fb39b31117604f18c888e697f7f
Instruction Fuzzy Hash: AE31AF71904649EFCB219F68DC80A3DBBF8FF05714B1542EEE2649B6A1D7308E4ADB50

Uniqueness

Uniqueness Score: -1.00%

Function 00BED71B Relevance: 6.1, APIs: 4, Instructions: 75COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00BED728
IsDebuggerPresent.KERNEL32(?,?,?,00000017), ref: 00BED7F0
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,00000017), ref: 00BED80F
UnhandledExceptionFilter.KERNEL32(?,?,?,?,00000017), ref: 00BED819

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 7db7fe69451364200388e22094c44a795f3f5df6c2f0b23c199b3a57dbbb2ab9
Instruction ID: 884a402344f9ecce8ceb4a9c064f45604e39cafb8ccbfa4c8699f2ae809a3094
Opcode Fuzzy Hash: 7db7fe69451364200388e22094c44a795f3f5df6c2f0b23c199b3a57dbbb2ab9
Instruction Fuzzy Hash: FC3106B5D452689BCB20DFA5D989BCDBBF8EF08301F0041EAE40DA7210EB759A85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00BF0667 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00BECC15), ref: 00BF075F
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00BECC15), ref: 00BF0769
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00BECC15), ref: 00BF0776

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 055a6baa200b641c08c38ac702e64876c543b8f0ad5307614b6026b2e9ce87ae
Instruction ID: 670d0d9ccd1333a80b9b484aefdcf97d1fccb8cf4cc77646012cfc251275a102
Opcode Fuzzy Hash: 055a6baa200b641c08c38ac702e64876c543b8f0ad5307614b6026b2e9ce87ae
Instruction Fuzzy Hash: B531B27491122CABCB21EF65D98979DBBF8EF08310F5041EAE41CA7261EB709F858F45

Uniqueness

Uniqueness Score: -1.00%

Function 00BEB900 Relevance: 4.6, APIs: 3, Instructions: 71timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00BEBF7F), ref: 00BEB975
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00BEBF7F), ref: 00BEB983
FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 00BEB995

Part of subcall function 00BEAB10: FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00BEB9A8,?), ref: 00BEAB28

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Time$File$System$DateLocal
String ID:
API String ID: 2151524179-0
Opcode ID: a4e7225287e8545108ee002f58f5c341f4c7421705a4b15c47bfe73863ddf099
Instruction ID: ca88fdcfda1fd13ad67bfd994f49f2d10e844d39444d98d5430b8e37b777458f
Opcode Fuzzy Hash: a4e7225287e8545108ee002f58f5c341f4c7421705a4b15c47bfe73863ddf099
Instruction Fuzzy Hash: E331CFB4E0020ACFDB44CFA8C495BEEBBB5FB48314F114189EA05AB341D775A985CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00BFBE00 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61102e8e78fa000e9228d04ba78236f8720c7748ef16da93a787eb451425eaa5
Instruction ID: 16412ecc5999aa0a4448a61b8a30cd62888267230770e2f553778a01cd72c6c6
Opcode Fuzzy Hash: 61102e8e78fa000e9228d04ba78236f8720c7748ef16da93a787eb451425eaa5
Instruction Fuzzy Hash: CF021C71E0021D9BDF14CFA9D9806AEFBF1EF48314F2581AAD919E7385D731AA45CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00BE9FA0 Relevance: 1.8, Strings: 1, Instructions: 572COMMON

Download Yara Rule

Strings

K, xrefs: 00BE9FBA

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: dae5ba50be3c3c9ee8a16c44b0bdf00f65f3f1d89f0a67d367ab1ec435eadd8d
Instruction ID: 3be4078319064d401bffa3091b170d2913114e8495c8f4c85b51c505545b4fc4
Opcode Fuzzy Hash: dae5ba50be3c3c9ee8a16c44b0bdf00f65f3f1d89f0a67d367ab1ec435eadd8d
Instruction Fuzzy Hash: B4323B71600249AFCB04CF98CC95EEE7B75EF88300F088568F9199F282D675E768CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00C011DC Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00C011D7,?,?,00000008,?,?,00C00E77,00000000), ref: 00C01409

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 352f0f6e383b7e13ed6ad719e1e4eac621769a077fdd3d494e43ef0280ccccef
Instruction ID: 1f90e943c4fbd0670786fc025a611e7c8f14c949a318c9603ab496703fdf4358
Opcode Fuzzy Hash: 352f0f6e383b7e13ed6ad719e1e4eac621769a077fdd3d494e43ef0280ccccef
Instruction Fuzzy Hash: 56B11B31610609DFD715CF68C48AB65BBE0FF45364F298658E9A9CF2E1C335EA91CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00BE99A0 Relevance: 1.6, Strings: 1, Instructions: 378COMMON

Download Yara Rule

Strings

K, xrefs: 00BE99BA

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: ddf3d52858798761dc5582627dce828703529d982b4c4dfdf8f4225c730d1dce
Instruction ID: 22d95aaa78cd9c4526adc50c6b7c7aec2fdaa75831895fcc67de32464800e092
Opcode Fuzzy Hash: ddf3d52858798761dc5582627dce828703529d982b4c4dfdf8f4225c730d1dce
Instruction Fuzzy Hash: 58E12A71A00249BFCB04CF98C895EEE7B75EF88310F08C5A8F9199B281D675D768CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00BED87A Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0000D886,00BED421), ref: 00BED87F

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: bba2e8eaa111c93184b42159db3f6ba11fb8f3aa436dc1ad8383fbb69a9d0c6f
Instruction ID: 44863e0727430418ecf936bb7052d5a9b9b45090682df3738d194f65c81cee9a
Opcode Fuzzy Hash: bba2e8eaa111c93184b42159db3f6ba11fb8f3aa436dc1ad8383fbb69a9d0c6f
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00BF1D52 Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 00BF1EC2

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 7ba693870d594e61b020945bb1353e9f258270115754d3abd628897ac4343ad4
Instruction ID: 6948c20f33b199086a12d2ff13c7f5eeb1d37e1af62179190ec13a83c0b75cd6
Opcode Fuzzy Hash: 7ba693870d594e61b020945bb1353e9f258270115754d3abd628897ac4343ad4
Instruction Fuzzy Hash: CE517A3560064CDADB388E6C8495BBE77EADF52300F580DE9DF42DB292C601DD4D8362

Uniqueness

Uniqueness Score: -1.00%

Function 00BF1F81 Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 00BF20F1

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: fc6fffd0465f4fb23e015a3ec5c98b83c5e8254fc9b8eb92b78b5e12e0049482
Instruction ID: 09156ac131b9e1224192326e3005886dc1fe8c74b1306220c71141e5ba52c1e6
Opcode Fuzzy Hash: fc6fffd0465f4fb23e015a3ec5c98b83c5e8254fc9b8eb92b78b5e12e0049482
Instruction Fuzzy Hash: BF51892270064D97EB388B3C84967BE67C5DB51300F180DD9EB82D7293CA15DE4DD356

Uniqueness

Uniqueness Score: -1.00%

Function 00BE9DB0 Relevance: 1.4, Strings: 1, Instructions: 183COMMON

Download Yara Rule

Strings

K, xrefs: 00BE9DCA

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: 62473e297bb5ec01075fe4acbb71b04f966505f4938570131b8b15e906ca59eb
Instruction ID: c5772c323a1c83001666a7efc2b69fb8fb9ae89694c9be265d6ad22ef18bdc1e
Opcode Fuzzy Hash: 62473e297bb5ec01075fe4acbb71b04f966505f4938570131b8b15e906ca59eb
Instruction Fuzzy Hash: D5714A35510249BFCB04CF98C895FEE7B75EF88300F0885A8F9199B281D275D768CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00BE7180 Relevance: 1.3, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

dyn trees: dyn %ld, stat %ld, xrefs: 00BE723E

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: dyn trees: dyn %ld, stat %ld
API String ID: 0-3357164542
Opcode ID: 56d2101f520c05a6c397a1fd305888fb7591b6d4e4963c528cb45e206a433596
Instruction ID: ae6008d1136d3c044be49eacc50b3178f8bd0aee31e71304c605e952db1618aa
Opcode Fuzzy Hash: 56d2101f520c05a6c397a1fd305888fb7591b6d4e4963c528cb45e206a433596
Instruction Fuzzy Hash: 2A217174604109EBCB04DF49C881DA977B9FF48348F1481B8F9099B342DB31EA42DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00BFA26A Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00BFA26A

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: a4ee77130ba62935b370d0bd24777c7a95480752c1f7e582e7824a6f52e01232
Instruction ID: fe6f2443b345813e49fc104e3bb76bfddffafe2310eb14381cd5eb708301cf62
Opcode Fuzzy Hash: a4ee77130ba62935b370d0bd24777c7a95480752c1f7e582e7824a6f52e01232
Instruction Fuzzy Hash: E5A011302002008BC3008F3AAE0A30C3AA8AA08A8030A8028A000C2020EA208082EF00

Uniqueness

Uniqueness Score: -1.00%

Function 00BF21B0 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8947dd1abaa36d707c7d0f85989f1e2b68436c1b0ac2dcfa42890f2bf942250b
Instruction ID: 248bc86332dc6e3b8cde23c30f912ae73216e752c92d9ad3a891c74c2a29f4ea
Opcode Fuzzy Hash: 8947dd1abaa36d707c7d0f85989f1e2b68436c1b0ac2dcfa42890f2bf942250b
Instruction Fuzzy Hash: 43618AB164070D6BDE389B6C88E6BBE23C4EB12300F5405DAEB43DF281D615ED4E9719

Uniqueness

Uniqueness Score: -1.00%

Function 00BEA830 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6301b70a51074eeeb2c8e921e1db47d7642eac06ec39551afb3be17de706bc9
Instruction ID: 9f392c84c6856e7d682c968c11b1506a1afa0c5ac6ae17ef5dfec6a9558ce14d
Opcode Fuzzy Hash: b6301b70a51074eeeb2c8e921e1db47d7642eac06ec39551afb3be17de706bc9
Instruction Fuzzy Hash: 9451B130514189ABCB44DF29D890BA93BA2EF89355F15C26AFD298F385C335E790DF84

Uniqueness

Uniqueness Score: -1.00%

Function 00BE10CE Relevance: 47.5, APIs: 12, Strings: 15, Instructions: 203libraryloaderwindowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00BE10D8
LoadLibraryW.KERNEL32(TurboActivate.dll,00000140,00BE10C8), ref: 00BE10EA
GetProcAddress.KERNEL32(00000000,TA_GetHandle), ref: 00BE1106
GetProcAddress.KERNEL32(?,TA_UseTrial), ref: 00BE1112
GetProcAddress.KERNEL32(?,TA_IsActivated), ref: 00BE111E
GetProcAddress.KERNEL32(?,TA_GetFeatureValue), ref: 00BE112A
GetProcAddress.KERNEL32(?,TA_Deactivate), ref: 00BE1136
GetProcAddress.KERNEL32(?,TA_TrialDaysRemaining), ref: 00BE1142
GetProcAddress.KERNEL32(?,TA_CheckAndSavePKey), ref: 00BE114E
GetProcAddress.KERNEL32(?,TA_Activate), ref: 00BE115A
GetLastError.KERNEL32(Failed to load activation library. GetLastError()=), ref: 00BE1375
MessageBoxW.USER32(00000000,Failed to load activation library. Please contact Letasoft support team at support@letasoft.com,Letasoft,00000030), ref: 00BE13A5

Strings

LoadActivate::Init, xrefs: 00BE1355
Letasoft, xrefs: 00BE1399
Failed to load activation library. Please contact Letasoft support team at support@letasoft.com, xrefs: 00BE139E
TurboActivate.dll, xrefs: 00BE10E5
TA_GetHandle, xrefs: 00BE1100
TA_UseTrial, xrefs: 00BE1108
Failed to load activation library. GetLastError()=, xrefs: 00BE1369
20986331705021ca58edc424.96250074, xrefs: 00BE1166
TA_TrialDaysRemaining, xrefs: 00BE1138
TA_IsActivated, xrefs: 00BE1114
TA_GetFeatureValue, xrefs: 00BE1120
..\..\..\SDK\Common\Protection\LimeLM\Protection.cpp, xrefs: 00BE134E
TA_Activate, xrefs: 00BE1150
TA_Deactivate, xrefs: 00BE112C
TA_CheckAndSavePKey, xrefs: 00BE1144

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AddressProc$ErrorH_prolog3_LastLibraryLoadMessage
String ID: ..\..\..\SDK\Common\Protection\LimeLM\Protection.cpp$20986331705021ca58edc424.96250074$Failed to load activation library. GetLastError()=$Failed to load activation library. Please contact Letasoft support team at support@letasoft.com$Letasoft$LoadActivate::Init$TA_Activate$TA_CheckAndSavePKey$TA_Deactivate$TA_GetFeatureValue$TA_GetHandle$TA_IsActivated$TA_TrialDaysRemaining$TA_UseTrial$TurboActivate.dll
API String ID: 2297570056-3024451926
Opcode ID: aaad7f8699976469dc72a3d08bc98c1c4c66cd97314de0a02ea223e603765091
Instruction ID: 2df9174b5e4b7aa9fe94813b6bffc44afebf0c2a2044991eb3140a2904d1344e
Opcode Fuzzy Hash: aaad7f8699976469dc72a3d08bc98c1c4c66cd97314de0a02ea223e603765091
Instruction Fuzzy Hash: D581F671D00368EFCF65DF69C881ADDBBF4AF19304F1045EAE509AA255DB309A84CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00BE31AD Relevance: 35.4, APIs: 2, Strings: 18, Instructions: 363COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00BE31B7
FreeLibrary.KERNEL32(00000000), ref: 00BE36AA

Part of subcall function 00BE1B5F: InitializeCriticalSection.KERNEL32(00C0F5C8,?,00BE3BA4,?), ref: 00BE1BB3
Part of subcall function 00BE1B5F: __Init_thread_footer.LIBCMT ref: 00BE1BC4

Part of subcall function 00BE17E7: GetCurrentThreadId.KERNEL32 ref: 00BE1863

Strings

Activating with a product key SUCCEEDED, xrefs: 00BE342B
ApoInstaller.cpp, xrefs: 00BE31EE, 00BE3259, 00BE32CF, 00BE336A, 00BE33D7, 00BE3445, 00BE346F, 00BE34D0, 00BE3569, 00BE35C8, 00BE3627
Already activated, xrefs: 00BE3276
StartTrial, xrefs: 00BE3586, 00BE35E3
Starting trial FAILED with error=%d, xrefs: 00BE3678
Starting trial FAILED with error=, xrefs: 00BE3644
Activate, xrefs: 00BE31F8, 00BE3263, 00BE32D9, 00BE3374, 00BE33E1, 00BE33F2, 00BE344F, 00BE3461, 00BE3479, 00BE34DA, 00BE3573, 00BE35D2, 00BE3631
Starting trial SUCCEEDED, xrefs: 00BE35B0
Activating with a product key FAILED with error=, xrefs: 00BE34EE
FAILED, xrefs: 00BE34A3, 00BE35FB
Activating with a product key FAILED with error=%d, xrefs: 00BE3522
FAILED to load licensing module, xrefs: 00BE322A
Activated with a previously saved product key, xrefs: 00BE330A
CheckSaveKey, xrefs: 00BE3387, 00BE348B
FAILED to load licensing module, xrefs: 00BE320C
SUCCEEDED, xrefs: 00BE3393, 00BE340A, 00BE3592
Activated with a previously saved product key, xrefs: 00BE32EC
Already activated, xrefs: 00BE3294

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalCurrentFreeH_prolog3_Init_thread_footerInitializeLibrarySectionThread
String ID: FAILED$ SUCCEEDED$Activate$Activated with a previously saved product key$Activated with a previously saved product key$Activating with a product key FAILED with error=$Activating with a product key FAILED with error=%d$Activating with a product key SUCCEEDED$Already activated$Already activated$ApoInstaller.cpp$CheckSaveKey$FAILED to load licensing module$FAILED to load licensing module$StartTrial$Starting trial FAILED with error=$Starting trial FAILED with error=%d$Starting trial SUCCEEDED
API String ID: 3291180112-251940293
Opcode ID: b0a53bf56f40979db78f57bf10ca5ff0d703b055ca59c9d894fdfd8f7725894c
Instruction ID: d1b0234f9798b2bc9dd6e2132ee88bbe522f7f2ff0ab8559a0f0c650cfc44b38
Opcode Fuzzy Hash: b0a53bf56f40979db78f57bf10ca5ff0d703b055ca59c9d894fdfd8f7725894c
Instruction Fuzzy Hash: 2EC170706403A4AFCB29AB268D97EED77F1AF04B04F1045E8F5096B2D2DB708E41CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00BE4B82 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 267COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00BE4B8C

Part of subcall function 00BE222C: _wcslen.LIBCMT ref: 00BE223F

Part of subcall function 00BE3E51: __EH_prolog3_GS.LIBCMT ref: 00BE3E5B
Part of subcall function 00BE3E51: SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,?), ref: 00BE3EAF

Part of subcall function 00BE21D5: std::_Deallocate.LIBCONCRT ref: 00BE2205

Strings

2. Exporting Windows Application log..., xrefs: 00BE4C65
letasoft_report.zip, xrefs: 00BE4CF4, 00BE4E8C
3. Exporting Letasoft registry keys..., xrefs: 00BE4C93
1. Exporting system information..., xrefs: 00BE4C2F
Diagnostics Report Creator, xrefs: 00BE4E70
. Please send 'letasoft_report.zip' file to support@letasoft.com., xrefs: 00BE4E4E, 00BE4E53, 00BE4E5B
Diagnostics report has been created, xrefs: 00BE4E12
Logs, xrefs: 00BE4D4E
Sound Booster, xrefs: 00BE4BA0
Reports, xrefs: 00BE4BDA, 00BE4D8C

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_$DeallocateFolderPath_wcslenstd::_
String ID: Diagnostics report has been created$1. Exporting system information...$2. Exporting Windows Application log...$3. Exporting Letasoft registry keys...$. Please send 'letasoft_report.zip' file to support@letasoft.com.$Diagnostics Report Creator$Logs$Reports$Sound Booster$letasoft_report.zip
API String ID: 4137113751-2886562063
Opcode ID: cd2b05d532dfb6948209dcaab9ac5d2e83e1821b8ac6f391d3489058bc790107
Instruction ID: 2b84f6ccfa93fb4863bde2634bd4c8007c6057a47a0ce76035ac6ad048c9b2b1
Opcode Fuzzy Hash: cd2b05d532dfb6948209dcaab9ac5d2e83e1821b8ac6f391d3489058bc790107
Instruction Fuzzy Hash: 59A16F75800288EADB14EFA5CC96BEDBBF8AF18714F5041DDE505B3282DB741B85CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00BEABE0 Relevance: 28.3, APIs: 14, Strings: 2, Instructions: 278COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?), ref: 00BEABF7
GetFileInformationByHandle.KERNEL32(?,?), ref: 00BEAC1E

Strings

(, xrefs: 00BEAE00
PE, xrefs: 00BEAEC8

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: File$HandleInformationType
String ID: ($PE
API String ID: 4064226416-3347799738
Opcode ID: cb5a7a62e4ff785b89fbd43ad9a375df7ce2ea8280a5527abc1287d8853be43f
Instruction ID: b2b37a3625a8cdf40b2f432885b3b884eccedbdecd7d0812cb63334447cbe3cc
Opcode Fuzzy Hash: cb5a7a62e4ff785b89fbd43ad9a375df7ce2ea8280a5527abc1287d8853be43f
Instruction Fuzzy Hash: FDC12AB1D00258DFEB14CFA5DC95BEDBBB9FB48704F108599E509AB280DB30AA85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00BE4887 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 244COMMON

Download Yara Rule

APIs

ILCreateFromPath.SHELL32 ref: 00BE48B4
ILFree.SHELL32(?), ref: 00BE499A

Part of subcall function 00BE17E7: GetCurrentThreadId.KERNEL32 ref: 00BE1863

ILCreateFromPath.SHELL32(?), ref: 00BE49D7
SHOpenFolderAndSelectItems.SHELL32(?,?,?,00000000), ref: 00BE4AAB
ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 00BE4ACE

Part of subcall function 00BE1B5F: InitializeCriticalSection.KERNEL32(00C0F5C8,?,00BE3BA4,?), ref: 00BE1BB3
Part of subcall function 00BE1B5F: __Init_thread_footer.LIBCMT ref: 00BE1BC4

ILFree.SHELL32(?), ref: 00BE4B39
ILFree.SHELL32(?), ref: 00BE4B53

Strings

SHOpenFolderAndSelectItems() FAILED. res=, xrefs: 00BE4AFE
ILCreateFromPath() FAILED. folderPath=, xrefs: 00BE48FB
ILCreateFromPath() 2 FAILED. folderPath=, xrefs: 00BE4A30
open, xrefs: 00BE4AC8
ReportCreator.cpp, xrefs: 00BE48DD, 00BE4958, 00BE4A12, 00BE4AE0
OpenFolderAndSelectFiles, xrefs: 00BE48E7, 00BE4962, 00BE4A1C, 00BE4AEA
malloc() FAILED, xrefs: 00BE4976

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Free$CreateFromPath$CriticalCurrentExecuteFolderInit_thread_footerInitializeItemsOpenSectionSelectShellThread
String ID: ILCreateFromPath() 2 FAILED. folderPath=$ILCreateFromPath() FAILED. folderPath=$OpenFolderAndSelectFiles$ReportCreator.cpp$SHOpenFolderAndSelectItems() FAILED. res=$malloc() FAILED$open
API String ID: 201577122-306693007
Opcode ID: f45a6b83ac117706195c27f53cdd96fe01d617a029dd4a4f9abeefd3a7766c4b
Instruction ID: 9a37c9ea20a0ff1da7a17211bc390553e13131cfd913f72712747953ba17963a
Opcode Fuzzy Hash: f45a6b83ac117706195c27f53cdd96fe01d617a029dd4a4f9abeefd3a7766c4b
Instruction Fuzzy Hash: 5181CF346002649FCB18EF6ACD86F9AB7E6EF45700F1041E9E505AB291DBB0DE81CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00BE1BCD Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,?), ref: 00BE1BF6
OpenProcessToken.ADVAPI32(00000000), ref: 00BE1BFD
GetTokenInformation.ADVAPI32(?,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00BE1C29
GetTokenInformation.ADVAPI32(?,00000013(TokenIntegrityLevel),?,00000004,?), ref: 00BE1C44
DuplicateToken.ADVAPI32(?,00000001,?), ref: 00BE1C58
CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 00BE1C74
CheckTokenMembership.ADVAPI32(?,?,?), ref: 00BE1C89
GetLastError.KERNEL32 ref: 00BE1C93
CloseHandle.KERNEL32(?), ref: 00BE1CA9
CloseHandle.KERNEL32(?), ref: 00BE1CB6
__CxxThrowException@8.LIBVCRUNTIME ref: 00BE1CDF

Strings

D, xrefs: 00BE1C65

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Token$CloseHandleInformationProcess$CheckCreateCurrentDuplicateErrorException@8KnownLastMembershipOpenThrowWell
String ID: D
API String ID: 3332473350-2746444292
Opcode ID: e25b76a2553d2ccd4928c0aecddbb33ef2b06e93d7273e1a89a4bfda7b8b53fc
Instruction ID: e2a5f23365bdf65e6a0654774383d30816468d53d2eb684a21851ff8da4cf58d
Opcode Fuzzy Hash: e25b76a2553d2ccd4928c0aecddbb33ef2b06e93d7273e1a89a4bfda7b8b53fc
Instruction Fuzzy Hash: 1331E871D4128DABDF10DFEADC84BADBBBCEB04704F214569EA01EA254D7709906CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00BFAED7 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00BFAF1B

Part of subcall function 00BFAA51: _free.LIBCMT ref: 00BFAA6E
Part of subcall function 00BFAA51: _free.LIBCMT ref: 00BFAA80
Part of subcall function 00BFAA51: _free.LIBCMT ref: 00BFAA92
Part of subcall function 00BFAA51: _free.LIBCMT ref: 00BFAAA4
Part of subcall function 00BFAA51: _free.LIBCMT ref: 00BFAAB6
Part of subcall function 00BFAA51: _free.LIBCMT ref: 00BFAAC8
Part of subcall function 00BFAA51: _free.LIBCMT ref: 00BFAADA
Part of subcall function 00BFAA51: _free.LIBCMT ref: 00BFAAEC
Part of subcall function 00BFAA51: _free.LIBCMT ref: 00BFAAFE
Part of subcall function 00BFAA51: _free.LIBCMT ref: 00BFAB10
Part of subcall function 00BFAA51: _free.LIBCMT ref: 00BFAB22
Part of subcall function 00BFAA51: _free.LIBCMT ref: 00BFAB34
Part of subcall function 00BFAA51: _free.LIBCMT ref: 00BFAB46

_free.LIBCMT ref: 00BFAF10

Part of subcall function 00BF58DB: HeapFree.KERNEL32(00000000,00000000,?,00BFABE6,?,00000000,?,00000000,?,00BFAC0D,?,00000007,?,?,00BFB06F,?), ref: 00BF58F1
Part of subcall function 00BF58DB: GetLastError.KERNEL32(?,?,00BFABE6,?,00000000,?,00000000,?,00BFAC0D,?,00000007,?,?,00BFB06F,?,?), ref: 00BF5903

_free.LIBCMT ref: 00BFAF32
_free.LIBCMT ref: 00BFAF47
_free.LIBCMT ref: 00BFAF52
_free.LIBCMT ref: 00BFAF74
_free.LIBCMT ref: 00BFAF87
_free.LIBCMT ref: 00BFAF95
_free.LIBCMT ref: 00BFAFA0
_free.LIBCMT ref: 00BFAFD8
_free.LIBCMT ref: 00BFAFDF
_free.LIBCMT ref: 00BFAFFC
_free.LIBCMT ref: 00BFB014

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: d0a344dddbd4f98530baba09c858d6147c0a16de1b9c76d1f3fd870283464887
Instruction ID: f805cdfcae599e6243ea619edd7506b4d1dddf3b4becb877e7c5b13eae20ebc2
Opcode Fuzzy Hash: d0a344dddbd4f98530baba09c858d6147c0a16de1b9c76d1f3fd870283464887
Instruction Fuzzy Hash: 2F3160F15046089FEB38AA39D845B76B3E8EF00351F2448A9F65CEB552DF30EC488B21

Uniqueness

Uniqueness Score: -1.00%

Function 00BE36B8 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 116COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00BE36C2
FreeLibrary.KERNEL32(?), ref: 00BE383C

Part of subcall function 00BE1B5F: InitializeCriticalSection.KERNEL32(00C0F5C8,?,00BE3BA4,?), ref: 00BE1BB3
Part of subcall function 00BE1B5F: __Init_thread_footer.LIBCMT ref: 00BE1BC4

Part of subcall function 00BE17E7: GetCurrentThreadId.KERNEL32 ref: 00BE1863

Strings

Already deactivated or never been activated, xrefs: 00BE3797
ApoInstaller.cpp, xrefs: 00BE36F3, 00BE375B, 00BE37C9
Already deactivated or never been activated, xrefs: 00BE3779
Deactivate, xrefs: 00BE36FD, 00BE3765, 00BE37D3
FAILED to load licensing module, xrefs: 00BE3711
Deactivation FAILED with error=%d, xrefs: 00BE3810
Deactivation SUCCEEDED, xrefs: 00BE381D
Deactivation FAILED with error=, xrefs: 00BE37E7
FAILED to load licensing module, xrefs: 00BE372F

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalCurrentFreeH_prolog3_Init_thread_footerInitializeLibrarySectionThread
String ID: Already deactivated or never been activated$Already deactivated or never been activated$ApoInstaller.cpp$Deactivate$Deactivation FAILED with error=$Deactivation FAILED with error=%d$Deactivation SUCCEEDED$FAILED to load licensing module$FAILED to load licensing module
API String ID: 3291180112-863891108
Opcode ID: c9f8984585b55c971bbca069a81e51cbe6676df57e25ad9885053c3576ea19bf
Instruction ID: 1ea0b960d3852ca6553e2532d20b7329cfd960987cba092a1833794f74f88510
Opcode Fuzzy Hash: c9f8984585b55c971bbca069a81e51cbe6676df57e25ad9885053c3576ea19bf
Instruction Fuzzy Hash: F531AC746402906BDB28BB728D5BEAE76E29F45F04F2045E8F106AB1D3CF708E40CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00BE437F Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 201COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00BE4389

Part of subcall function 00BE222C: _wcslen.LIBCMT ref: 00BE223F

Part of subcall function 00BE2573: __EH_prolog3.LIBCMT ref: 00BE257A

Part of subcall function 00BE52A5: _wcslen.LIBCMT ref: 00BE52C2

Part of subcall function 00BE419A: GetConsoleWindow.KERNEL32 ref: 00BE41B7
Part of subcall function 00BE419A: ShellExecuteExW.SHELL32(0000003C), ref: 00BE41E6
Part of subcall function 00BE419A: WaitForSingleObject.KERNEL32(?,000007D0), ref: 00BE41FF
Part of subcall function 00BE419A: CloseHandle.KERNEL32(?), ref: 00BE4225

Part of subcall function 00BE21D5: std::_Deallocate.LIBCONCRT ref: 00BE2205

Part of subcall function 00BE2573: _wcslen.LIBCMT ref: 00BE25BA

Strings

" ", xrefs: 00BE43E1, 00BE43EA, 00BE44A2
export "HKCU\Software\Letasoft\, xrefs: 00BE4492
current_user.txt" /y, xrefs: 00BE44C3
export "HKCR\AudioEngine\AudioProcessingObjects" ", xrefs: 00BE45B4
export "HKLM\Software\Letasoft\, xrefs: 00BE43D4
export "HKLM\Software\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render" ", xrefs: 00BE4542
Sound Booster, xrefs: 00BE439F
reg.exe, xrefs: 00BE43BD, 00BE43C2, 00BE4480, 00BE4537, 00BE45A7
local_machine.txt" /y /reg:64, xrefs: 00BE4407

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _wcslen$CloseConsoleDeallocateExecuteH_prolog3H_prolog3_HandleObjectShellSingleWaitWindowstd::_
String ID: " "$Sound Booster$current_user.txt" /y$export "HKCR\AudioEngine\AudioProcessingObjects" "$export "HKCU\Software\Letasoft\$export "HKLM\Software\Letasoft\$export "HKLM\Software\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render" "$local_machine.txt" /y /reg:64$reg.exe
API String ID: 2693919150-2452782743
Opcode ID: f1e13fe94f2d85080be36423fb7995663529eb7b9aff05c5499d7f500e70d122
Instruction ID: bd888eb5d1de77055122b5d1d7f94f6c3b19ea5572b502ffa4c925478dc4e49a
Opcode Fuzzy Hash: f1e13fe94f2d85080be36423fb7995663529eb7b9aff05c5499d7f500e70d122
Instruction Fuzzy Hash: 6D714571D10288EADB14EBA5CC56BDEBBF8AF59310F504098E505B71C2EF741B49C752

Uniqueness

Uniqueness Score: -1.00%

Function 00BE17E7 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 97threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00BE1863

Strings

FATAL, xrefs: 00BE1831
[this=0x%p] , xrefs: 00BE1890
%s [%d] , xrefs: 00BE1871
INFO, xrefs: 00BE184F
[%s@%s:%d] , xrefs: 00BE1902
WARNING, xrefs: 00BE1845
NONE, xrefs: 00BE1827
ERROR, xrefs: 00BE183B
DEBUG, xrefs: 00BE1859

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CurrentThread
String ID: %s [%d] $DEBUG$ERROR$FATAL$INFO$NONE$WARNING$[%s@%s:%d] $[this=0x%p]
API String ID: 2882836952-4283364438
Opcode ID: 1534da1a9cc5786777bb84b2ce4cb48bee89fcbcfa1f7c6aaf77793da7f3ce5a
Instruction ID: 7100cdef024d5f68ca2b09b7692ba5d6c9562616e125429d606c1390b34dc6a0
Opcode Fuzzy Hash: 1534da1a9cc5786777bb84b2ce4cb48bee89fcbcfa1f7c6aaf77793da7f3ce5a
Instruction Fuzzy Hash: 7C316F71A00358AFDF10DFA9CC42B9EB7E8AB09704F1044E5B64DA7282DB719A44CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00BE4618 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 175fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?), ref: 00BE4655
GetLastError.KERNEL32( GetLastError()=, data._subFolderNames[i]=,AddFolderContent() FAILED. data._baseFolderPath=), ref: 00BE477A

Part of subcall function 00BE1B5F: InitializeCriticalSection.KERNEL32(00C0F5C8,?,00BE3BA4,?), ref: 00BE1BB3
Part of subcall function 00BE1B5F: __Init_thread_footer.LIBCMT ref: 00BE1BC4

Part of subcall function 00BE17E7: GetCurrentThreadId.KERNEL32 ref: 00BE1863

Strings

GetLastError()=, xrefs: 00BE476E
CreateZip() FAILED, xrefs: 00BE4804
ReportCreator.cpp, xrefs: 00BE471A, 00BE47E8, 00BE4818
Compress, xrefs: 00BE4724, 00BE47F2, 00BE4822
AddFolderContent() FAILED. data._baseFolderPath=, xrefs: 00BE4738
data._subFolderNames[i]=, xrefs: 00BE4753
Empty input and/or output paths, xrefs: 00BE4834

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalCurrentDeleteErrorFileInit_thread_footerInitializeLastSectionThread
String ID: GetLastError()=$ data._subFolderNames[i]=$AddFolderContent() FAILED. data._baseFolderPath=$Compress$CreateZip() FAILED$Empty input and/or output paths$ReportCreator.cpp
API String ID: 2519789086-945714659
Opcode ID: 757439656630dcd18355739177be169cd847b7dbe5d86e1d0eac4bebc2b80e8c
Instruction ID: 35254e8ea8a9564fcc8d999d6f17c40a855d7191dd17fa4ee29a4af399101b2d
Opcode Fuzzy Hash: 757439656630dcd18355739177be169cd847b7dbe5d86e1d0eac4bebc2b80e8c
Instruction Fuzzy Hash: 9751A030A016A49FCB28DF26CC46B99B3F2BF05B04F1045E8E505AB291DB70AE91CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 00BE3FF2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 114COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00BE3FFC
SHGetFolderPathW.SHELL32(00000000,00000025,00000000,00000000,?), ref: 00BE404A
_wcslen.LIBCMT ref: 00BE409A
PathFileExistsW.SHLWAPI(?,msinfo32.exe,00000000,?), ref: 00BE40C6
SHGetFolderPathW.SHELL32(00000000,0000002C,00000000,00000000,?), ref: 00BE40FB
_wcslen.LIBCMT ref: 00BE4149
PathFileExistsW.SHLWAPI(?,Microsoft Shared\MSInfo\msinfo32.exe,00000000,?), ref: 00BE4171

Part of subcall function 00BE21D5: std::_Deallocate.LIBCONCRT ref: 00BE2205

Strings

Microsoft Shared\MSInfo\msinfo32.exe, xrefs: 00BE4143, 00BE4148, 00BE4150
msinfo32.exe, xrefs: 00BE4095, 00BE40A1

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Path$ExistsFileFolder_wcslen$DeallocateH_prolog3_std::_
String ID: Microsoft Shared\MSInfo\msinfo32.exe$msinfo32.exe
API String ID: 1747826434-4145124285
Opcode ID: bfe3134d68a8b0e4936b16fed8f4d6150a12e3050260001e6f116909ff2386bc
Instruction ID: d14ce0ba154c5c1b7bf001a0b35dc9a68d9b7e84c6a155de2b7b92568a1ef03f
Opcode Fuzzy Hash: bfe3134d68a8b0e4936b16fed8f4d6150a12e3050260001e6f116909ff2386bc
Instruction Fuzzy Hash: 79414D71A50259AADB20EB61CC99BEDB3FCEF18714F4001E4A508A7191DB74AF84CF61

Uniqueness

Uniqueness Score: -1.00%

Function 00BF6674 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00BF6688

Part of subcall function 00BF58DB: HeapFree.KERNEL32(00000000,00000000,?,00BFABE6,?,00000000,?,00000000,?,00BFAC0D,?,00000007,?,?,00BFB06F,?), ref: 00BF58F1
Part of subcall function 00BF58DB: GetLastError.KERNEL32(?,?,00BFABE6,?,00000000,?,00000000,?,00BFAC0D,?,00000007,?,?,00BFB06F,?,?), ref: 00BF5903

_free.LIBCMT ref: 00BF6694
_free.LIBCMT ref: 00BF669F
_free.LIBCMT ref: 00BF66AA
_free.LIBCMT ref: 00BF66B5
_free.LIBCMT ref: 00BF66C0
_free.LIBCMT ref: 00BF66CB
_free.LIBCMT ref: 00BF66D6
_free.LIBCMT ref: 00BF66E1
_free.LIBCMT ref: 00BF66EF

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 10caa91b11f360eba85c29590604d40de6b3fcc7668f4650115d8964a79d1c34
Instruction ID: f0e7e2a35144f055d6514f8e1115320371bee270579a86f6295cde6505e8a6c1
Opcode Fuzzy Hash: 10caa91b11f360eba85c29590604d40de6b3fcc7668f4650115d8964a79d1c34
Instruction Fuzzy Hash: C61177B650090CFFCB15EF94C882CE93BE5EF04391B6141A5FB099B162DA31DE559F50

Uniqueness

Uniqueness Score: -1.00%

Function 00BEA9E0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 105COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00BEA9E8

Strings

.lzh, xrefs: 00BEAA98
.zip, xrefs: 00BEAA4A
.tgz, xrefs: 00BEAAE3
.arj, xrefs: 00BEAAB1
.zoo, xrefs: 00BEAA66
.gz, xrefs: 00BEAACA
.arc, xrefs: 00BEAA7F

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _strlen
String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
API String ID: 4218353326-51310709
Opcode ID: cb1d2f66ac9587f01320833c8daa4025cbcb3ff4eab6b100f2d1794f7538066c
Instruction ID: ba0cd7912e4758991e25c9c7e80f3e6e1b9fee377f48458ab47a89a56635134f
Opcode Fuzzy Hash: cb1d2f66ac9587f01320833c8daa4025cbcb3ff4eab6b100f2d1794f7538066c
Instruction Fuzzy Hash: E03184B9E44388B7CB14DA59CB9197E37ED9961701B2010F4E908A7240F732FF44E762

Uniqueness

Uniqueness Score: -1.00%

Function 00BEAF80 Relevance: 13.7, APIs: 9, Instructions: 167COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 00BEAFE4
GetCurrentProcess.KERNEL32(?,00000000), ref: 00BEAFEF
DuplicateHandle.KERNEL32(00000000), ref: 00BEAFF6
GetFileType.KERNEL32 ref: 00BEB015
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 00BEB04F

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CurrentFileProcess$DuplicateHandlePointerType
String ID:
API String ID: 952225019-0
Opcode ID: 5cc843279e8d688771ec46575f3435bff8ac88fc5914b4e59185bdd8e40a297b
Instruction ID: d2184cd6b17f24a730048d250c4046780466687254bf8c3cae46d38b6caf0e44
Opcode Fuzzy Hash: 5cc843279e8d688771ec46575f3435bff8ac88fc5914b4e59185bdd8e40a297b
Instruction Fuzzy Hash: 6A711674A00288EFDB14CF95C998FAEBBF5FB04314F208598E511AB281C375EE81DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00BFF8B3 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00BFF95F
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00BFF9E2
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00BFFA75
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00BFFA8C

Part of subcall function 00BF5915: RtlAllocateHeap.NTDLL(00000000,?,?,?,00BECC8F,?,?,00BE1050,?,?,?,?,?), ref: 00BF5947

MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00BFFB08
__freea.LIBCMT ref: 00BFFB33
__freea.LIBCMT ref: 00BFFB3F

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 72288d5879e9c0739650d676833d1e436a866fd525c55665f38e9ec1370076b4
Instruction ID: 08c9e209afc559bf0aff18e95677bd3c46457c30c8b0e640b6acb76cd499574e
Opcode Fuzzy Hash: 72288d5879e9c0739650d676833d1e436a866fd525c55665f38e9ec1370076b4
Instruction Fuzzy Hash: 17919172E0021BAADB249F64C891BBEBBF5DF09710F1881B9EA05E7141D765DC49CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00BFDD89 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00BFE4FE,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00BFDDCB
__fassign.LIBCMT ref: 00BFDE46
__fassign.LIBCMT ref: 00BFDE61
WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00BFDE87
WriteFile.KERNEL32(?,00000000,00000000,00BFE4FE,00000000,?,?,?,?,?,?,?,?,?,00BFE4FE,00000000), ref: 00BFDEA6
WriteFile.KERNEL32(?,00000000,00000001,00BFE4FE,00000000,?,?,?,?,?,?,?,?,?,00BFE4FE,00000000), ref: 00BFDEDF

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: dbe2210245e744af65d5601fbeba0637d50b13c683fb77850db5b4dd35e6e48b
Instruction ID: 56f00226af5026c9206debad5ab22f1ff3ebb2571f53f6a914ba4f914974e79c
Opcode Fuzzy Hash: dbe2210245e744af65d5601fbeba0637d50b13c683fb77850db5b4dd35e6e48b
Instruction Fuzzy Hash: D451A2B1E002499FDF10CFA8D885BEEBBF9EF19300F14459AEA56E7251D730A945CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00BFABF4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00BFABB8: _free.LIBCMT ref: 00BFABE1

_free.LIBCMT ref: 00BFAC42

Part of subcall function 00BF58DB: HeapFree.KERNEL32(00000000,00000000,?,00BFABE6,?,00000000,?,00000000,?,00BFAC0D,?,00000007,?,?,00BFB06F,?), ref: 00BF58F1
Part of subcall function 00BF58DB: GetLastError.KERNEL32(?,?,00BFABE6,?,00000000,?,00000000,?,00BFAC0D,?,00000007,?,?,00BFB06F,?,?), ref: 00BF5903

_free.LIBCMT ref: 00BFAC4D
_free.LIBCMT ref: 00BFAC58
_free.LIBCMT ref: 00BFACAC
_free.LIBCMT ref: 00BFACB7
_free.LIBCMT ref: 00BFACC2
_free.LIBCMT ref: 00BFACCD

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: eb4ceb66bf3b2d5ff5d31468e1cdf18bdfc8e6db66c67aa6c7462a5821656935
Instruction ID: ee9992b5e9ec41152a604c05f5bedb39899a1ea6d8ccfcd7f1807e32c109d771
Opcode Fuzzy Hash: eb4ceb66bf3b2d5ff5d31468e1cdf18bdfc8e6db66c67aa6c7462a5821656935
Instruction Fuzzy Hash: 1F11D8B1540B08AADA34B7F0CD06FEA77D99F04781F404CA5B39D670A3DA65B5094B51

Uniqueness

Uniqueness Score: -1.00%

Function 00BF0208 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00BF01FF,00BEE778,00C0C120,00000010,00BEDF40,?,?,?,?,?,00000000,?), ref: 00BF0216
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00BF0224
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00BF023D
SetLastError.KERNEL32(00000000,00BF01FF,00BEE778,00C0C120,00000010,00BEDF40,?,?,?,?,?,00000000,?), ref: 00BF028F

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 4c8ce417427f7fdffdc4e905a08b8d0f0231c6e9ff1252849a73c9a8f729bb19
Instruction ID: 58d4d0b1488d24da45efcde30015c40d9a9a99b6e5ed6f6c0b2f8f1ed8b9cb9b
Opcode Fuzzy Hash: 4c8ce417427f7fdffdc4e905a08b8d0f0231c6e9ff1252849a73c9a8f729bb19
Instruction Fuzzy Hash: F401B53626E61E6EDB6437756CC977E26DCEB017B972106BAF620420F3EB514808A160

Uniqueness

Uniqueness Score: -1.00%

Function 00BE419A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 57synchronizationCOMMON

Download Yara Rule

APIs

GetConsoleWindow.KERNEL32 ref: 00BE41B7
ShellExecuteExW.SHELL32(0000003C), ref: 00BE41E6
WaitForSingleObject.KERNEL32(?,000007D0), ref: 00BE41FF
CloseHandle.KERNEL32(?), ref: 00BE4225

Strings

<, xrefs: 00BE41A5
@, xrefs: 00BE41AE

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CloseConsoleExecuteHandleObjectShellSingleWaitWindow
String ID: <$@
API String ID: 2771057787-1426351568
Opcode ID: e9366552bcbb2f4f47170a90f86fb890a8074a73b9ae7f3ee3a370e1a0f3cb0c
Instruction ID: 68c3a9060b246b6b720dbb668e93da2e134a55e132950ceb2e9bd4318ddc7b6e
Opcode Fuzzy Hash: e9366552bcbb2f4f47170a90f86fb890a8074a73b9ae7f3ee3a370e1a0f3cb0c
Instruction Fuzzy Hash: 07119E71D012189BCB109F9AA88829DBFF9FF44721F21016AE909F3200CB759A41CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00BFBAAD Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00BF267C,00BF267C,?,?,?,00BFBCFE,00000001,00000001,91E85006), ref: 00BFBB07
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00BFBCFE,00000001,00000001,91E85006,?,?,?), ref: 00BFBB8D
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,91E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00BFBC87
__freea.LIBCMT ref: 00BFBC94

Part of subcall function 00BF5915: RtlAllocateHeap.NTDLL(00000000,?,?,?,00BECC8F,?,?,00BE1050,?,?,?,?,?), ref: 00BF5947

__freea.LIBCMT ref: 00BFBC9D
__freea.LIBCMT ref: 00BFBCC2

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: a6c367f827765e4fc6cd150525c7d811a0f2b31516240fd2efa4f045f4f7363c
Instruction ID: 6b9273517269ed25aa1fdb1aab74caf0d63a9e6a7522ff4d12c483989d68f7ea
Opcode Fuzzy Hash: a6c367f827765e4fc6cd150525c7d811a0f2b31516240fd2efa4f045f4f7363c
Instruction Fuzzy Hash: A651AD7261021AAAEB258F64CC81FBF7BE9EB44750F2546A9FE08D7150EF34DC58C690

Uniqueness

Uniqueness Score: -1.00%

Function 00BEB230 Relevance: 9.1, APIs: 6, Instructions: 131fileCOMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,?,00000000,?,00BEBD78,?,000000FF,?,00004000), ref: 00BEB29D
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,?,?,00BEBD78,?), ref: 00BEB2CE
CloseHandle.KERNEL32(00000000,?,00BEBD78,?), ref: 00BEB2E1
UnmapViewOfFile.KERNEL32(?,?,?,?,?,00BEBD78,?), ref: 00BEB319
CloseHandle.KERNEL32(?,?,?,?,?,00BEBD78,?), ref: 00BEB326
WriteFile.KERNEL32(000000FF,?,000000FF,00000000,00000000), ref: 00BEB39D

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: File$CloseHandleView$CreateMappingUnmapWrite
String ID:
API String ID: 2825254369-0
Opcode ID: 0a194155c4f566262ae1e877da811a56ebf932b4ec40aed659233f00effc9b21
Instruction ID: b3ac02fd666b5d88a985740674a0d3469eb167688b8ef437e2a2ee23c9962a77
Opcode Fuzzy Hash: 0a194155c4f566262ae1e877da811a56ebf932b4ec40aed659233f00effc9b21
Instruction Fuzzy Hash: 90517374A00148EFCB04CF99C995FAEB7B6AB88314F208598E915AB395C730EE41DB94

Uniqueness

Uniqueness Score: -1.00%

Function 00BF6768 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000,00BF0F83,00000000,?,?,00BF09DB,?,?,00000000,?), ref: 00BF676C
_free.LIBCMT ref: 00BF679F
_free.LIBCMT ref: 00BF67C7
SetLastError.KERNEL32(00000000,?,00000000,?), ref: 00BF67D4
SetLastError.KERNEL32(00000000,?,00000000,?), ref: 00BF67E0
_abort.LIBCMT ref: 00BF67E6

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 09bffff57ea285a57453ff4307179430080320dda9fb7486385abaeb0086358e
Instruction ID: 262421accabc5a939570abcbb9118229c0155a80b1fc40d6c85ce3fbd666027c
Opcode Fuzzy Hash: 09bffff57ea285a57453ff4307179430080320dda9fb7486385abaeb0086358e
Instruction Fuzzy Hash: 04F0F431144A0876C6223334AC86B7F23D9DFD1B79F3104A8FF14A3596EE208C0E8260

Uniqueness

Uniqueness Score: -1.00%

Function 00BE1D7F Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000008,?,74DF2EE0,00000000), ref: 00BE1D94
OpenProcessToken.ADVAPI32(00000000), ref: 00BE1D9B
GetLastError.KERNEL32 ref: 00BE1DA5
GetTokenInformation.ADVAPI32(?,00000014(TokenIntegrityLevel),?,00000004,?), ref: 00BE1DBE
CloseHandle.KERNEL32(00000000), ref: 00BE1DD4
__CxxThrowException@8.LIBVCRUNTIME ref: 00BE1DF6

Part of subcall function 00BEFC6B: RaiseException.KERNEL32(?,?,?,00BECC03,?,?,?,?,?,?,?,?,00BECC03,?,00C0BFD8), ref: 00BEFCCA

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ProcessToken$CloseCurrentErrorExceptionException@8HandleInformationLastOpenRaiseThrow
String ID:
API String ID: 661555004-0
Opcode ID: 92dfa92949cda6a068a490973f1f0b80b52c1457f0ba701838194189451633ee
Instruction ID: a8710a9f582614f9c85c47d42d42fe0bbd259da8285b4be3facbccf4618bd809
Opcode Fuzzy Hash: 92dfa92949cda6a068a490973f1f0b80b52c1457f0ba701838194189451633ee
Instruction Fuzzy Hash: CC014071D01258FBDB10DBA6DD09BEE7BBCEB44755F2185A5E904E2150D7309A04DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00BE4234 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00BE423B

Part of subcall function 00BE222C: _wcslen.LIBCMT ref: 00BE223F

_wcslen.LIBCMT ref: 00BE4285

Part of subcall function 00BE419A: GetConsoleWindow.KERNEL32 ref: 00BE41B7
Part of subcall function 00BE419A: ShellExecuteExW.SHELL32(0000003C), ref: 00BE41E6
Part of subcall function 00BE419A: WaitForSingleObject.KERNEL32(?,000007D0), ref: 00BE41FF
Part of subcall function 00BE419A: CloseHandle.KERNEL32(?), ref: 00BE4225

PathFileExistsW.SHLWAPI(?," /categories +all,00000000,?,00000000,000000FF,/nfo ",00000034,00BE431F,00000010,00BE4C57,00000001,00000000,00000001,00000000,Sound Booster), ref: 00BE42AD

Strings

/nfo ", xrefs: 00BE4257
" /categories +all, xrefs: 00BE427F, 00BE4284, 00BE428C

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _wcslen$CloseConsoleExecuteExistsFileH_prolog3_HandleObjectPathShellSingleWaitWindow
String ID: " /categories +all$/nfo "
API String ID: 1997390582-2283656642
Opcode ID: 51ce70df627d52cf5ef523c7c3b36dfcf2e73851ed63ccd7c67affc447d9b3a4
Instruction ID: 0c18b56e35727d5ea1005698dbcc7456cea089313084486efb0c5fd96b7fdca5
Opcode Fuzzy Hash: 51ce70df627d52cf5ef523c7c3b36dfcf2e73851ed63ccd7c67affc447d9b3a4
Instruction Fuzzy Hash: EF11A031841298AEDF14EBA2CC56BEDB7F8EF55724F140188F9017B1D2DB702A49CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00BF3D72 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00BF3D67,00000000,?,00BF3D07,00000000,00C0C2C0,0000000C,00BF3E1A,00000000,00000002), ref: 00BF3D92
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00BF3DA5
FreeLibrary.KERNEL32(00000000,?,?,?,00BF3D67,00000000,?,00BF3D07,00000000,00C0C2C0,0000000C,00BF3E1A,00000000,00000002), ref: 00BF3DC8

Strings

mscoree.dll, xrefs: 00BF3D8B
CorExitProcess, xrefs: 00BF3D9D

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: d846ae8cc18c1a3250dd91b0ca2d163ed5705e37cad5fb9acfb8a1f58cc2f13e
Instruction ID: 535e116f453fc2083170eb966fa32fa743f38f3eaae13c317441fc14b8dfd645
Opcode Fuzzy Hash: d846ae8cc18c1a3250dd91b0ca2d163ed5705e37cad5fb9acfb8a1f58cc2f13e
Instruction Fuzzy Hash: 0CF0AF30A0120CBBDB009B91DC49BEEBFFDEB04706F0581A5F905A6290CB358E44CA90

Uniqueness

Uniqueness Score: -1.00%

Function 00BF4870 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00BF48E2
_free.LIBCMT ref: 00BF4902

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 60710d5075957caee7a2c5f55d80b659f06e593b91474978b6500066ad419378
Instruction ID: 3b5976116916f6395c4ee300e1bbbda66f7803137feb32a97447c079686e462f
Opcode Fuzzy Hash: 60710d5075957caee7a2c5f55d80b659f06e593b91474978b6500066ad419378
Instruction Fuzzy Hash: D941D272A00208EFDB14DF78C881A6EB7E5EF85314F2585A9E615EB351DB71AD06CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00BEB640 Relevance: 7.6, APIs: 5, Instructions: 125COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(000000FF,?,?,?,?,?,?,?,?,?,00BEBF45), ref: 00BEB6B0
SetFilePointer.KERNEL32(000000FF,00000000,00000000,00000000), ref: 00BEB702

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: File$PointerType
String ID:
API String ID: 2827806931-0
Opcode ID: 7ce1fd8692ddf97aa4e8585e766df5339f847d521a0274734d6a839f4f91e938
Instruction ID: 427faf87a6b5c0cb15e36821b26909a7b7976ea0c93e587e277a928d18c9d2cd
Opcode Fuzzy Hash: 7ce1fd8692ddf97aa4e8585e766df5339f847d521a0274734d6a839f4f91e938
Instruction Fuzzy Hash: 8651F9B4E00249DFDB04CF99C495BAEBBB5FF48314F108199EA05AB391D735E985CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00BF9A77 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00BF9A80
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00BF9AA3

Part of subcall function 00BF5915: RtlAllocateHeap.NTDLL(00000000,?,?,?,00BECC8F,?,?,00BE1050,?,?,?,?,?), ref: 00BF5947

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00BF9AC9
_free.LIBCMT ref: 00BF9ADC
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00BF9AEB

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: c0104d98943a8fca62200ffda3419e8757bf843400b98e509f155c757ee6be13
Instruction ID: 336216ef5ba63918c9562ce24f4924d0402a5ed2218b898cb3ed9bcd9faec36a
Opcode Fuzzy Hash: c0104d98943a8fca62200ffda3419e8757bf843400b98e509f155c757ee6be13
Instruction Fuzzy Hash: 6801D4726026597F632156A75C88E7F6AECDAC6FA531501AAFB04D3100DE618D05D1B0

Uniqueness

Uniqueness Score: -1.00%

Function 00BE1CE5 Relevance: 7.6, APIs: 5, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00BE1D21
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00BE1D33
GetLastError.KERNEL32 ref: 00BE1D3D
FreeSid.ADVAPI32(?), ref: 00BE1D4D
__CxxThrowException@8.LIBVCRUNTIME ref: 00BE1D79

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AllocateCheckErrorException@8FreeInitializeLastMembershipThrowToken
String ID:
API String ID: 649603114-0
Opcode ID: b2a2196a3ab2f5b27e85c627bbcc6bcb44cc43ae64f27b3eddb40d9caef8cd89
Instruction ID: b0728b2d2abe79be6b3980a758e6271bc8fb8b2533c12650c1665340e040b317
Opcode Fuzzy Hash: b2a2196a3ab2f5b27e85c627bbcc6bcb44cc43ae64f27b3eddb40d9caef8cd89
Instruction Fuzzy Hash: 1A111C70D0125DABDB10DFA59C85BBEBBBCFF08744F5149A9E911A2241D7309E04CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00BF67EC Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00BF6B4B,00BF5958,?,?,00BECC8F,?,?,00BE1050,?,?,?,?,?), ref: 00BF67F1
_free.LIBCMT ref: 00BF6826
_free.LIBCMT ref: 00BF684D
SetLastError.KERNEL32(00000000), ref: 00BF685A
SetLastError.KERNEL32(00000000), ref: 00BF6863

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 1d543823a07676803b7e0eb93507e938d10168a841dbd95f011df5333ac5b08f
Instruction ID: 7f358e0a2991ce51b6b5c66c4fd9cfc7431e69152e9ed1bd8960b94edeead85c
Opcode Fuzzy Hash: 1d543823a07676803b7e0eb93507e938d10168a841dbd95f011df5333ac5b08f
Instruction Fuzzy Hash: D001D136244A0877C62223255C86B7F27EDEBD67F172100BEFF05A3192EE608C0E81A0

Uniqueness

Uniqueness Score: -1.00%

Function 00BFAB4F Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00BFAB67

Part of subcall function 00BF58DB: HeapFree.KERNEL32(00000000,00000000,?,00BFABE6,?,00000000,?,00000000,?,00BFAC0D,?,00000007,?,?,00BFB06F,?), ref: 00BF58F1
Part of subcall function 00BF58DB: GetLastError.KERNEL32(?,?,00BFABE6,?,00000000,?,00000000,?,00BFAC0D,?,00000007,?,?,00BFB06F,?,?), ref: 00BF5903

_free.LIBCMT ref: 00BFAB79
_free.LIBCMT ref: 00BFAB8B
_free.LIBCMT ref: 00BFAB9D
_free.LIBCMT ref: 00BFABAF

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: e6493d52303b8a6ed68a5a7ca5e4c3a5bdbc5c45418a95148a1a49a8f505a93c
Instruction ID: 60bd6c0c95c017c1b161af8fb21b580c3d5c37757b7f9eb95df5fe41e3eaa943
Opcode Fuzzy Hash: e6493d52303b8a6ed68a5a7ca5e4c3a5bdbc5c45418a95148a1a49a8f505a93c
Instruction Fuzzy Hash: 2CF062B24046086BC628DB68F4C6D2A73EAEA00B503650C95F24DE7A53CB30FC84CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00BF4ABF Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00BF4ADD

Part of subcall function 00BF58DB: HeapFree.KERNEL32(00000000,00000000,?,00BFABE6,?,00000000,?,00000000,?,00BFAC0D,?,00000007,?,?,00BFB06F,?), ref: 00BF58F1
Part of subcall function 00BF58DB: GetLastError.KERNEL32(?,?,00BFABE6,?,00000000,?,00000000,?,00BFAC0D,?,00000007,?,?,00BFB06F,?,?), ref: 00BF5903

_free.LIBCMT ref: 00BF4AEF
_free.LIBCMT ref: 00BF4B02
_free.LIBCMT ref: 00BF4B13
_free.LIBCMT ref: 00BF4B24

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 3a462db3505a8190ce2276c296f605eeb497ecae262763397e355e7e5efabbcf
Instruction ID: 2a4b918464f80d6a1bb41335f9276e3a15047b2173fc8f9a0e1c46e9dde467eb
Opcode Fuzzy Hash: 3a462db3505a8190ce2276c296f605eeb497ecae262763397e355e7e5efabbcf
Instruction Fuzzy Hash: D8F017B5845A248BD626AB18FC4176E3BE4EB04B2171309AEF21063A72C77408CBCF91

Uniqueness

Uniqueness Score: -1.00%

Function 00BF3E6D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe,00000104), ref: 00BF3EA8
_free.LIBCMT ref: 00BF3F73
_free.LIBCMT ref: 00BF3F7D

Strings

C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe, xrefs: 00BF3E9F, 00BF3EA6, 00BF3ED5, 00BF3F0D

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe
API String ID: 2506810119-3748090899
Opcode ID: 01c02c291f0f44cbc2ca462cd8195dd25feb3e59673405288f20e3d6dc11e7de
Instruction ID: 42bbf6acf706e6e6cc1f3859d8996ffad9e20bb5e1d0a72d31bbe8eec2a9d60c
Opcode Fuzzy Hash: 01c02c291f0f44cbc2ca462cd8195dd25feb3e59673405288f20e3d6dc11e7de
Instruction Fuzzy Hash: 28312371E0121CABDB21DF55D885EAEBBFCEB85B50B1040EAF60497211D7709F49CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00BE4339 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

OpenEventLogW.ADVAPI32(00000000,Application), ref: 00BE4344
BackupEventLogW.ADVAPI32(00000000,00000000), ref: 00BE435A
CloseEventLog.ADVAPI32(00000000), ref: 00BE4363

Strings

Application, xrefs: 00BE433B

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Event$BackupCloseOpen
String ID: Application
API String ID: 148420937-583488022
Opcode ID: 9e1e9ce46703c1c3f7b7b1371157e843dbbb5ce8ad00823e6e7d76ad13f92432
Instruction ID: eee6f9a9b92ae38fbbd7ce383402374fbaab3aca8fe081e1ef1868102af667cf
Opcode Fuzzy Hash: 9e1e9ce46703c1c3f7b7b1371157e843dbbb5ce8ad00823e6e7d76ad13f92432
Instruction Fuzzy Hash: B1E02B321012D093CF38162B680CB6F6AF8DF8671571602BEF552D7150CB248C01C994

Uniqueness

Uniqueness Score: -1.00%

Function 00BFAD1D Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00BF6B99,?,00000000,?,00000001,?,?,00000001,00BF6B99,?), ref: 00BFAD6A
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00BFADF3
GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00BF5A74,?), ref: 00BFAE05
__freea.LIBCMT ref: 00BFAE0E

Part of subcall function 00BF5915: RtlAllocateHeap.NTDLL(00000000,?,?,?,00BECC8F,?,?,00BE1050,?,?,?,?,?), ref: 00BF5947

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 5b6ae67af7f0d9cd836dbc8c5994cedb92875a4ef95f4c8d1c914130c9161ec8
Instruction ID: 63a16bf3245e4ac3f3e3804ff43430f22b6d317c6f56ad0f6142d706c90f621d
Opcode Fuzzy Hash: 5b6ae67af7f0d9cd836dbc8c5994cedb92875a4ef95f4c8d1c914130c9161ec8
Instruction Fuzzy Hash: D031C0B1A0020AABDF289F64DC81EBE7BE5EB04710F1541A8FD09D7190EB35CD58CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00BEB550 Relevance: 6.1, APIs: 4, Instructions: 70fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00BEB5BF
GetLastError.KERNEL32 ref: 00BEB5CE
CreateFileW.KERNEL32(000000FF,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00BEB5EC

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CreateFile$ErrorLast
String ID:
API String ID: 3733516855-0
Opcode ID: 169ae07accf87565357ad15a9036d9ea9b8e6451757a85f796bb0cf476c0d96d
Instruction ID: aa62be82109474e8579de1156e5b1560d2e8f51a6ee66e53c376fad9ba00dea3
Opcode Fuzzy Hash: 169ae07accf87565357ad15a9036d9ea9b8e6451757a85f796bb0cf476c0d96d
Instruction Fuzzy Hash: A431D874A00248FFEB24DFA5D999F9EBBB4EB44314F208198E5156B3C0C7759E84DB84

Uniqueness

Uniqueness Score: -1.00%

Function 00BF4477 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8692ae03dc9c9282229b542db48df926eafc23153ed5a0fd6c58dfc12f4f22a7
Instruction ID: 9018412f8f5ebc99bd56bd851ba33ba3d11ae570f9964ece4ce3facbc19dfb30
Opcode Fuzzy Hash: 8692ae03dc9c9282229b542db48df926eafc23153ed5a0fd6c58dfc12f4f22a7
Instruction Fuzzy Hash: A8018FB260961E7EF6202A786CC1F7B228CDB417B9B3547A5B721732D1DF708E488570

Uniqueness

Uniqueness Score: -1.00%

Function 00BF44F6 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e539de0c408254b5c0fc5443a160ac828cfefedf604a28c341ac745cef6ddc6
Instruction ID: 82dcb568d82d736ca89eb30cf0f4cf2c13341c7884378ca178debe7c64f30493
Opcode Fuzzy Hash: 5e539de0c408254b5c0fc5443a160ac828cfefedf604a28c341ac745cef6ddc6
Instruction Fuzzy Hash: 7501D6B210961A7FE620267C7CC0E7B63DCDFA13B833503A9B721631D5DB20CE088160

Uniqueness

Uniqueness Score: -1.00%

Function 00BF80B9 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,00BF8060,?,00000000,00000000,00000000,?,00BF82D1,00000006,FlsSetValue), ref: 00BF80EB
GetLastError.KERNEL32(?,00BF8060,?,00000000,00000000,00000000,?,00BF82D1,00000006,FlsSetValue,00C06040,00C06048,00000000,00000364,?,00BF683A), ref: 00BF80F7
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00BF8060,?,00000000,00000000,00000000,?,00BF82D1,00000006,FlsSetValue,00C06040,00C06048,00000000), ref: 00BF8105

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: ede456c9634c070b1d561ae8abc71a9ec366c3a7afe917838a1106a6b6781e86
Instruction ID: b27edd0558f167879e5939849cca6488b8852653fe39564a66c93772d8a01e67
Opcode Fuzzy Hash: ede456c9634c070b1d561ae8abc71a9ec366c3a7afe917838a1106a6b6781e86
Instruction Fuzzy Hash: B601843270562AABDB214A799C45B6B77DCEF0D7A17150761FA06E7140DF20DA06C6E0

Uniqueness

Uniqueness Score: -1.00%

Function 00BEDEFB Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 00BEDF12

Part of subcall function 00BEE54A: ___AdjustPointer.LIBCMT ref: 00BEE594

_UnwindNestedFrames.LIBCMT ref: 00BEDF29
___FrameUnwindToState.LIBVCRUNTIME ref: 00BEDF3B
CallCatchBlock.LIBVCRUNTIME ref: 00BEDF5F

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
String ID:
API String ID: 2633735394-0
Opcode ID: 3cbc2fd64af02f7ea80bf5655e8957b77a38434c99618603e3bbdbadd6cbcd02
Instruction ID: fce3e9d2ba4a09ed64bc03930c32cc594d5fee58b610894c6366ab5a5f4af735
Opcode Fuzzy Hash: 3cbc2fd64af02f7ea80bf5655e8957b77a38434c99618603e3bbdbadd6cbcd02
Instruction Fuzzy Hash: 35012532000189BBCF12AF56CC01EEA3BFAFF48754F058164F91966121D372E861EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00BEFF97 Relevance: 6.0, APIs: 4, Instructions: 14COMMON

Download Yara Rule

APIs

___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00BEFF97
___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00BEFF9C
___vcrt_initialize_locks.LIBVCRUNTIME ref: 00BEFFA1

Part of subcall function 00BF0359: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 00BF036A

___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00BEFFB6

Memory Dump Source

Source File: 00000008.00000002.2043197260.0000000000BE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00BE0000, based on PE: true

Associated: 00000008.00000002.2043179639.0000000000BE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043231474.0000000000C03000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043252630.0000000000C0E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043272831.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000008.00000002.2043293018.0000000000C12000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_be0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
String ID:
API String ID: 1761009282-0
Opcode ID: 567f552d64800ebde8380407fe9fe069553ec6f2a375e5d5452746e04cbc2f74
Instruction ID: 8b4e29cba8c21d9efbe041135dc62e31117e981059ecbbf4b8bdf8f9cbf906b7
Opcode Fuzzy Hash: 567f552d64800ebde8380407fe9fe069553ec6f2a375e5d5452746e04cbc2f74
Instruction Fuzzy Hash: F7C04C1403268B551C103B7211661BD63C08CAB3C5B9061E1FE501702BCB06041E62F7

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: SoundBoosterService.exePID: 5796, Parent PID: 6208COMMON

Execution Graph

Execution Coverage:	5.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.3%
Total number of Nodes:	1863
Total number of Limit Nodes:	62

Executed Functions

Function 004232C3 Relevance: 52.7, APIs: 14, Strings: 16, Instructions: 234
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 004232EE
GetLastError.KERNEL32(GetModuleFileName() FAILED. GetLastError()=), ref: 00423331
GetLastError.KERNEL32 ref: 0042334F
OpenSCManagerW.SECHOST(00000000,00000000,00000003), ref: 00423369
GetLastError.KERNEL32(OpenSCManager() FAILED. GetLastError()=), ref: 004233AE
CreateServiceW.ADVAPI32(00000000,SoundBoosterService,Letasoft Sound Booster Service,00020006,00000010,00000003,00000001,?,00000000,00000000,0043EA30,.\LocalSystem,00000000), ref: 00423402
GetLastError.KERNEL32(CreateService() FAILED. GetLastError()=), ref: 00423441
GetLastError.KERNEL32 ref: 00423463
ChangeServiceConfig2W.ADVAPI32(00000000,00000001,?), ref: 0042348F
GetLastError.KERNEL32(ChangeServiceConfig2() FAILED. GetLastError()=), ref: 004234CB
GetLastError.KERNEL32 ref: 004234ED
GetLastError.KERNEL32 ref: 004233CC

Part of subcall function 0042257A: InitializeCriticalSection.KERNEL32(004434B8,?,00422741), ref: 004225CE
Part of subcall function 0042257A: __Init_thread_footer.LIBCMT ref: 004225DF

CloseServiceHandle.ADVAPI32(00000000), ref: 0042357F
CloseServiceHandle.ADVAPI32(00000000), ref: 00423586

Part of subcall function 004222EF: GetCurrentThreadId.KERNEL32 ref: 0042236B

Strings

is installed, xrefs: 0042355A
Letasoft Sound Booster Service, xrefs: 004233F7
OpenSCManager failed w/err 0x%08lx, xrefs: 004233CF
GetModuleFileName failed w/err 0x%08lx, xrefs: 00423352
CreateService failed w/err 0x%08lx, xrefs: 0042346A
ServiceInstaller.cpp, xrefs: 0042330A, 00423387, 0042341A, 004234A5, 00423525
CreateService() FAILED. GetLastError()=, xrefs: 00423435
ChangeServiceConfig2() FAILED. GetLastError()=, xrefs: 004234BF
GetModuleFileName() FAILED. GetLastError()=, xrefs: 00423325
%s is installed., xrefs: 00423505
Service , xrefs: 00423540
SoundBoosterService, xrefs: 004233FC, 00423500, 0042354C
InstallService, xrefs: 00423311, 0042338E, 00423421, 004234AC, 0042352C
OpenSCManager() FAILED. GetLastError()=, xrefs: 004233A2
ChangeServiceConfig2 failed w/err 0x%08lx, xrefs: 004234F4
.\LocalSystem, xrefs: 004233D8

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: ErrorLast$Service$CloseHandle$ChangeConfig2CreateCriticalCurrentFileInit_thread_footerInitializeManagerModuleNameOpenSectionThread
String ID: is installed$%s is installed.$.\LocalSystem$ChangeServiceConfig2 failed w/err 0x%08lx$ChangeServiceConfig2() FAILED. GetLastError()=$CreateService failed w/err 0x%08lx$CreateService() FAILED. GetLastError()=$GetModuleFileName failed w/err 0x%08lx$GetModuleFileName() FAILED. GetLastError()=$InstallService$Letasoft Sound Booster Service$OpenSCManager failed w/err 0x%08lx$OpenSCManager() FAILED. GetLastError()=$Service $ServiceInstaller.cpp$SoundBoosterService
API String ID: 1288437450-1163846380
Opcode ID: 278a48ff3c360ea8ef44b427cf3a850200caa620ffa126872d43cf0ec0a24eb4
Instruction ID: cb47be0430f6faf93e95387e945cf2dd28adffb6207b2ba27f3dec740665fd1b
Opcode Fuzzy Hash: 278a48ff3c360ea8ef44b427cf3a850200caa620ffa126872d43cf0ec0a24eb4
Instruction Fuzzy Hash: C9711730741324BBD214BB22AD56F6E7768AF04B05F50509EF501AB1D2CEEC9E45CA9C

Uniqueness

Uniqueness Score: -1.00%

Function 00423A4B Relevance: 37.0, APIs: 7, Strings: 14, Instructions: 272
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 00423A55

Part of subcall function 0042257A: InitializeCriticalSection.KERNEL32(004434B8,?,00422741), ref: 004225CE
Part of subcall function 0042257A: __Init_thread_footer.LIBCMT ref: 004225DF

EnterCriticalSection.KERNEL32(00000004,000002C0), ref: 00423A68
LeaveCriticalSection.KERNEL32(00000004), ref: 00423A84
CreateWellKnownSid.ADVAPI32(?,00000000,?,00000044), ref: 00423BA6

Part of subcall function 00423E1A: RegOpenKeyExW.KERNELBASE(80000002,SOFTWARE\Letasoft\Sound Booster,00000000,00000101,?), ref: 00423E3B
Part of subcall function 00423E1A: RegQueryValueExW.KERNELBASE(?,MLS,00000000,?,?,?), ref: 00423E67
Part of subcall function 00423E1A: RegCloseKey.KERNELBASE(?), ref: 00423E82

Part of subcall function 00423F39: GetModuleHandleExW.KERNEL32(00000006,00000000,?), ref: 00423FCA
Part of subcall function 00423F39: GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00423FE6
Part of subcall function 00423F39: _wcsrchr.LIBVCRUNTIME ref: 00423FF9
Part of subcall function 00423F39: _wcsrchr.LIBVCRUNTIME ref: 0042400D
Part of subcall function 00423F39: LoadLibraryW.KERNELBASE(?), ref: 00424039
Part of subcall function 00423F39: GetProcAddress.KERNEL32(00000000,ProvideLogger), ref: 0042404C

Part of subcall function 004222EF: GetCurrentThreadId.KERNEL32 ref: 0042236B

Strings

Service failed to run w/err=, xrefs: 00423DCE
CreateWellKnownSid() Failed. i=, xrefs: 00423C1E
wmain, xrefs: 00423ADA, 00423B32, 00423BDD, 00423C0C, 00423C71, 00423CBB, 00423D12, 00423DBA
SoundBoosterService.cpp, xrefs: 00423AD3, 00423B2B, 00423BD3, 00423C02, 00423C67, 00423CB1, 00423D08, 00423DB0
install command, xrefs: 00423AEE
Unknown command line argument used, xrefs: 00423D24
Successfully installed service, xrefs: 00423B46
Failed to change security for service. i=, xrefs: 00423BEF
remove, xrefs: 00423C94
install, xrefs: 00423AB1
remove command, xrefs: 00423CCF
Service failed to run w/err 0x%08lx, xrefs: 00423DFB
Failed to install service, xrefs: 00423C83
D, xrefs: 00423B89

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: CriticalSection$Module_wcsrchr$AddressCloseCreateCurrentEnterFileH_prolog3_HandleInit_thread_footerInitializeKnownLeaveLibraryLoadNameOpenProcQueryThreadValueWell
String ID: CreateWellKnownSid() Failed. i=$D$Failed to change security for service. i=$Failed to install service$Service failed to run w/err 0x%08lx$Service failed to run w/err=$SoundBoosterService.cpp$Successfully installed service$Unknown command line argument used$install$install command$remove$remove command$wmain
API String ID: 2573466290-32031228
Opcode ID: 44b9919383369a7416b94e9ad784cc6bbb4ec2e9897bc97bd05ab890d9a97f24
Instruction ID: 61ff617c5cc76d2f732410b1394e7168d98c5db66bca07f995d2e48f47a5f14b
Opcode Fuzzy Hash: 44b9919383369a7416b94e9ad784cc6bbb4ec2e9897bc97bd05ab890d9a97f24
Instruction Fuzzy Hash: 6891B170741220BBD714AF62EE56F6E7774AF04709F9140AFF005AA192CBBC9E448A5E

Uniqueness

Uniqueness Score: -1.00%

Function 0042AEAB Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(00000000,?,0042AE81,00000000,00440198,0000000C,0042AF94,00000000,00000002,00000000), ref: 0042AECC
TerminateProcess.KERNEL32(00000000,?,0042AE81,00000000,00440198,0000000C,0042AF94,00000000,00000002,00000000), ref: 0042AED3
ExitProcess.KERNEL32 ref: 0042AEE5

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 7a1e7c5e6bb5ab05ebba6322da8d29da2ce33b023814411d6ca0829e40c86587
Instruction ID: abb7ee988cd9b108fcf2ad31744b997a82a62f499be6e33f42b773c4a77f3d81
Opcode Fuzzy Hash: 7a1e7c5e6bb5ab05ebba6322da8d29da2ce33b023814411d6ca0829e40c86587
Instruction Fuzzy Hash: 72E04631100618AFCF016F62EE08A5A7B69EB54361B81002AFC058A631CB39DD53EA88

Uniqueness

Uniqueness Score: -1.00%

Function 0042386C Relevance: 26.3, APIs: 3, Strings: 12, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00423876

Part of subcall function 00421B27: GetCurrentProcess.KERNEL32(00000008,?,00000000,00000000,00000000), ref: 00421B45
Part of subcall function 00421B27: OpenProcessToken.ADVAPI32(00000000), ref: 00421B4C
Part of subcall function 00421B27: GetLastError.KERNEL32 ref: 00421B56
Part of subcall function 00421B27: FindCloseChangeNotification.KERNELBASE(00000000), ref: 00421BDB
Part of subcall function 00421B27: LocalFree.KERNEL32(00000000), ref: 00421BEA

_strcat.LIBCMT ref: 0042389F
_strcat.LIBCMT ref: 004238EF

Strings

integrity=, xrefs: 00423973
High, xrefs: 004238D1
Low, xrefs: 004238DF
runAsAdmin=, xrefs: 0042393D
SoundBoosterService.cpp, xrefs: 00423907
System, xrefs: 004238CA
isElevatedProc=, xrefs: 00423958
Untrusted, xrefs: 004238E6
isUserAdmin=, xrefs: 00423922
LogProcessInfo, xrefs: 0042390E
Unknown, xrefs: 00423899
Medium, xrefs: 004238D8

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: Process_strcat$ChangeCloseCurrentErrorFindFreeH_prolog3_catch_LastLocalNotificationOpenToken
String ID: integrity=$ isElevatedProc=$ runAsAdmin=$High$LogProcessInfo$Low$Medium$SoundBoosterService.cpp$System$Unknown$Untrusted$isUserAdmin=
API String ID: 2350065001-994685661
Opcode ID: c75d4a09ae19abd8d0bc559abc19d4318019f6d4ad3c0cd16f2e5049896365e3
Instruction ID: 18cdb34a2a5b5ff369d4dee4ad3af5e677121ea3b37c0e06565918780870de7d
Opcode Fuzzy Hash: c75d4a09ae19abd8d0bc559abc19d4318019f6d4ad3c0cd16f2e5049896365e3
Instruction Fuzzy Hash: 2921F671B4123066DA25B6A2BD17BBE62A54F18B09FE0042FB501BB1D2DEAC5E40875E

Uniqueness

Uniqueness Score: -1.00%

Function 00421B27 Relevance: 19.6, APIs: 13, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(00000008,?,00000000,00000000,00000000), ref: 00421B45
OpenProcessToken.ADVAPI32(00000000), ref: 00421B4C
GetLastError.KERNEL32 ref: 00421B56
GetTokenInformation.KERNELBASE(?,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 00421B6D
GetLastError.KERNEL32 ref: 00421B7D
GetLastError.KERNEL32 ref: 00421B84
FindCloseChangeNotification.KERNELBASE(00000000), ref: 00421BDB
LocalFree.KERNEL32(00000000), ref: 00421BEA
__CxxThrowException@8.LIBVCRUNTIME ref: 00421C0D

Part of subcall function 00426D38: RaiseException.KERNEL32(?,?,?,0042418E,?,?,?,?,?,?,?,?,0042418E,?,0043FED4), ref: 00426D97

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: ErrorLast$ProcessToken$ChangeCloseCurrentExceptionException@8FindFreeInformationLocalNotificationOpenRaiseThrow
String ID:
API String ID: 1071881940-0
Opcode ID: 0b14c8c9e53937f97670a6798ca9d420c7a83e859a10286a1eb2ece677582183
Instruction ID: 306a4a9071869b11b1443c5f531daf2026eb7d9a24bdc6e61ae417551cac92b8
Opcode Fuzzy Hash: 0b14c8c9e53937f97670a6798ca9d420c7a83e859a10286a1eb2ece677582183
Instruction Fuzzy Hash: 21318635A00318AFDB159FA5EC89B9EFF74EB14711F51406AF905E2260EB38AD08DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00423F39 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 120
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0042257A: InitializeCriticalSection.KERNEL32(004434B8,?,00422741), ref: 004225CE
Part of subcall function 0042257A: __Init_thread_footer.LIBCMT ref: 004225DF

GetModuleHandleExW.KERNEL32(00000006,00000000,?), ref: 00423FCA
GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00423FE6
_wcsrchr.LIBVCRUNTIME ref: 00423FF9
_wcsrchr.LIBVCRUNTIME ref: 0042400D
LoadLibraryW.KERNELBASE(?), ref: 00424039
GetProcAddress.KERNEL32(00000000,ProvideLogger), ref: 0042404C
FreeLibrary.KERNEL32(00000000), ref: 0042407F

Strings

Sound Booster, xrefs: 00424058
ProvideLogger, xrefs: 00424046
Logger, xrefs: 00423F6C
.dll, xrefs: 00423F8E

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: LibraryModule_wcsrchr$AddressCriticalFileFreeHandleInit_thread_footerInitializeLoadNameProcSection
String ID: .dll$Logger$ProvideLogger$Sound Booster
API String ID: 3089204199-3424903129
Opcode ID: ec7ffa12e012ddf500ec212ca174fd67f3077b1a704d5e2fa38587ad9670877b
Instruction ID: 88b0e6fac165eb5bd7d241b43630460387f8e968220dacc88c389504028008b8
Opcode Fuzzy Hash: ec7ffa12e012ddf500ec212ca174fd67f3077b1a704d5e2fa38587ad9670877b
Instruction Fuzzy Hash: 0641A771B00314AADB24DF61EC45BAFB7F8EF48714F50446FE605E6190DB789E488A2C

Uniqueness

Uniqueness Score: -1.00%

Function 0042184C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNamedSecurityInfoW.ADVAPI32(SoundBoosterService,00000002,00000004,00000000,00000000,?,00000000,?), ref: 00421875
SetEntriesInAclW.ADVAPI32(00000001,000000F5,?,?), ref: 004218B5
SetNamedSecurityInfoW.ADVAPI32(SoundBoosterService,00000002,00000004,00000000,00000000,?,00000000), ref: 004218CC
LocalFree.KERNEL32(?), ref: 004218E2
LocalFree.KERNEL32(00000000), ref: 004218ED

Strings

SoundBoosterService, xrefs: 00421869, 00421871, 004218CB

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: FreeInfoLocalNamedSecurity$Entries
String ID: SoundBoosterService
API String ID: 2129671474-1996914151
Opcode ID: 1d6e98b6e2bdeb851337efe30cadb8f5ae827bbf229ba53160554069d6972c80
Instruction ID: 86557f219e34e296909cc8726de948acb4385afdf89f90e0222795d8310a8daf
Opcode Fuzzy Hash: 1d6e98b6e2bdeb851337efe30cadb8f5ae827bbf229ba53160554069d6972c80
Instruction Fuzzy Hash: E3214F71D00218BBDB259B96DC89EEFBBBCEB88714F11406AF904B2250D7344E04DB64

Uniqueness

Uniqueness Score: -1.00%

Function 00423E1A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000002,SOFTWARE\Letasoft\Sound Booster,00000000,00000101,?), ref: 00423E3B
RegQueryValueExW.KERNELBASE(?,MLS,00000000,?,?,?), ref: 00423E67
RegCloseKey.KERNELBASE(?), ref: 00423E82

Strings

MLS, xrefs: 00423E5F
SOFTWARE\Letasoft\Sound Booster, xrefs: 00423E31

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: MLS$SOFTWARE\Letasoft\Sound Booster
API String ID: 3677997916-2912749924
Opcode ID: 000e0e8db6a42dfad7c57de51d4204ecc4131eb05bfaf42d47e430c75f0309f0
Instruction ID: 37f5abecaf831dd827c4b8722969b5351e46d5d5ee2ce756342b62b961b54f31
Opcode Fuzzy Hash: 000e0e8db6a42dfad7c57de51d4204ecc4131eb05bfaf42d47e430c75f0309f0
Instruction Fuzzy Hash: 5E012871A00218FADB20DF96EC08EDFBBBCEB94751F1141AAE910A2150D7B45B08CA95

Uniqueness

Uniqueness Score: -1.00%

Function 00422500 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(00000000,ReleaseLogger), ref: 0042253F
FreeLibrary.KERNELBASE(?,?,?,0043761B,000000FF,?,004224BD), ref: 00422554
DeleteCriticalSection.KERNEL32(?,4EF4507E,?,?,0043761B,000000FF,?,004224BD), ref: 0042255E

Strings

ReleaseLogger, xrefs: 00422537

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: AddressCriticalDeleteFreeLibraryProcSection
String ID: ReleaseLogger
API String ID: 1152769218-621462491
Opcode ID: 6fe3dcb0181cf9b38cbe4b50cdcb268fcef19e77c37bfbc0245b3d6c9b6dba09
Instruction ID: c18e0dfa536adfb9a4d6043f219074d55b102c4ffdc5857272463f342149f658
Opcode Fuzzy Hash: 6fe3dcb0181cf9b38cbe4b50cdcb268fcef19e77c37bfbc0245b3d6c9b6dba09
Instruction Fuzzy Hash: 43017C32104B05EFD7248F59ED04B52BBF8FB08754F105A2EE546826A0EBB9A904CB48

Uniqueness

Uniqueness Score: -1.00%

Function 0042E649 Relevance: 6.1, APIs: 4, Instructions: 52
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,?,00000000,00000000,?,0042E5F0,?,00000000,00000000,00000000,?,0042E861,00000006,FlsSetValue), ref: 0042E67B
GetLastError.KERNEL32(?,0042E5F0,?,00000000,00000000,00000000,?,0042E861,00000006,FlsSetValue,0043A3E8,0043A3F0,00000000,00000364,?,0042CDCA), ref: 0042E687
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0042E5F0,?,00000000,00000000,00000000,?,0042E861,00000006,FlsSetValue,0043A3E8,0043A3F0,00000000), ref: 0042E695

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: f12ba65e23131059e35a8e85ffe2ebc94b644ddf69341fcf544ab3a0ffb6e74e
Instruction ID: e19e4c9ec219430d26598476160ba1f9938b5b1ba031cd5c2727c572563461c8
Opcode Fuzzy Hash: f12ba65e23131059e35a8e85ffe2ebc94b644ddf69341fcf544ab3a0ffb6e74e
Instruction Fuzzy Hash: BA018432711332ABCB214A7ABC44E57B768AF66B617A10635FD05D7390DB28DC1186EC

Uniqueness

Uniqueness Score: -1.00%

Function 00433FC5 Relevance: 4.7, APIs: 3, Instructions: 186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d01d8d0f0e3fa23fc23d3b85db153aba18c473ebb3ed17f0eddf33c4b4b2dec
Instruction ID: a3aaffe6499ba7990d129c2a8e308375b14646c9aeac175aa66d2b98722178eb
Opcode Fuzzy Hash: 9d01d8d0f0e3fa23fc23d3b85db153aba18c473ebb3ed17f0eddf33c4b4b2dec
Instruction Fuzzy Hash: C251F571E002199BDF149FA5C809FEFBBB4EF9D318F54111BE400A7292D778A941CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00433BE0 Relevance: 3.1, APIs: 2, Instructions: 77
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,FF8BC35D,00000000,?,?,0043411C,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 00433C7B
GetLastError.KERNEL32(?,0043411C,?,00000000,FF8BC35D,00000000,00000000,FF8BC369,00000000,0042882A,?,00000000,?,FFEC8B55,?,75FF2075), ref: 00433CA4

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 8c46398976eeec9502d544c44fab1397cd5c0616ebc2f868a2979af2be9bd2e2
Instruction ID: a642bd9fd3e31540a64bcb86c1ee7a33e35a20966fec9a3dbc51d7a43c3002a0
Opcode Fuzzy Hash: 8c46398976eeec9502d544c44fab1397cd5c0616ebc2f868a2979af2be9bd2e2
Instruction Fuzzy Hash: 2E2182366002199FCB24CF69DD80AE9B3F5EB48316F1054AAE94AE7251D634AE85CB18

Uniqueness

Uniqueness Score: -1.00%

Function 0042E45B Relevance: 3.1, APIs: 2, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 0042E4A7
GetFileType.KERNELBASE(00000000), ref: 0042E4B9

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 7af6fe035fcbc6b33c1b3868697f75432b5b2cda1d5c96981758a79023188166
Instruction ID: bf0c3d8f6c50870f489a966eb101ff03e263b96e73a2d2efce2602dc8849cafc
Opcode Fuzzy Hash: 7af6fe035fcbc6b33c1b3868697f75432b5b2cda1d5c96981758a79023188166
Instruction Fuzzy Hash: 1811D53170876156DB305E3FEC9C223BA949B56334BB8072BE1B6863F1D638D8829249

Uniqueness

Uniqueness Score: -1.00%

Function 0042E5AD Relevance: 3.1, APIs: 2, Instructions: 65
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(00000000,?), ref: 0042E60D
__crt_fast_encode_pointer.LIBVCRUNTIME ref: 0042E61A

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: AddressProc__crt_fast_encode_pointer
String ID:
API String ID: 2279764990-0
Opcode ID: 895ecbd4daceb85a1fa78a8c0000885d756bebce42a087e5bb0008a8f68b76d3
Instruction ID: 9a42527cca74157c93b2b662ecf2c521f3f04a4b4b1034fb5120c49588a27ad5
Opcode Fuzzy Hash: 895ecbd4daceb85a1fa78a8c0000885d756bebce42a087e5bb0008a8f68b76d3
Instruction Fuzzy Hash: 9C112337B001309B9B219F2AFC4095B7395AB913287DA4222FE14EB344DB34EC01C699

Uniqueness

Uniqueness Score: -1.00%

Function 0042BEEA Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,0042420C,?,?,00421072,?,?,?,?,?), ref: 0042BF1C

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d7f8907da04e026d3806eaf8d9b88a51ed097e2d1aedd003814c781ed793e3e2
Instruction ID: 1a1a25f6de766a92b04007bf8ee2df4b717f4a7a52290d8f3656b60bb874ea65
Opcode Fuzzy Hash: d7f8907da04e026d3806eaf8d9b88a51ed097e2d1aedd003814c781ed793e3e2
Instruction Fuzzy Hash: 19E0A03130027166DA312762BD00BABB748DF513A1F92002BAD15D22D0DF58DC0289EE

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0042359F Relevance: 51.0, APIs: 14, Strings: 15, Instructions: 218servicesleepCOMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 004235C5
GetLastError.KERNEL32(OpenSCManager() FAILED. GetLastError()=), ref: 0042360D
ControlService.ADVAPI32(00000000,00000001,?), ref: 004236CE
Sleep.KERNEL32(000003E8), ref: 00423708
QueryServiceStatus.ADVAPI32(00000000,?), ref: 0042370F
DeleteService.ADVAPI32(00000000), ref: 0042373B
GetLastError.KERNEL32(DeleteService() FAILED. GetLastError()=), ref: 0042377C
GetLastError.KERNEL32 ref: 0042379E
GetLastError.KERNEL32 ref: 0042362B

Part of subcall function 004222EF: GetCurrentThreadId.KERNEL32 ref: 0042236B

OpenServiceW.ADVAPI32(00000000,SoundBoosterService,00010024), ref: 0042364B
GetLastError.KERNEL32(OpenService() FAILED. GetLastError()=), ref: 0042368D
GetLastError.KERNEL32 ref: 004236AF
CloseServiceHandle.ADVAPI32(00000000), ref: 00423826
CloseServiceHandle.ADVAPI32(00000000), ref: 0042382D

Part of subcall function 0042257A: InitializeCriticalSection.KERNEL32(004434B8,?,00422741), ref: 004225CE
Part of subcall function 0042257A: __Init_thread_footer.LIBCMT ref: 004225DF

Strings

Stopping %s., xrefs: 004236D9
OpenSCManager failed w/err 0x%08lx, xrefs: 0042362E
%s is removed., xrefs: 004237B0
was removed, xrefs: 00423801
ServiceInstaller.cpp, xrefs: 004235E3, 00423663, 00423752, 004237C9
%s failed to stop., xrefs: 0042372E
OpenService() FAILED. GetLastError()=, xrefs: 00423681
DeleteService() FAILED. GetLastError()=, xrefs: 00423770
DeleteService failed w/err 0x%08lx, xrefs: 004237A5
OpenService failed w/err 0x%08lx, xrefs: 004236B6
Service , xrefs: 004237E7
UninstallService, xrefs: 004235ED, 0042366D, 0042375C, 004237D3
SoundBoosterService, xrefs: 00423644, 00423649, 004236D8, 0042371C, 00423721, 004237AF, 004237F3
OpenSCManager() FAILED. GetLastError()=, xrefs: 00423601
%s is stopped., xrefs: 00423727

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: ErrorLastService$CloseHandleOpen$ControlCriticalCurrentDeleteInit_thread_footerInitializeManagerQuerySectionSleepStatusThread
String ID: %s failed to stop.$%s is stopped.$ was removed$%s is removed.$DeleteService failed w/err 0x%08lx$DeleteService() FAILED. GetLastError()=$OpenSCManager failed w/err 0x%08lx$OpenSCManager() FAILED. GetLastError()=$OpenService failed w/err 0x%08lx$OpenService() FAILED. GetLastError()=$Service $ServiceInstaller.cpp$SoundBoosterService$Stopping %s.$UninstallService
API String ID: 2287550315-30142437
Opcode ID: 8185f9ed72ea42d421df61c08c0acd73230d8c36c415479e0054711155859fa0
Instruction ID: dcceb6dfb852b6a2553c43d9706cca019d2818a6bf98ab6eb7d6208202e0fb15
Opcode Fuzzy Hash: 8185f9ed72ea42d421df61c08c0acd73230d8c36c415479e0054711155859fa0
Instruction Fuzzy Hash: 1D611471741330BBD614BB22AD4AF6E77B4AF44B15F51506FF001AB2D2CEAC9E01869D

Uniqueness

Uniqueness Score: -1.00%

Function 004210C4 Relevance: 9.1, APIs: 6, Instructions: 84threadpipeCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004210CB
CreateNamedPipeW.KERNEL32(?,00000003,00000006,000000FF,00000000), ref: 0042112C

Part of subcall function 004211B9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 004211F2
Part of subcall function 004211B9: InitializeCriticalSection.KERNEL32(?), ref: 00421223
Part of subcall function 004211B9: DeleteCriticalSection.KERNEL32(?,?), ref: 00421257
Part of subcall function 004211B9: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00421265
Part of subcall function 004211B9: CloseHandle.KERNEL32(00000000), ref: 00421272
Part of subcall function 004211B9: CloseHandle.KERNEL32(00000000), ref: 00421292

CreateThread.KERNEL32(00000000,00000000,004212AE,?,00000004,?), ref: 00421154
SetThreadPriority.KERNEL32(?,?,?,00000004,?), ref: 00421185
ResumeThread.KERNEL32(?,?,00000004,?), ref: 0042118E
CloseHandle.KERNEL32(00000000,?,00000004,?), ref: 00421199

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: CloseHandleThread$CreateCriticalObjectSectionSingleWait$DeleteH_prolog3InitializeNamedPipePriorityResume
String ID:
API String ID: 3964462498-0
Opcode ID: 2f7ebccf6fc257abfc5702ff09b290604a4cfe863e8c283c88bca74419043919
Instruction ID: b8f795e358fe8b0147ac95440568100911cb9d3d2913cae2bf92c616c9ff2ca6
Opcode Fuzzy Hash: 2f7ebccf6fc257abfc5702ff09b290604a4cfe863e8c283c88bca74419043919
Instruction Fuzzy Hash: 46318F70B40216EFDB14CF64D845BBABBB4FF18310F60821AF515A72A0DB38A954CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00431940 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 464COMMON

Download Yara Rule

Strings

[/C, xrefs: 00431DA8, 00431B92, 00431A21
[/C, xrefs: 0043195D, 00431B08, 00431D2C, 00431CC6, 00431B56, 00431AE4

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID:
String ID: [/C$[/C
API String ID: 0-3882296886
Opcode ID: a6a54f347a226206b0a14f449610549a00a97757e709e9f7049fcee8d88ff015
Instruction ID: 97e9f70a21ee6225ba37365f84004e751771d1c71ca8504840839bf9141aef55
Opcode Fuzzy Hash: a6a54f347a226206b0a14f449610549a00a97757e709e9f7049fcee8d88ff015
Instruction Fuzzy Hash: AD022D71E002199BDF14CFA9C9806AEF7F1EF49324F25916AD819E7350D735AE41CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00424BB8 Relevance: 6.1, APIs: 4, Instructions: 75COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00424BC5
IsDebuggerPresent.KERNEL32(?,?,?,00000017), ref: 00424C8D
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,00000017), ref: 00424CAC
UnhandledExceptionFilter.KERNEL32(?,?,?,?,00000017), ref: 00424CB6

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: b4ccfeb140c95c627b72455c7f0dae7785e36e36c0d63c13459496d11c7f5b7e
Instruction ID: 32757de0304f591ad0c403cd85a18b9827ab16c77d63e0515c9c598058bec0ae
Opcode Fuzzy Hash: b4ccfeb140c95c627b72455c7f0dae7785e36e36c0d63c13459496d11c7f5b7e
Instruction Fuzzy Hash: 32311AB5D0122C9BCB60DFA5D989ACDBBB8EF08304F0041EAE40CA7210EB745B85CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004227A2 Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 340COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 004227AC

Part of subcall function 0042257A: InitializeCriticalSection.KERNEL32(004434B8,?,00422741), ref: 004225CE
Part of subcall function 0042257A: __Init_thread_footer.LIBCMT ref: 004225DF

Part of subcall function 004222EF: GetCurrentThreadId.KERNEL32 ref: 0042236B

Strings

ApoControlManager::DoValidateInstallation, xrefs: 004228A6, 004228DD
UNSUPPORTED pMsg->_type arrived, xrefs: 00422825
FAILED, xrefs: 004228EB, 00422C29
ApoControlManager::DisableAllButSbapo, xrefs: 00422B2C, 00422B60
ApoControlManager::PerformServiceRestart, xrefs: 00422956, 0042298A
ApoControlManager::DoUninstall, xrefs: 004229F4, 00422A28
SampleService.cpp, xrefs: 00422808, 0042288A, 004228C2, 0042293D, 00422972, 004229DB, 00422A10, 00422A75, 00422AAA, 00422B13, 00422B48, 00422BAE, 00422C03
AudioSrv, xrefs: 00422913
SUCCEEDED, xrefs: 00422BD5
ApoControlManager::SetEnhancementState( false ), xrefs: 00422BC7, 00422C1D
ApoControlManager::DoInstall, xrefs: 00422A8E, 00422AC2
CSampleService::OnPipeMessage, xrefs: 00422812, 00422894, 004228CC, 00422944, 00422979, 004229E2, 00422A17, 00422A7C, 00422AB1, 00422B1A, 00422B4F, 00422BB5, 00422C0A

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: CriticalCurrentH_prolog3_Init_thread_footerInitializeSectionThread
String ID: FAILED$ SUCCEEDED$ApoControlManager::DisableAllButSbapo$ApoControlManager::DoInstall$ApoControlManager::DoUninstall$ApoControlManager::DoValidateInstallation$ApoControlManager::PerformServiceRestart$ApoControlManager::SetEnhancementState( false )$AudioSrv$CSampleService::OnPipeMessage$SampleService.cpp$UNSUPPORTED pMsg->_type arrived
API String ID: 2740103817-3421508619
Opcode ID: e88c36707f1da7a2570ce185c9fabc537456a43e11910a5c175e4829170124db
Instruction ID: f7c5e41883f6093f68a850021d7ce6911ce76992af9e8fc4ac9be6983e22aa5e
Opcode Fuzzy Hash: e88c36707f1da7a2570ce185c9fabc537456a43e11910a5c175e4829170124db
Instruction Fuzzy Hash: 1AB19270781234BAD618EB62EE53FEE7360AF14B09F9040AFF101961D5CAFC9A45CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 004218F8 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,?), ref: 00421921
OpenProcessToken.ADVAPI32(00000000), ref: 00421928
GetTokenInformation.ADVAPI32(?,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00421954
GetTokenInformation.ADVAPI32(?,00000013(TokenIntegrityLevel),?,00000004,?), ref: 0042196F
DuplicateToken.ADVAPI32(?,00000001,?), ref: 00421983
CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 0042199F
CheckTokenMembership.ADVAPI32(?,?,?), ref: 004219B4
GetLastError.KERNEL32 ref: 004219BE
CloseHandle.KERNEL32(?), ref: 004219D4
CloseHandle.KERNEL32(?), ref: 004219E1
__CxxThrowException@8.LIBVCRUNTIME ref: 00421A0A

Strings

D, xrefs: 00421990

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: Token$CloseHandleInformationProcess$CheckCreateCurrentDuplicateErrorException@8KnownLastMembershipOpenThrowWell
String ID: D
API String ID: 3332473350-2746444292
Opcode ID: 466668856a2ac48c9d5518444b72af37e8f62f09233bff4f75f70ec2fea82857
Instruction ID: f3fb8697e1e92dbc00e73c8f931ed62b5a0acc675a5bac9b3018cd7bef8f7359
Opcode Fuzzy Hash: 466668856a2ac48c9d5518444b72af37e8f62f09233bff4f75f70ec2fea82857
Instruction Fuzzy Hash: 8C31FAB1E0021CABDF10DFD5DC84AAEFBBCEF14750F51412AE501AA264DB749949CF64

Uniqueness

Uniqueness Score: -1.00%

Function 004222EF Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 97threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0042236B

Strings

C, xrefs: 00422361
FATAL, xrefs: 00422339
INFO, xrefs: 00422357
WARNING, xrefs: 0042234D
%s [%d] , xrefs: 00422379
[%s@%s:%d] , xrefs: 0042240A
NONE, xrefs: 0042232F
ERROR, xrefs: 00422343
[this=0x%p] , xrefs: 00422398

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: CurrentThread
String ID: C$%s [%d] $ERROR$FATAL$INFO$NONE$WARNING$[%s@%s:%d] $[this=0x%p]
API String ID: 2882836952-3278680247
Opcode ID: 2f50bbcb9708fa0fea95a7c6138721d6958296081f55fcd519fb7d27cfe0241b
Instruction ID: b916878c4398ee977b99b6cb7a008ca45413a72e1b9efc9814f881a7a1ad88fa
Opcode Fuzzy Hash: 2f50bbcb9708fa0fea95a7c6138721d6958296081f55fcd519fb7d27cfe0241b
Instruction Fuzzy Hash: B2318471B00328BBDF10DFA5DC45BDEB7B8AB09708F50449AF508A7281DBB59E448B69

Uniqueness

Uniqueness Score: -1.00%

Function 004212AE Relevance: 15.1, APIs: 10, Instructions: 123filepipeCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 004212B5
CoInitialize.OLE32(00000000), ref: 004212BD
ConnectNamedPipe.KERNEL32(?,00000000), ref: 004212FE
GetLastError.KERNEL32 ref: 0042130D
ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 0042134A
GetLastError.KERNEL32 ref: 00421356
WriteFile.KERNEL32(00000010,00000000,00000010,?,00000000), ref: 004213B8
FlushFileBuffers.KERNEL32(?), ref: 004213E5
DisconnectNamedPipe.KERNEL32(?), ref: 004213EC

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: File$ErrorLastNamedPipe$BuffersConnectDisconnectFlushH_prolog3_catchInitializeReadWrite
String ID:
API String ID: 1267701856-0
Opcode ID: f6a05907e2556b43ab2d43fc36c9da7a7a5a9530089d2baecca82349b2a1cc20
Instruction ID: c89bf881388e54e49a979872e39da99a75e226e6b431cbfaca22a6340147772b
Opcode Fuzzy Hash: f6a05907e2556b43ab2d43fc36c9da7a7a5a9530089d2baecca82349b2a1cc20
Instruction Fuzzy Hash: 9741A471E00228DFDB14DFA5E884BAEBBB5EF19304F50406AF805E7261CB759D45CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00421DBF Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00421DC6
_wcslen.LIBCMT ref: 00421DF7
LoadLibraryW.KERNEL32(?,?,?,?,?,?,.dll,?,?,?,?,?,00000034), ref: 00421E7E
GetProcAddress.KERNEL32(00000000,CreateApoControl), ref: 00421E91
FreeLibrary.KERNEL32(00000001,?,?,?,?,?,.dll,?,?,?,?,?,00000034), ref: 00421EA6

Strings

CreateApoControl, xrefs: 00421E8B
.dll, xrefs: 00421DEA, 00421DF2, 00421DFD, 00421E1D, 00421E3E

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: Library$AddressFreeH_prolog3_LoadProc_wcslen
String ID: .dll$CreateApoControl
API String ID: 2216541711-177489213
Opcode ID: 0e69c6de73616ec9b74f01012fc23fb951b43dfd56966b278891796f4ded9e5a
Instruction ID: 17c26fc2be8f2508079759314538e174cee3f04558ed9974baeb31b607a7586b
Opcode Fuzzy Hash: 0e69c6de73616ec9b74f01012fc23fb951b43dfd56966b278891796f4ded9e5a
Instruction Fuzzy Hash: E7319270B00318DECB10DFA5DC95ADEBBF8AF18308F90142EE542E3261DB389944CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0043394A Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,004340BF,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 0043398C
__fassign.LIBCMT ref: 00433A07
__fassign.LIBCMT ref: 00433A22
WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 00433A48
WriteFile.KERNEL32(?,FF8BC35D,00000000,004340BF,00000000,?,?,?,?,?,?,?,?,?,004340BF,?), ref: 00433A67
WriteFile.KERNEL32(?,?,00000001,004340BF,00000000,?,?,?,?,?,?,?,?,?,004340BF,?), ref: 00433AA0

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: b9fe0edc13dfbcd7675cb06be2027e392c7ed1bdd01b1c952ce4ee93a481a5c0
Instruction ID: f5dd2f5e5865f9159951d6c1192969091a234884880df6d089b90398d3e01f7a
Opcode Fuzzy Hash: b9fe0edc13dfbcd7675cb06be2027e392c7ed1bdd01b1c952ce4ee93a481a5c0
Instruction Fuzzy Hash: 4A51D170A002499FCF10DFA8D895AEEBBF4EF09301F14416BE991E7291E7349A41CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0042307C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 71registryCOMMON

Download Yara Rule

APIs

RegisterEventSourceW.ADVAPI32(00000000,?), ref: 004230A9
ReportEventW.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000002,00000000,?,00000000), ref: 004230D7
DeregisterEventSource.ADVAPI32(00000000), ref: 004230DE

Strings

ServiceBase.cpp, xrefs: 004230F0
CServiceBase::WriteEventLogEntry, xrefs: 004230FA
Service error: , xrefs: 0042310E

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: Event$Source$DeregisterRegisterReport
String ID: CServiceBase::WriteEventLogEntry$Service error: $ServiceBase.cpp
API String ID: 3235303502-3086274369
Opcode ID: 64561bbd3c8c270019dd31c5a6cc2cbef6ffd8af09f955310ee0d542a3cd3c4a
Instruction ID: 7754155dc76dc286bde2a7ec50a76c9f7c59797bb2d3d14b9eb2e659048a9bc9
Opcode Fuzzy Hash: 64561bbd3c8c270019dd31c5a6cc2cbef6ffd8af09f955310ee0d542a3cd3c4a
Instruction Fuzzy Hash: 7C218A70B01224BBD718AF21DD46EAAB778EF48704F4045AEB50597281DAF89D41CB98

Uniqueness

Uniqueness Score: -1.00%

Function 004211B9 Relevance: 10.6, APIs: 7, Instructions: 65synchronizationthreadCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 004211F2
InitializeCriticalSection.KERNEL32(?), ref: 00421223

Part of subcall function 004214CE: EnterCriticalSection.KERNEL32(?,?,?,00421250,?), ref: 004214D6
Part of subcall function 004214CE: CloseHandle.KERNEL32(?,?,?,00421250,?), ref: 004214E3
Part of subcall function 004214CE: LeaveCriticalSection.KERNEL32(?,?,?,00421250,?), ref: 004214ED

DeleteCriticalSection.KERNEL32(?,?), ref: 00421257
WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00421265
CloseHandle.KERNEL32(00000000), ref: 00421272
TerminateThread.KERNEL32(00000000,00000001), ref: 0042127F
CloseHandle.KERNEL32(00000000), ref: 00421292

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: CriticalSection$CloseHandle$ObjectSingleWait$DeleteEnterInitializeLeaveTerminateThread
String ID:
API String ID: 499989784-0
Opcode ID: fb69e41c9e8634cbd39b26acdf0a489d37e9a07240eac5792df3700fe889f731
Instruction ID: 6b7ad0619010e90e92185e7ff9b3420749a635802a4f6dce68723ba512c18cdd
Opcode Fuzzy Hash: fb69e41c9e8634cbd39b26acdf0a489d37e9a07240eac5792df3700fe889f731
Instruction Fuzzy Hash: ED217430A00714DFDB359B20EC09B9AB7B5AF18311F5185AEF19AA11A1DBB8A584CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004315E9 Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00429D0F,00429D0F,?,?,?,0043183A,00000001,00000001,63E85006), ref: 00431643
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0043183A,00000001,00000001,63E85006,?,?,?), ref: 004316C9
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,63E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 004317C3
__freea.LIBCMT ref: 004317D0

Part of subcall function 0042BEEA: RtlAllocateHeap.NTDLL(00000000,?,?,?,0042420C,?,?,00421072,?,?,?,?,?), ref: 0042BF1C

__freea.LIBCMT ref: 004317D9
__freea.LIBCMT ref: 004317FE

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: aa8b1a81316c297ede1b44945df34707c74bab78bbfca113d02ecf28fe4feaba
Instruction ID: ff78e13e3b017aa973e0d29ae6c9845566ebcbdee6a272cf76a6b67da290c31c
Opcode Fuzzy Hash: aa8b1a81316c297ede1b44945df34707c74bab78bbfca113d02ecf28fe4feaba
Instruction Fuzzy Hash: 27510572600216AFDB259F65CC41EBB77AAEB48754F18522FFC04D62A0EB38DC40C668

Uniqueness

Uniqueness Score: -1.00%

Function 004276B8 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,004276AF,00425C18,00440018,00000010,004253E0,?,?,?,?,?,00000000,?), ref: 004276C6
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004276D4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004276ED
SetLastError.KERNEL32(00000000,004276AF,00425C18,00440018,00000010,004253E0,?,?,?,?,?,00000000,?), ref: 0042773F

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 8504999eec56c6c32d6c7bce14f39f87264a9589268a443a2c201af543cd0deb
Instruction ID: 617437f005dbc73f85f9874a1ca7100ec5e4a372d68ea0086ca3fe16a1ae6468
Opcode Fuzzy Hash: 8504999eec56c6c32d6c7bce14f39f87264a9589268a443a2c201af543cd0deb
Instruction Fuzzy Hash: 0801D83631E7315E962417B57C85A5B6B95EB527B87E0023FFA10851E0EF995C02D28C

Uniqueness

Uniqueness Score: -1.00%

Function 00421AAA Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000008,?,74DF2EE0,00000000), ref: 00421ABF
OpenProcessToken.ADVAPI32(00000000), ref: 00421AC6
GetLastError.KERNEL32 ref: 00421AD0
GetTokenInformation.ADVAPI32(?,00000014(TokenIntegrityLevel),?,00000004,?), ref: 00421AE9
CloseHandle.KERNEL32(00000000), ref: 00421AFF
__CxxThrowException@8.LIBVCRUNTIME ref: 00421B21

Part of subcall function 00426D38: RaiseException.KERNEL32(?,?,?,0042418E,?,?,?,?,?,?,?,?,0042418E,?,0043FED4), ref: 00426D97

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: ProcessToken$CloseCurrentErrorExceptionException@8HandleInformationLastOpenRaiseThrow
String ID:
API String ID: 661555004-0
Opcode ID: 12be04353e92c51b639fe7689c46e97adbfc7c8c7356e231f4e030e8b106bbfc
Instruction ID: acce4bc698f2aa52061ed954f4d1f3eeece6dfe17a7b847596981afb8bcc7d5e
Opcode Fuzzy Hash: 12be04353e92c51b639fe7689c46e97adbfc7c8c7356e231f4e030e8b106bbfc
Instruction Fuzzy Hash: 69015231A0021CFBDB10DB95DD09BEFBB78EB54711F51446AF905E2160DB749E08DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0042AEEC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0042AEE1,00000000,?,0042AE81,00000000,00440198,0000000C,0042AF94,00000000,00000002), ref: 0042AF0C
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0042AF1F
FreeLibrary.KERNEL32(00000000,?,?,?,0042AEE1,00000000,?,0042AE81,00000000,00440198,0000000C,0042AF94,00000000,00000002), ref: 0042AF42

Strings

mscoree.dll, xrefs: 0042AF05
CorExitProcess, xrefs: 0042AF17

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: d716e20e8d776330256e00ad3ea9714eefbd1ad14a8f61f6165e15d2817f44f3
Instruction ID: f64bc9f5cef64fd5acdbfc698af674aeb5f18e170fcff7b395dbcc1402f2ae41
Opcode Fuzzy Hash: d716e20e8d776330256e00ad3ea9714eefbd1ad14a8f61f6165e15d2817f44f3
Instruction Fuzzy Hash: 4AF0AF30A10218BBCB049FA0EC49BAEFFB4EF04705F410069F905A22A0CF788E54CA99

Uniqueness

Uniqueness Score: -1.00%

Function 00421421 Relevance: 7.6, APIs: 5, Instructions: 73filepipeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 00421452
GetLastError.KERNEL32 ref: 0042145F
WaitNamedPipeW.KERNEL32(?,00001388), ref: 0042147E

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: CreateErrorFileLastNamedPipeWait
String ID:
API String ID: 2892787455-0
Opcode ID: a2e0cf7130ee5700a8771b7ed7ed6dafcbe4883e2bb79156cf589db1d70f3639
Instruction ID: c1cb48c6401c5703f9c1b2615cf9daf8affa6768140eef514d738b668d83d7d5
Opcode Fuzzy Hash: a2e0cf7130ee5700a8771b7ed7ed6dafcbe4883e2bb79156cf589db1d70f3639
Instruction Fuzzy Hash: 4211A530301221ABD7246F55EC48F67BB68EF62371FA04626F11DCA1F0C7349945C6A9

Uniqueness

Uniqueness Score: -1.00%

Function 00421A10 Relevance: 7.6, APIs: 5, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00421A4C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00421A5E
GetLastError.KERNEL32 ref: 00421A68
FreeSid.ADVAPI32(?), ref: 00421A78
__CxxThrowException@8.LIBVCRUNTIME ref: 00421AA4

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: AllocateCheckErrorException@8FreeInitializeLastMembershipThrowToken
String ID:
API String ID: 649603114-0
Opcode ID: 25bc4991966cb4da5370f9d20499df20619b416c1d6972a643d0bb1517c1bff1
Instruction ID: bd9abf1c43f0db84f04d785b760b4b7d737182fa6601e7a8bef91e3bb4b1f26a
Opcode Fuzzy Hash: 25bc4991966cb4da5370f9d20499df20619b416c1d6972a643d0bb1517c1bff1
Instruction Fuzzy Hash: 42110A70E4132DABDB10DFA5DC85ABFB7B8FF08340F91096EA901A2251D7349E048BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00421FAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00421FB4
_wcslen.LIBCMT ref: 00421FED
_wcslen.LIBCMT ref: 0042202F

Strings

ApoControl, xrefs: 00421FE1, 0042202A, 00422036

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: _wcslen$H_prolog3
String ID: ApoControl
API String ID: 1035939448-3566256003
Opcode ID: d4b8a30b53e1b46737a72ab052141d8ce57b21b47e3544626fcdcaa9824cba18
Instruction ID: b55a0444aaeade15d30f4fe88f0df0fecbc08836e778a3eb263b94e4ff8ec55f
Opcode Fuzzy Hash: d4b8a30b53e1b46737a72ab052141d8ce57b21b47e3544626fcdcaa9824cba18
Instruction Fuzzy Hash: 72119D70704721EBDB399F1AB90162EB2E0BF48704F90061FF1969B281CFB89900C79E

Uniqueness

Uniqueness Score: -1.00%

Function 004217CA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)(A;OICI;GA;;;WD)(A;OICI;GA;;;SY)S:(ML;;NWNR;;;LW),00000001,?,00000000), ref: 004217E5
LocalAlloc.KERNEL32(00000040,0000000C), ref: 004217F8
LocalFree.KERNEL32(?), ref: 00421807

Strings

D:(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)(A;OICI;GA;;;WD)(A;OICI;GA;;;SY)S:(ML;;NWNR;;;LW), xrefs: 004217DE

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: DescriptorLocalSecurity$AllocConvertFreeString
String ID: D:(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)(A;OICI;GA;;;WD)(A;OICI;GA;;;SY)S:(ML;;NWNR;;;LW)
API String ID: 721943950-2020678050
Opcode ID: 216598cf89011a69ad4775ab5eefc486aa2f6522bd405a8d3814522680867617
Instruction ID: d037e39d1395a3cf91fd0ed26ae4ebff2d7c46cd66399ede4eedeac0c5083601
Opcode Fuzzy Hash: 216598cf89011a69ad4775ab5eefc486aa2f6522bd405a8d3814522680867617
Instruction Fuzzy Hash: DD016970A00204EFD7209F5AEC45A9ABBF8EB98711F20406AF644D7260DB758E00CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00430A8D Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,0042D129,?,00000000,?,00000001,?,?,00000001,0042D129,?), ref: 00430ADA
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00430B63
GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,0042C049,?), ref: 00430B75
__freea.LIBCMT ref: 00430B7E

Part of subcall function 0042BEEA: RtlAllocateHeap.NTDLL(00000000,?,?,?,0042420C,?,?,00421072,?,?,?,?,?), ref: 0042BF1C

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 51f90295641777fc7bf81a4121d6523d01cc64f80a0e6016d67cedc4767759bb
Instruction ID: 1e0eef91d93f9656ea72a8687ab877c6e31b43374ddfb14dfb32dae50336a9c9
Opcode Fuzzy Hash: 51f90295641777fc7bf81a4121d6523d01cc64f80a0e6016d67cedc4767759bb
Instruction Fuzzy Hash: 6D31F231A0021AABDF249FA5DC55DAFBBA5EF04754F14026EFC04D6250EB39DD50CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00421C13 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

NetWkstaGetInfo.NETAPI32(00000000,00000064,?), ref: 00421C49
NetApiBufferFree.NETAPI32(?), ref: 00421C6F
GetVersionExW.KERNEL32(?), ref: 00421CA3
GetVersionExW.KERNEL32(?), ref: 00421CBA

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: Version$BufferFreeInfoWksta
String ID:
API String ID: 4063530079-0
Opcode ID: 6c7ad0ebfc155b87e3e613511bd2e4b6b874ca557a0e3fe26bd9e59b45ceff6d
Instruction ID: c8fce7e73c2ede96e989cd25ae7aac8f881e081063bd267b091344a153442147
Opcode Fuzzy Hash: 6c7ad0ebfc155b87e3e613511bd2e4b6b874ca557a0e3fe26bd9e59b45ceff6d
Instruction Fuzzy Hash: A32190B4A412299BDB24CF25EC45AEAB7F8EF19300F0041AAE88893341DB349D958F58

Uniqueness

Uniqueness Score: -1.00%

Function 00422D1B Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON

Download Yara Rule

APIs

RegisterServiceCtrlHandlerW.ADVAPI32(?,00422D5C), ref: 00422D2B
GetLastError.KERNEL32 ref: 00422D44
__CxxThrowException@8.LIBVCRUNTIME ref: 00422D56
__EH_prolog3_catch.LIBCMT ref: 00422DBF

Part of subcall function 0042303B: SetServiceStatus.ADVAPI32(?,00000008,00000000,?,00422E73,00000003,00000000,?,00000010,00422D91,?,?,004404E8), ref: 00423071

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: Service$CtrlErrorException@8H_prolog3_catchHandlerLastRegisterStatusThrow
String ID:
API String ID: 2422132020-0
Opcode ID: 843230865130b1758cb08a42f04c3855b76ffb00a65533eda15f6848e1f5a5e9
Instruction ID: c0bfe754b1e6414d915d23d2ce18d574eaa32e18d60f19373ab6e9037b60b6ba
Opcode Fuzzy Hash: 843230865130b1758cb08a42f04c3855b76ffb00a65533eda15f6848e1f5a5e9
Instruction Fuzzy Hash: AE11CB75350238BBC7157F75EA0AB5E7764AB04714F90801BF9049A261CAFDE910CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 0042CCF8 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000,004286FE,00000000,?,?,00427FCC,?,?,00000000,?), ref: 0042CCFC
SetLastError.KERNEL32(00000000,?,00000000,?), ref: 0042CD64
SetLastError.KERNEL32(00000000,?,00000000,?), ref: 0042CD70
_abort.LIBCMT ref: 0042CD76

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: ErrorLast$_abort
String ID:
API String ID: 88804580-0
Opcode ID: 97dd0cd04af81905f4a8a391fd2f94861b66d72eeb5b014dccdd0101e36845e9
Instruction ID: 0311df96161d0f1259d75d24439b37101f1d5a2e14a6f4af20960dc803a9e100
Opcode Fuzzy Hash: 97dd0cd04af81905f4a8a391fd2f94861b66d72eeb5b014dccdd0101e36845e9
Instruction Fuzzy Hash: 4FF0F43535073066C62173367C86B5F2A25BFD1B65BF6003FF519D2292EF6C8802826D

Uniqueness

Uniqueness Score: -1.00%

Function 0042539B Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 004253B2

Part of subcall function 004259EA: ___AdjustPointer.LIBCMT ref: 00425A34

_UnwindNestedFrames.LIBCMT ref: 004253C9
___FrameUnwindToState.LIBVCRUNTIME ref: 004253DB
CallCatchBlock.LIBVCRUNTIME ref: 004253FF

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
String ID:
API String ID: 2633735394-0
Opcode ID: 54b0f0e85253aa2a5c9de8230e62bb8d24938287cf0a56048926d1befe32cf8e
Instruction ID: 6acf9aabb5953d71535dd97e081fcd71cf48bece3612b21e43eed73d3da85998
Opcode Fuzzy Hash: 54b0f0e85253aa2a5c9de8230e62bb8d24938287cf0a56048926d1befe32cf8e
Instruction Fuzzy Hash: 17011B32100518BBCF129F55EC01EDA3B7AEF48754F45411AFD1865121C379E861DB98

Uniqueness

Uniqueness Score: -1.00%

Function 0042743A Relevance: 6.0, APIs: 4, Instructions: 14COMMON

Download Yara Rule

APIs

___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 0042743A
___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 0042743F
___vcrt_initialize_locks.LIBVCRUNTIME ref: 00427444

Part of subcall function 00427809: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 0042781A

___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00427459

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
String ID:
API String ID: 1761009282-0
Opcode ID: ce1cdf7930b48ae68be519fc1ea1a2c227568179ca5103236147d1cf4e4448ca
Instruction ID: c751c21b06b43e7cac0f973c7fc6a7ec1ae2a02cab53fee57c13543189f84d84
Opcode Fuzzy Hash: ce1cdf7930b48ae68be519fc1ea1a2c227568179ca5103236147d1cf4e4448ca
Instruction Fuzzy Hash: D9C0022838D231905C51367336265AE0B540CB238DBD1308BAC5416613990D240AE53F

Uniqueness

Uniqueness Score: -1.00%

Function 0042E893 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,0042E3EB), ref: 0042E8DE

Strings

InitializeCriticalSectionEx, xrefs: 0042E8AE
B, xrefs: 0042E8C3

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin
String ID: InitializeCriticalSectionEx$B
API String ID: 2593887523-1832561193
Opcode ID: c0bea35fddc594a666887c600788a009d799a2ecab84f50ee8dbbf21989c1ba8
Instruction ID: dc6ab413cc83d89cb03780dc0a9ea2df92bc6865775054c7b00df3f6b6f600c0
Opcode Fuzzy Hash: c0bea35fddc594a666887c600788a009d799a2ecab84f50ee8dbbf21989c1ba8
Instruction Fuzzy Hash: 1CF09031641228BBCF016F51EC099AEBF61EF58714B40812AF80556261DA758921AB99

Uniqueness

Uniqueness Score: -1.00%

Function 0042257A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(004434B8,?,00422741), ref: 004225CE
__Init_thread_footer.LIBCMT ref: 004225DF

Strings

`C, xrefs: 00422592, 004225B0

Memory Dump Source

Source File: 0000000D.00000002.2045339729.0000000000421000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00420000, based on PE: true

Associated: 0000000D.00000002.2045317208.0000000000420000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045367882.0000000000438000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045397147.0000000000442000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045418393.0000000000444000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000D.00000002.2045438861.0000000000446000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_420000_SoundBoosterService.jbxd

Similarity

API ID: CriticalInit_thread_footerInitializeSection
String ID: `C
API String ID: 2684443898-2712709324
Opcode ID: 05b87ccece6784ef23f2177df0e6ffae8588463b3b35eab1e71794f330733ffb
Instruction ID: 8063a8facf275a768fce8a8b379f42f97c687b3170089ab3c209be3e6b40bc7e
Opcode Fuzzy Hash: 05b87ccece6784ef23f2177df0e6ffae8588463b3b35eab1e71794f330733ffb
Instruction Fuzzy Hash: 37F03039705630BEC312DF28BD059C573A4A70AB2B7A081BBE502C72A1D77C56458B9D

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: SoundBoosterTaskHost.exePID: 5920, Parent PID: 6208COMMON

Execution Graph

Execution Coverage:	4.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.6%
Total number of Nodes:	1972
Total number of Limit Nodes:	92

Executed Functions

Function 6C3E601A Relevance: 23.5, APIs: 3, Strings: 10, Instructions: 790COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3E6024

Part of subcall function 6C3F121D: __EH_prolog3_catch_GS.LIBCMT ref: 6C3F1227

__EH_prolog3_catch_GS.LIBCMT ref: 6C3E62ED

Part of subcall function 6C3EFC24: __EH_prolog3_catch_GS.LIBCMT ref: 6C3EFC2E

__EH_prolog3_catch_GS.LIBCMT ref: 6C3E6498

Strings

rsp, xrefs: 6C3E68B1
$, xrefs: 6C3E6BA7
&pv_id=, xrefs: 6C3E66F9
#, xrefs: 6C3E67F5
stat, xrefs: 6C3E68E5
code, xrefs: 6C3E696B
err, xrefs: 6C3E693A
&old_ablock=, xrefs: 6C3E6762
method=limelm.activation.isgenuine&ablock=, xrefs: 6C3E66C3
fail, xrefs: 6C3E691B

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_catch_$H_prolog3_
String ID: #$$$&old_ablock=$&pv_id=$code$err$fail$method=limelm.activation.isgenuine&ablock=$rsp$stat
API String ID: 3815088364-3383030943
Opcode ID: eb3a3dd2c0f278a98afad0f5ba63260c40ffbda9ca3cf719b50140daf8c2fee7
Instruction ID: dcef6b9ae48f795ffb2c5cbff7c72b9a31db389f181f73c2451c481884f9ebe8
Opcode Fuzzy Hash: eb3a3dd2c0f278a98afad0f5ba63260c40ffbda9ca3cf719b50140daf8c2fee7
Instruction Fuzzy Hash: E962D171D0526D9EDF15DF64C850FEDBBB8AF09308F00419BD189A7A41EB319A89CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6C4211DA Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 6C4211E1
BCryptOpenAlgorithmProvider.BCRYPT(?,RNG,Microsoft Primitive Provider,00000000,00000044,6C421260,00000001,?,?,6C42147A,00000008,6C4214CC,?,?,00000000,00000000), ref: 6C4211F8
SetLastError.KERNEL32(00000000,?,RNG,Microsoft Primitive Provider,00000000,00000044,6C421260,00000001,?,?,6C42147A,00000008,6C4214CC,?,?,00000000), ref: 6C421211

Strings

Microsoft Primitive Provider, xrefs: 6C4211ED
RNG, xrefs: 6C4211F2
BCryptOpenAlgorithmProvider, xrefs: 6C421217

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AlgorithmCryptErrorH_prolog3_LastOpenProvider
String ID: BCryptOpenAlgorithmProvider$Microsoft Primitive Provider$RNG
API String ID: 1882466918-2191745741
Opcode ID: 49a0ce3ee48bcc3ea4715cf1d6867cd926f31fd883433b0dfc331058ea70b4bb
Instruction ID: 9e1e3b530d0acb28b82cd47c58731265b2840fcf1c8c6d44b31123a87447113f
Opcode Fuzzy Hash: 49a0ce3ee48bcc3ea4715cf1d6867cd926f31fd883433b0dfc331058ea70b4bb
Instruction Fuzzy Hash: 3201A272901224A7DB14EBE0CC06FDD77789F1872AF20051EF546A6E80DFB9D90987E1

Uniqueness

Uniqueness Score: -1.00%

Function 6C42138B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C421392
BCryptGenRandom.BCRYPT(?,00000000,00000000,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000,00000010,6C3E3E14,00000000), ref: 6C4213C2
SetLastError.KERNEL32(00000000,?,00000000,00000000,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000,00000010,6C3E3E14), ref: 6C421416

Part of subcall function 6C421284: __EH_prolog3_GS.LIBCMT ref: 6C42128E
Part of subcall function 6C421284: GetLastError.KERNEL32(00000010,00000080,6C421234,0000000F,BCryptOpenAlgorithmProvider,?,RNG,Microsoft Primitive Provider,00000000,00000044,6C421260,00000001,?,?,6C42147A,00000008), ref: 6C4212A6

Part of subcall function 6C45E1AA: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,6C3E165C,00000000,6C3E2DF5,?,6C3E165C,00000008,6C4DC3E0,00000008), ref: 6C45E20A

Strings

BCryptGenRandom, xrefs: 6C42141C

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorH_prolog3_Last$CryptDispatcherExceptionRandomUser
String ID: BCryptGenRandom
API String ID: 4153316143-3013187443
Opcode ID: f053efbd189bcd72ebdea85cde1c3ac55c974cc24f73f6cc582f40699b3402d9
Instruction ID: d4559829453234a21a88c2edb937ebbfdc8d1a965c33a988332d1f5dca7cb4c5
Opcode Fuzzy Hash: f053efbd189bcd72ebdea85cde1c3ac55c974cc24f73f6cc582f40699b3402d9
Instruction Fuzzy Hash: 0211C4719001249BDB10EBA1C845FDD7B35AB4A329F11460DE906A7FC1CF39DD098AA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F1904 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 158
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,6C3F1C7A,00000000,00000000), ref: 6C3F192B
GetLastError.KERNEL32(?,?,?,?,?,6C3F1C7A,00000000,00000000,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010), ref: 6C3F193A
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,6C3F1C7A,00000000,00000000,?,?,?,00000000), ref: 6C3F197A
GetLastError.KERNEL32(?,?,?,?,?,6C3F1C7A,00000000,00000000,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010), ref: 6C3F198B
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,6C3F1C7A,00000000,00000000,?,?,?,00000000), ref: 6C3F19FB
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C3F1C7A,00000000,00000000), ref: 6C3F1A12
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C3F1C7A,00000000,00000000), ref: 6C3F1A1D
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,?,?,?,?,6C3F1C7A,00000000,00000000), ref: 6C3F1A58
FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,6C3F1C7A,00000000,00000000), ref: 6C3F1A5F
__EH_prolog3.LIBCMT ref: 6C3F1A8C
SetEvent.KERNEL32(?,00000000), ref: 6C3F1A9E
SetEvent.KERNEL32(?), ref: 6C3F1AB7
SleepEx.KERNEL32(000000FF,00000001), ref: 6C3F1AC1

Strings

thread.entry_event, xrefs: 6C3F1A76
$8Il, xrefs: 6C3F194E, 6C3F1961, 6C3F19A0, 6C3F19B3, 6C3F1A23, 6C3F1A2D
thread.exit_event, xrefs: 6C3F19C1
thread, xrefs: 6C3F1A46

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Event$CloseErrorLast$CreateHandle$ChangeFindH_prolog3NotificationObjectSingleSleepWait
String ID: $8Il$thread$thread.entry_event$thread.exit_event
API String ID: 2093325805-2471605969
Opcode ID: 4369ad45614d0b7020d6198fdbc15665bcf3e648fc6fe64d7b2660ed2477b048
Instruction ID: 62396479739075767efd061bf9b070296131488470bf95dacbcced806652eb3c
Opcode Fuzzy Hash: 4369ad45614d0b7020d6198fdbc15665bcf3e648fc6fe64d7b2660ed2477b048
Instruction Fuzzy Hash: 4051B1762053209FCB00DF24C888F9A7BB4EF9A358F10495DF9589B651CB31D945CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F08E5 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SHGetFolderPathW.SHELL32(00000000,00008023,00000000,00000000,00000000,?,?,?,?), ref: 6C3F0927
PathAppendW.SHLWAPI(00000000,icsxml,?,?,?,?), ref: 6C3F0937
PathAppendW.SHLWAPI(00000000,?,?,?,?,?), ref: 6C3F094F

Part of subcall function 6C3F0842: PathAppendW.SHLWAPI(00000000,?,?,?,?,?), ref: 6C3F0886

Strings

icsxml, xrefs: 6C3F0931, 6C3F098E, 6C3F0A01

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Path$Append$Folder
String ID: icsxml
API String ID: 2044587772-4153736367
Opcode ID: 35c552679115fecfac938311722d8f86e45ccffe8ee78e294f791337b23c5c61
Instruction ID: 4f7a90e4a57258b05c4f65b62c1ef547814326477af19b927486247500b485e8
Opcode Fuzzy Hash: 35c552679115fecfac938311722d8f86e45ccffe8ee78e294f791337b23c5c61
Instruction Fuzzy Hash: CC410C35205251AADB24DF6ACC49D6BBB7CFF56B44705840DFD188E615FB20C805CB7A

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F0A6C Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SHGetFolderPathW.SHELL32(00000000,00008023,00000000,00000000,00000000,?,?,?,00000000,6C3F1247,000000EC,6C3E604B,000000FC,6C3EFB7D,?,?), ref: 6C3F0AAF
PathAppendW.SHLWAPI(00000000,ms-drivers,?,?,?,00000000,6C3F1247,000000EC,6C3E604B,000000FC,6C3EFB7D,?,?,?,00000022,0000000C), ref: 6C3F0ABF
PathAppendW.SHLWAPI(00000000,89FFFFFF,?,?,?,00000000,6C3F1247,000000EC,6C3E604B,000000FC,6C3EFB7D,?,?,?,00000022,0000000C), ref: 6C3F0AD5

Part of subcall function 6C3F0842: PathAppendW.SHLWAPI(00000000,?,?,?,?,?), ref: 6C3F0886

Strings

ms-drivers, xrefs: 6C3F0AB9, 6C3F0B12, 6C3F0B81

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Path$Append$Folder
String ID: ms-drivers
API String ID: 2044587772-364016472
Opcode ID: 899683d6e4c7b550d1b3b2f026220cfecd3d1494758569623fb28402408a73e9
Instruction ID: 0509fc17de843ddba7b9bf057692f59fcad0ac856423ad27ba5150daff1686b8
Opcode Fuzzy Hash: 899683d6e4c7b550d1b3b2f026220cfecd3d1494758569623fb28402408a73e9
Instruction Fuzzy Hash: 99412C25204261BADB24DF2ACC89E6B7BBCFF57B58B01404DF914CA655EB20C805C77B

Uniqueness

Uniqueness Score: -1.00%

Function 6C440E3E Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 116
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32,00000000,1A85EC53,security.dll,6C4530C7,security.dll,00000004,00000000,00000002,00000002,6C440FF1), ref: 6C440E48
GetProcAddress.KERNEL32(00000000,LoadLibraryExW), ref: 6C440E60
LoadLibraryW.KERNEL32(?), ref: 6C440E86
GetProcAddress.KERNEL32(00000000,AddDllDirectory), ref: 6C440E98
LoadLibraryExW.KERNELBASE(?,00000000,00000800), ref: 6C440EA9
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 6C440EB4
GetSystemDirectoryW.KERNEL32(00000000,?), ref: 6C440EF9
LoadLibraryW.KERNEL32(00000000), ref: 6C440F54

Strings

kernel32, xrefs: 6C440E41
AddDllDirectory, xrefs: 6C440E92
LoadLibraryExW, xrefs: 6C440E5A
security.dll, xrefs: 6C440E3E

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: LibraryLoad$AddressDirectoryProcSystem$HandleModule
String ID: AddDllDirectory$LoadLibraryExW$kernel32$security.dll
API String ID: 2935377145-2479812082
Opcode ID: 2e9e3a30130a19771b184e7e735e97084edd56942e73604c8e63c4f664578724
Instruction ID: e232e51ba64e9812843397a7c2de0a5fbb45394fcdf7cd03912187e239a058c0
Opcode Fuzzy Hash: 2e9e3a30130a19771b184e7e735e97084edd56942e73604c8e63c4f664578724
Instruction Fuzzy Hash: EA31483520539257FB24EF288C89F7B7778EF65706B34852DED0282B41EFB1A422C695

Uniqueness

Uniqueness Score: -1.00%

Function 6C47848C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 6C478145: CreateFileW.KERNELBASE(?,?,?,?,?,?,00000000), ref: 6C478162

GetLastError.KERNEL32 ref: 6C4785A0
__dosmaperr.LIBCMT ref: 6C4785A7
GetFileType.KERNELBASE(00000000), ref: 6C4785B3
GetLastError.KERNEL32 ref: 6C4785BD
__dosmaperr.LIBCMT ref: 6C4785C6
CloseHandle.KERNEL32(00000000), ref: 6C4785E6
CloseHandle.KERNEL32(?), ref: 6C478733
GetLastError.KERNEL32 ref: 6C478765
__dosmaperr.LIBCMT ref: 6C47876C

Strings

H, xrefs: 6C4786F1

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 7134c85fd5ccb08fa526dc67d8e4c09fbf25ff3eb0d2011add5fcf5bf3b035c4
Instruction ID: d493abd06e81fa20c98400ebd2d95fd8b7738102147abdcb844e9ece07ebf1d4
Opcode Fuzzy Hash: 7134c85fd5ccb08fa526dc67d8e4c09fbf25ff3eb0d2011add5fcf5bf3b035c4
Instruction Fuzzy Hash: 4EA11332A041549FCF29DF6CC851FDD3BB1EB0A328F19025EE811AB791DB358856CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C3FE9BF Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SHGetFolderPathW.SHELL32(00000000,00008023,00000000,00000000,00000000,9634BA50,00000000,00000000,00000000,?,?,?,?,0000009C,6C48D9EF,000000FF), ref: 6C3FEA04
PathAppendW.SHLWAPI(00000000,DIBsection,?,?,?,?,0000009C,6C48D9EF,000000FF,?,6C3FFC77,9634BA50,00000000,00000000,00000000), ref: 6C3FEA1A
PathAppendW.SHLWAPI(00000000,0000000F,?,?,?,?,0000009C,6C48D9EF,000000FF,?,6C3FFC77,9634BA50,00000000,00000000,00000000), ref: 6C3FEA23
SHGetFolderPathW.SHELL32(00000000,0000801A,00000000,00000000,00000000,?,?,?,?,0000009C,6C48D9EF,000000FF,?,6C3FFC77,9634BA50,00000000), ref: 6C3FEA46
PathAppendW.SHLWAPI(00000000,0000000F,?,?,?,?,0000009C,6C48D9EF,000000FF,?,6C3FFC77,9634BA50,00000000,00000000,00000000), ref: 6C3FEA57
SHGetFolderPathW.SHELL32(00000000,0000801C,00000000,00000000,00000000,?,?,?,?,0000009C,6C48D9EF,000000FF,?,6C3FFC77,9634BA50,00000000), ref: 6C3FEA74
PathAppendW.SHLWAPI(00000000,0000000F,?,?,?,?,0000009C,6C48D9EF,000000FF,?,6C3FFC77,9634BA50,00000000,00000000,00000000), ref: 6C3FEA90

Strings

DIBsection, xrefs: 6C3FEA14

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Path$Append$Folder
String ID: DIBsection
API String ID: 2044587772-3712817905
Opcode ID: 628077e8d08002e9aeb0f55fd1bb22475192522fb93f7080660ffb7689860357
Instruction ID: 8fd374e07ff1d4e52d6030aa1ddf6aba28d40c2207ef4ba587959aed0792b1df
Opcode Fuzzy Hash: 628077e8d08002e9aeb0f55fd1bb22475192522fb93f7080660ffb7689860357
Instruction Fuzzy Hash: CE21C172205615BFEB15DE79CC08EAB77ACFF0A614B00852AF914C3A80EB24D80587E4

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F9CA2 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3F9CA9
EnterCriticalSection.KERNEL32(?,00000028,6C3FB167,6C3FB027,?,6C3FACB2,?,6C3FB027,?), ref: 6C3F9CBA
CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 6C3F9CDA
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 6C3F9CE7
SetWaitableTimer.KERNELBASE(00000001,?,000493E0,00000000,00000000,00000000), ref: 6C3F9D29
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 6C3F9D8D

Strings

$8Il, xrefs: 6C3F9CED, 6C3F9CF5
timer, xrefs: 6C3F9D9B

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prolog3_LastLeave
String ID: $8Il$timer
API String ID: 4180268499-2061383782
Opcode ID: e234ea09d342b4473b2319b8e638053f9e2814540462eaaa6d5656f93bf033b4
Instruction ID: 29c976c15127a1265d39a83b5cd1fc5060ea9bc0bdd95e05b0574ccf0c36f81e
Opcode Fuzzy Hash: e234ea09d342b4473b2319b8e638053f9e2814540462eaaa6d5656f93bf033b4
Instruction Fuzzy Hash: A531F1B0900214AFDB50DFA9C848ECEBBB8FF89715F20856EE914E7651CB308945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C47EB1B Relevance: 13.8, APIs: 9, Instructions: 301
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36af52e6a77bf8b2d025a6e099d41a6dd00a62cbcea12fd7187d7a2d804797d1
Instruction ID: 90919ee71c0901cb06f926dee905424074ce3930b97e40cbcc75a61842e95f76
Opcode Fuzzy Hash: 36af52e6a77bf8b2d025a6e099d41a6dd00a62cbcea12fd7187d7a2d804797d1
Instruction Fuzzy Hash: 8EC19C70A042059FDB21DFA9C9C0FEDBBB0AF4A309F144659E510ABB92C7319946CBF5

Uniqueness

Uniqueness Score: -1.00%

Function 6C47962F Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 330
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 6C4796EC
_free.LIBCMT ref: 6C4798B8
_free.LIBCMT ref: 6C479930
GetTimeZoneInformation.KERNELBASE(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C479AF1,?,?,00000000), ref: 6C479942

Strings

W. Europe Standard Time, xrefs: 6C4799DB
W. Europe Summer Time, xrefs: 6C4799EF

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$InformationTimeZone
String ID: W. Europe Standard Time$W. Europe Summer Time
API String ID: 597776487-690618308
Opcode ID: b9b90809afae638055dc3a1d97f63a5cfc33ebe1ecea7c4407a54891b4283176
Instruction ID: 607ff2787e448d707e19fc13344000aaa905fccdb2be16eb4673483fbeabbf5a
Opcode Fuzzy Hash: b9b90809afae638055dc3a1d97f63a5cfc33ebe1ecea7c4407a54891b4283176
Instruction Fuzzy Hash: 19A12571E00215ABDF20EF79CC81EEE7BB9EF55718F15416AE904A7B40E73299048BE0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E2153 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 6C3E21C4
std::locale::_Init.LIBCPMT ref: 6C3E220E

Strings

ios_base::failbit set, xrefs: 6C3E217F
2X@l, xrefs: 6C3E2156
2X@l, xrefs: 6C3E218C, 6C3E2191
ios_base::badbit set, xrefs: 6C3E2175, 6C3E219A
ios_base::eofbit set, xrefs: 6C3E2184

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3Initstd::locale::_
String ID: 2X@l$2X@l$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 302037079-3989175425
Opcode ID: 91827df0b5c0db8206bca64ddbeaaf4b0aa7cb2d4faf4697138a8145e70fa2ba
Instruction ID: 87ffb6e8c16a911b9ed01af9cbbb167cfea86b1f87084eea992361e2a9dec8df
Opcode Fuzzy Hash: 91827df0b5c0db8206bca64ddbeaaf4b0aa7cb2d4faf4697138a8145e70fa2ba
Instruction Fuzzy Hash: A221D0B2900716AFD700DF69C985F99B7A4BB0C308F50412EEA489BE81DB75A654CFD0

Uniqueness

Uniqueness Score: -1.00%

Function 6C433298 Relevance: 10.6, APIs: 7, Instructions: 136
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__RTC_Initialize.LIBCMT ref: 6C4332DF
___scrt_uninitialize_crt.LIBCMT ref: 6C4332F9

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Initialize___scrt_uninitialize_crt
String ID:
API String ID: 2442719207-0
Opcode ID: ebe070c0d7cc0bfa3e9b188fc7e0495ec58cc4b7f0d0abacb96fc16c2f2e9be6
Instruction ID: 902d99a0908a938ce367a21f209e5ed9f466388db71fb44805c4750c750d6500
Opcode Fuzzy Hash: ebe070c0d7cc0bfa3e9b188fc7e0495ec58cc4b7f0d0abacb96fc16c2f2e9be6
Instruction Fuzzy Hash: A841B272E05274EBDB21DF57C800F9E3A75EBC8B69F119119E8195BB50CB7049078BD0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3FCF6F Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 458
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_catch_GS_align.LIBCMT ref: 6C3FCF7B

Part of subcall function 6C3FE221: __EH_prolog3_GS.LIBCMT ref: 6C3FE228

Part of subcall function 6C3E87C5: __EH_prolog3_catch.LIBCMT ref: 6C3E87CC

Part of subcall function 6C41F7A5: __EH_prolog3.LIBCMT ref: 6C41F7AC

Part of subcall function 6C3E3833: __EH_prolog3.LIBCMT ref: 6C3E383A

Part of subcall function 6C3EC343: __EH_prolog3.LIBCMT ref: 6C3EC34A

Part of subcall function 6C3E2153: __EH_prolog3.LIBCMT ref: 6C3E21C4
Part of subcall function 6C3E2153: std::locale::_Init.LIBCPMT ref: 6C3E220E

Part of subcall function 6C3FE2AF: __EH_prolog3_GS.LIBCMT ref: 6C3FE2B6

Strings

File header is incorrect., xrefs: 6C3FD6BC
https://wyday.com/limelm/api/rest/, xrefs: 6C3FD61B
https, xrefs: 6C3FD50F
TAPDFV1, xrefs: 6C3FCF89

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3$H_prolog3_$H_prolog3_catchH_prolog3_catch_InitS_alignstd::locale::_
String ID: File header is incorrect.$TAPDFV1$https$https://wyday.com/limelm/api/rest/
API String ID: 1456947965-3871344165
Opcode ID: fba279ac342926da076e589de47a7744945ffb530033c2ca0cd85f9735836a8a
Instruction ID: 36e33c88afa083c2ed383e48887c2d07f68852600c341743383ce4e9136ae81c
Opcode Fuzzy Hash: fba279ac342926da076e589de47a7744945ffb530033c2ca0cd85f9735836a8a
Instruction Fuzzy Hash: BF1288719052299FCB25DF64C848FDDBBB4BF09308F5045DAD059A7A50EB309B8ACF92

Uniqueness

Uniqueness Score: -1.00%

Function 6C4798D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTimeZoneInformation.KERNELBASE(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C479AF1,?,?,00000000), ref: 6C479942
_free.LIBCMT ref: 6C479930

Part of subcall function 6C47A768: HeapFree.KERNEL32(00000000,00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000), ref: 6C47A77E
Part of subcall function 6C47A768: GetLastError.KERNEL32(00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000,00000000), ref: 6C47A790

_free.LIBCMT ref: 6C479AFA

Strings

W. Europe Standard Time, xrefs: 6C4799DB
W. Europe Summer Time, xrefs: 6C4799EF

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$ErrorFreeHeapInformationLastTimeZone
String ID: W. Europe Standard Time$W. Europe Summer Time
API String ID: 2155170405-690618308
Opcode ID: a8609893809c0b7e3a6f7078498c21e3ea976a4d381c9c79b43250771cb6d98c
Instruction ID: 0fca9e99a84701e804c2e0f7613980c00c00798b656ac64d195b3e2641068f08
Opcode Fuzzy Hash: a8609893809c0b7e3a6f7078498c21e3ea976a4d381c9c79b43250771cb6d98c
Instruction Fuzzy Hash: 42510671901215ABDF20FF79CC45ECA7B78EF45718B11426AE918B7B50E7319A04CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6C46B55A Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,6C46B48C), ref: 6C46B57C
GetFileInformationByHandle.KERNELBASE(?,?), ref: 6C46B5D6
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C46B48C,?,000000FF,00000000,00000000), ref: 6C46B664
__dosmaperr.LIBCMT ref: 6C46B66B
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 6C46B6A8

Part of subcall function 6C46B987: __dosmaperr.LIBCMT ref: 6C46B9BC

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: 316e0a68063d7978d1581839d162b063d990b726572a4abdf884264d8689f1bf
Instruction ID: ffd756331c34d82172a6c0a17d02857282971b5492af3f4c36e23009e3001185
Opcode Fuzzy Hash: 316e0a68063d7978d1581839d162b063d990b726572a4abdf884264d8689f1bf
Instruction Fuzzy Hash: AE414C75A00204AFDB24DFA6D844DABBBF9EF89704B10452DF856D3E24E7309844DB52

Uniqueness

Uniqueness Score: -1.00%

Function 6C433348 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

APIs

dllmain_raw.LIBCMT ref: 6C433385
dllmain_crt_dispatch.LIBCMT ref: 6C43339C
dllmain_raw.LIBCMT ref: 6C4333E4
dllmain_crt_dispatch.LIBCMT ref: 6C4333F7
dllmain_raw.LIBCMT ref: 6C43340A

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: dllmain_raw$dllmain_crt_dispatch
String ID:
API String ID: 3136044242-0
Opcode ID: 7eed7a5e4f8d2b589bb1519667683d6f7f213b0c5f4fd30b7dea37040027376c
Instruction ID: 04930aae8c387b3c06b3e90e76239f4123fec59fdbb89c1c41b1e639162c6e42
Opcode Fuzzy Hash: 7eed7a5e4f8d2b589bb1519667683d6f7f213b0c5f4fd30b7dea37040027376c
Instruction Fuzzy Hash: B6218272D01675ABDB22CF57C840FAE3A69EBD8AA9B119119F81D5BB10D7308D138BD0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F3474 Relevance: 7.6, APIs: 5, Instructions: 85fileCOMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,6C3FBE79), ref: 6C3F34D3
GetLastError.KERNEL32(?,?,?,?,00000001,?,?,?,?,?,?,?,?,6C3FBE79), ref: 6C3F34DD
SetFileAttributesW.KERNELBASE(?,00000006,?,?,?,?,00000001,?,?,?,?,?,?,?,?,6C3FBE79), ref: 6C3F34EF
CreateFileW.KERNELBASE(?,C0000000,00000000,?,00000002,00000000,00000000,?,?,?,?,00000001), ref: 6C3F3540
CloseHandle.KERNEL32(00000000,?,?,?,?,00000001,?,?,?,?,?,?,?,?,6C3FBE79), ref: 6C3F354C

Part of subcall function 6C3F334B: CreateFileW.KERNEL32(?,00060000,00000001,00000000,00000003,00000080,00000000,?,?,?,00000000,?,6C3F3515,?,?,00000000), ref: 6C3F3384
Part of subcall function 6C3F334B: GetSecurityInfo.ADVAPI32(00000000,00000001,00000004,00000000,00000000,?,00000000,?,?,00000000,?,6C3F3515,?,?,00000000), ref: 6C3F33A8
Part of subcall function 6C3F334B: GetAclInformation.ADVAPI32(?,?), ref: 6C3F33D1
Part of subcall function 6C3F334B: GetAce.ADVAPI32(?,00000000,0000000C), ref: 6C3F33EF
Part of subcall function 6C3F334B: EqualSid.ADVAPI32(00000004,?), ref: 6C3F3403
Part of subcall function 6C3F334B: SetEntriesInAclW.ADVAPI32(00000001,00000000,?,?), ref: 6C3F3432
Part of subcall function 6C3F334B: SetSecurityInfo.ADVAPI32(1FFFFFFF,00000001,00000004,00000000,00000000,?,00000000), ref: 6C3F3448

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CreateFile$InfoSecurity$AttributesCloseDirectoryEntriesEqualErrorHandleInformationLast
String ID:
API String ID: 1847988071-0
Opcode ID: 972c702f9c7a9cd95c00554212648f76c233771eedf2487ceef1d2c4859ed026
Instruction ID: 446e4d28f6187d892918e85c7a6c4f73177ecc38664c59eba7951b4865a28de8
Opcode Fuzzy Hash: 972c702f9c7a9cd95c00554212648f76c233771eedf2487ceef1d2c4859ed026
Instruction Fuzzy Hash: E721A330204208BBDF51AF21CC49EEE3B79EF4174CF000925F96597990DB72D91A9AA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F9AE3 Relevance: 7.6, APIs: 5, Instructions: 62COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3F9AEA
EnterCriticalSection.KERNEL32(?,00000008,6C3FA8DB,?,6C3FAFF3,?), ref: 6C3F9AF5
LeaveCriticalSection.KERNEL32(?,?,00000008,6C3FA8DB,?), ref: 6C3F9B23
EnterCriticalSection.KERNEL32(?,?,00000008,6C3FA8DB,?), ref: 6C3F9B45
LeaveCriticalSection.KERNEL32(?,?,?,00000008,6C3FA8DB,?), ref: 6C3F9B74

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalSection$EnterLeave$H_prolog3
String ID:
API String ID: 1407036958-0
Opcode ID: 6918b9614fe0a8a3b7cba053bb4f841ece062ad0e502a4842b3719e37cab1d66
Instruction ID: 9c587fb424df126d2b6f5242716377912c01c2ed68942b81870050595483c5aa
Opcode Fuzzy Hash: 6918b9614fe0a8a3b7cba053bb4f841ece062ad0e502a4842b3719e37cab1d66
Instruction Fuzzy Hash: E321BB316007149BCB05CF21C848A5ABB71FF85718F218948E86A5BB01CB31ED16CFD0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E3EC2 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 6C3F31FB: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000007,?,00000000,6C3FBF12), ref: 6C3F3246
Part of subcall function 6C3F31FB: SetEntriesInAclW.ADVAPI32(00000001,?,00000000,?,?,00000007,?,00000000,6C3FBF12,?,00000000), ref: 6C3F327E
Part of subcall function 6C3F31FB: LocalAlloc.KERNEL32(00000040,00000014,?,00000007,?,00000000,6C3FBF12,?,00000000), ref: 6C3F328C
Part of subcall function 6C3F31FB: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000007,?,00000000,6C3FBF12,?,00000000), ref: 6C3F329C
Part of subcall function 6C3F31FB: SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,00000007,?,00000000,6C3FBF12,?,00000000), ref: 6C3F32AE

SHGetFolderPathW.SHELL32(00000000,00008023,00000000,00000000,?,?,?,?,?,?,00000000,0000009C), ref: 6C3E3F72

Part of subcall function 6C3F3474: SetFileAttributesW.KERNELBASE(?,00000006,?,?,?,?,00000001,?,?,?,?,?,?,?,?,6C3FBE79), ref: 6C3F34EF

Part of subcall function 6C3F3474: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,00000001,?,?,?,?,?,?,?,?,6C3FBE79), ref: 6C3F34D3
Part of subcall function 6C3F3474: GetLastError.KERNEL32(?,?,?,?,00000001,?,?,?,?,?,?,?,?,6C3FBE79), ref: 6C3F34DD
Part of subcall function 6C3F3474: CreateFileW.KERNELBASE(?,C0000000,00000000,?,00000002,00000000,00000000,?,?,?,?,00000001), ref: 6C3F3540
Part of subcall function 6C3F3474: CloseHandle.KERNEL32(00000000,?,?,?,?,00000001,?,?,?,?,?,?,?,?,6C3FBE79), ref: 6C3F354C

Strings

\icsxml, xrefs: 6C3E3FE3
d8@l, xrefs: 6C3E3EE7, 6C3E428B
\ms-drivers, xrefs: 6C3E3FD3

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CreateDescriptorFileInitializeSecurity$AllocAllocateAttributesCloseDaclDirectoryEntriesErrorFolderHandleLastLocalPath
String ID: \icsxml$\ms-drivers$d8@l
API String ID: 2039354331-3184066845
Opcode ID: 053b20e50b7cab046090d6db64a183b9be8c9ac983020326d2d0ebbfb620ebd5
Instruction ID: c030278064a447cf8ab114c866169137e8b1c35a0d0135c944bf5546e7014ccf
Opcode Fuzzy Hash: 053b20e50b7cab046090d6db64a183b9be8c9ac983020326d2d0ebbfb620ebd5
Instruction Fuzzy Hash: 15B1F7719102389FCB65DB64CC98ADDB7B8FF18308F4041DAD449A6660EB35AF89CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6C47A8BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,6C406E9A,"T@l,6C47A7E9,6C406E9A,6C4DC128,0000000C,6C47A89B,00000001), ref: 6C47A911
GetLastError.KERNEL32 ref: 6C47A91B
__dosmaperr.LIBCMT ref: 6C47A946

Strings

"T@l, xrefs: 6C47A8BD

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ChangeCloseErrorFindLastNotification__dosmaperr
String ID: "T@l
API String ID: 490808831-4105657523
Opcode ID: 78bc45b88d285d2d13fa602058acbb2e6cdac6c9c51e47df500bf29c6c619642
Instruction ID: 1e9009a82d1cef112fc36cbe207a150b7ba48d96bdc2ffcc2afe655f14429bde
Opcode Fuzzy Hash: 78bc45b88d285d2d13fa602058acbb2e6cdac6c9c51e47df500bf29c6c619642
Instruction Fuzzy Hash: B901483270922056DA34E27C5545FEE2768DF8AB7DF2B161DE81887BC1DB21C88742F0

Uniqueness

Uniqueness Score: -1.00%

Function 6C4057BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,00000104), ref: 6C4057E4
PathAppendW.SHLWAPI(?,TurboActivate.dat), ref: 6C405818
TA_PDetsFromPath.TURBOACTIVATE(?), ref: 6C40582D

Part of subcall function 6C4053DA: __EH_prolog3_catch.LIBCMT ref: 6C4053E1

Strings

TurboActivate.dat, xrefs: 6C40580C

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Path$AppendDetsFileFromH_prolog3_catchModuleName
String ID: TurboActivate.dat
API String ID: 2890083343-1888833027
Opcode ID: ab5e9707e91c7852ac552321d5b4da8bfb3e06369a37d33eb4f6cbbec273d25e
Instruction ID: 0ce4463704b98e4ae6f3d01cfbfed08fc52fcc350350da14757becd622a491c6
Opcode Fuzzy Hash: ab5e9707e91c7852ac552321d5b4da8bfb3e06369a37d33eb4f6cbbec273d25e
Instruction Fuzzy Hash: 1E01F231B8420C9ADF24EF75C84EDEA33B8FF05304F0008AED905C3981EA70AA48CB54

Uniqueness

Uniqueness Score: -1.00%

Function 6C45309C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C440E3E: GetModuleHandleW.KERNEL32(kernel32,00000000,1A85EC53,security.dll,6C4530C7,security.dll,00000004,00000000,00000002,00000002,6C440FF1), ref: 6C440E48
Part of subcall function 6C440E3E: GetProcAddress.KERNEL32(00000000,LoadLibraryExW), ref: 6C440E60
Part of subcall function 6C440E3E: LoadLibraryExW.KERNELBASE(?,00000000,00000800), ref: 6C440EA9

GetProcAddress.KERNELBASE(00000000,InitSecurityInterfaceW), ref: 6C4530D9

Strings

InitSecurityInterfaceW, xrefs: 6C4530D3
secur32.dll, xrefs: 6C4530B4
security.dll, xrefs: 6C4530B9, 6C4530C1

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AddressProc$HandleLibraryLoadModule
String ID: InitSecurityInterfaceW$secur32.dll$security.dll
API String ID: 384173800-1950755585
Opcode ID: 66e3997e5950a8f9462b7c81957520fed4bf5a88c0c5fb556b8453c7dc072b5a
Instruction ID: 64a697d11a2fd2dcdc88fc1fd10736baa50cf09e507f5d3809b5040cba117981
Opcode Fuzzy Hash: 66e3997e5950a8f9462b7c81957520fed4bf5a88c0c5fb556b8453c7dc072b5a
Instruction Fuzzy Hash: F2F0E5A0B017026AEE60EB360C17F1137750B41B4AF95C529B500DA7C6DFB0C810CA10

Uniqueness

Uniqueness Score: -1.00%

Function 6C41DF3B Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 239COMMON

Download Yara Rule

APIs

Part of subcall function 6C40CFD9: __EH_prolog3.LIBCMT ref: 6C40CFE0

Part of subcall function 6C40E7DA: __EH_prolog3.LIBCMT ref: 6C40E7E1

Part of subcall function 6C4127F4: __EH_prolog3.LIBCMT ref: 6C4127FB

Part of subcall function 6C413460: __EH_prolog3_GS.LIBCMT ref: 6C413467

Part of subcall function 6C412B28: __EH_prolog3.LIBCMT ref: 6C412B2F

Part of subcall function 6C3E2E5F: __EH_prolog3.LIBCMT ref: 6C3E2E66

Part of subcall function 6C45E1AA: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,6C3E165C,00000000,6C3E2DF5,?,6C3E165C,00000008,6C4DC3E0,00000008), ref: 6C45E20A

__EH_prolog3_GS.LIBCMT ref: 6C41E166

Strings

X>Il, xrefs: 6C41E17B
InvertibleRSAFunction: computational error during private key operation, xrefs: 6C41E131

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3$H_prolog3_$DispatcherExceptionUser
String ID: InvertibleRSAFunction: computational error during private key operation$X>Il
API String ID: 985688456-980319426
Opcode ID: 34e80ae991febf7070316ab64de89ba3773badcef86beb40e05d7f4c2607c4fc
Instruction ID: cc3be618daaef871c4f6149a69cb7195984d25fd0d998b9e4541ad5ec4abcc44
Opcode Fuzzy Hash: 34e80ae991febf7070316ab64de89ba3773badcef86beb40e05d7f4c2607c4fc
Instruction Fuzzy Hash: C9A11D71900259EFCF14DFA4C984EEEB7B8BF19308F04855DE94AA7650DB34AA0DCB91

Uniqueness

Uniqueness Score: -1.00%

Function 6C400740 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 213fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C3FE9BF: SHGetFolderPathW.SHELL32(00000000,00008023,00000000,00000000,00000000,9634BA50,00000000,00000000,00000000,?,?,?,?,0000009C,6C48D9EF,000000FF), ref: 6C3FEA04
Part of subcall function 6C3FE9BF: PathAppendW.SHLWAPI(00000000,DIBsection,?,?,?,?,0000009C,6C48D9EF,000000FF,?,6C3FFC77,9634BA50,00000000,00000000,00000000), ref: 6C3FEA1A
Part of subcall function 6C3FE9BF: PathAppendW.SHLWAPI(00000000,0000000F,?,?,?,?,0000009C,6C48D9EF,000000FF,?,6C3FFC77,9634BA50,00000000,00000000,00000000), ref: 6C3FEA23

DeleteFileW.KERNEL32(00000000,9634BA50,00000000), ref: 6C40078F
SetFileAttributesW.KERNEL32(00000000,00000006,000000FF,00000080,00000000), ref: 6C400995

Strings

TATFV1, xrefs: 6C4007F0

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Path$AppendFile$AttributesDeleteFolder
String ID: TATFV1
API String ID: 641179217-3456698836
Opcode ID: 3a946d64ef5b312149e935a1e53a3ac5a3ede4d0414a13e249af65743ab94f99
Instruction ID: b6e6986152f3ed02abb6c07f85b8ece8cc16d248476bda99491084b93c5be045
Opcode Fuzzy Hash: 3a946d64ef5b312149e935a1e53a3ac5a3ede4d0414a13e249af65743ab94f99
Instruction Fuzzy Hash: 6971B1729016559FEB28CF24DC40FDAB7B5BF44308F1046AED45A63B80DB31AA49CF61

Uniqueness

Uniqueness Score: -1.00%

Function 6C47A58E Relevance: 4.7, APIs: 3, Instructions: 170fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C479D21: GetConsoleOutputCP.KERNEL32(00000000,00000000,?), ref: 6C479D69

WriteFile.KERNELBASE(?,00000000,00000000,6C4DC108,00000000,00000000,00000000,00000000,00000000,6C4DC108,00000010,6C46A249,00000000,00000000,00000000,00000000), ref: 6C47A6D4
GetLastError.KERNEL32 ref: 6C47A6DE
__dosmaperr.LIBCMT ref: 6C47A71D

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite__dosmaperr
String ID:
API String ID: 910155933-0
Opcode ID: bc0ec0c50343d4ab25c8c372f9ee72ba024beed379319412f4972e82d29d7412
Instruction ID: 76d66aea4b80a9dc8242b743bc4d8f04204df9562f69169177a29a195f4fa115
Opcode Fuzzy Hash: bc0ec0c50343d4ab25c8c372f9ee72ba024beed379319412f4972e82d29d7412
Instruction Fuzzy Hash: BC51E171E0110AABDB21DFA9C844FDEBBB4EF4A319F142049E400A7B91D375DA46CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 6C479A2A Relevance: 4.6, APIs: 3, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 6C479AFA

Part of subcall function 6C4798D0: _free.LIBCMT ref: 6C479930
Part of subcall function 6C4798D0: GetTimeZoneInformation.KERNELBASE(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C479AF1,?,?,00000000), ref: 6C479942

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: f8be51e2a344fe07e51916a7600c7422020eee4e5721b6b24b0b0355ee862f75
Instruction ID: f34f721f9069f3db88fc3a16e25d95bdf8e80218eb2bb9a7e3b5b6814ed6745b
Opcode Fuzzy Hash: f8be51e2a344fe07e51916a7600c7422020eee4e5721b6b24b0b0355ee862f75
Instruction Fuzzy Hash: D521073290231996DF30FA388C85EDA33BCDF92268F240259ED64A3A41EB71D94586B0

Uniqueness

Uniqueness Score: -1.00%

Function 6C46BD36 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(?,?,6C46BBDA,00000000,6C3F1A85,?), ref: 6C46BD7F
GetLastError.KERNEL32(?,?,00000000,6C3F19EB,00000000,?,6C3F1A85,?), ref: 6C46BD8B
__dosmaperr.LIBCMT ref: 6C46BD92

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: 1ec435b00f1403024dbf0ea67c325d57cd79babe7f62f5c0d94ad4cd69faa0d6
Instruction ID: dffdb0eb8176db257f9416a9c1efe7022667000577be5dbbb60dc945a42e53da
Opcode Fuzzy Hash: 1ec435b00f1403024dbf0ea67c325d57cd79babe7f62f5c0d94ad4cd69faa0d6
Instruction Fuzzy Hash: CB018C72504219AFDF05DFA2CC04EDE3B74EF00369F104198B81196E54DB718A50EBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6C477EF2 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 223fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?,00000000), ref: 6C478162

Strings

@, xrefs: 6C477FB3

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CreateFile
String ID: @
API String ID: 823142352-2766056989
Opcode ID: 817daad6ea2dec695ebf10e09797b5eec124ee5bf11d6f9e1928f3c556ee0775
Instruction ID: 4bc268817ff450beb33a10b46ab78dda94c7bfd606d4a3f6a08cceb124c7f8b9
Opcode Fuzzy Hash: 817daad6ea2dec695ebf10e09797b5eec124ee5bf11d6f9e1928f3c556ee0775
Instruction Fuzzy Hash: EA611171A09149AAEB31CA28DD84FED3768EB0136DF650626E924E7F90D375CD81C2B1

Uniqueness

Uniqueness Score: -1.00%

Function 6C3FEAB7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32(00000000,00008023,00000000,00000000,?,9634BA50,0000009C,00000000,00000000), ref: 6C3FEAFE

Strings

\DIBsection, xrefs: 6C3FEB1E

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: FolderPath
String ID: \DIBsection
API String ID: 1514166925-669289608
Opcode ID: 645cb2f0e24b3a294802b9c07efda436b1cefd8c42568ac972bed35fef150ae6
Instruction ID: 9b8f0e067bfac2f2aadba684f0d5ee875880f753d9f90daedc13fcaaef8e1769
Opcode Fuzzy Hash: 645cb2f0e24b3a294802b9c07efda436b1cefd8c42568ac972bed35fef150ae6
Instruction Fuzzy Hash: 2A418271A00214AFCB24DF64CC98FEAB7B8EF49304F0041ADE45993650DB349E89CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F1443 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3F144A

Part of subcall function 6C3EB988: __EH_prolog3.LIBCMT ref: 6C3EB98F

Part of subcall function 6C3EA437: __EH_prolog3.LIBCMT ref: 6C3EA43E

Part of subcall function 6C3E2153: __EH_prolog3.LIBCMT ref: 6C3E21C4
Part of subcall function 6C3E2153: std::locale::_Init.LIBCPMT ref: 6C3E220E

Strings

?Il, xrefs: 6C3F1474

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3$Initstd::locale::_
String ID: ?Il
API String ID: 463956699-3422423984
Opcode ID: 16c611486e0a16ba6673688737edf68126552f3f2047bf8c5a08e0ec9ba95e38
Instruction ID: 4d08780d526d3dd59d733a6d275f1c834ccb6a06832365544a1311b5c3b810f4
Opcode Fuzzy Hash: 16c611486e0a16ba6673688737edf68126552f3f2047bf8c5a08e0ec9ba95e38
Instruction Fuzzy Hash: 801153B0B10216AFDB05CF78C885F99BBF0BF48308F10866AA069DB741D770A9168F90

Uniqueness

Uniqueness Score: -1.00%

Function 6C413460 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C413467

Part of subcall function 6C4127F4: __EH_prolog3.LIBCMT ref: 6C4127FB

Part of subcall function 6C413508: __EH_prolog3.LIBCMT ref: 6C41350F

Strings

Integer: Min must be no greater than Max, xrefs: 6C4134DC

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: Integer: Min must be no greater than Max
API String ID: 4240126716-615354371
Opcode ID: 20b3f194b099c128de449d5ad7ab4f79c0bf765a9a544143462b8e39f2807fcb
Instruction ID: ad2f9944957d77da3aa717f5dc88eedfa88f0455b1dea4e845cec1e0acd271a8
Opcode Fuzzy Hash: 20b3f194b099c128de449d5ad7ab4f79c0bf765a9a544143462b8e39f2807fcb
Instruction Fuzzy Hash: 9B114C75A042589BCF04DFE1C894EFEBBB9AF99318F50401DD845A7B40DB74A90DCBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C4681F6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

"T@l, xrefs: 6C4681F8

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: "T@l
API String ID: 0-4105657523
Opcode ID: d5083f71e5b44cb9ae4df71972017d8c4e7a60b15056cb7888d04c8dac905473
Instruction ID: 342c65ca8bba0039ce40a72b17506b62cf604d32b000de14080693f12f630576
Opcode Fuzzy Hash: d5083f71e5b44cb9ae4df71972017d8c4e7a60b15056cb7888d04c8dac905473
Instruction Fuzzy Hash: 0DF0D132606A149BC631DA6B8800FDA33A88F43339F110B1BE860A2FD1DB74D44A87E5

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E1B41 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3E1B48

Strings

D!>l, xrefs: 6C3E1B55, 6C3E1B61, 6C3E1B72, 6C3E1B64

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: D!>l
API String ID: 431132790-159124143
Opcode ID: 40053d5c632fe45c2a89fd75e8e6e1d39c3298ec9ec860fc5ee60152e6dcc4c6
Instruction ID: d0e3d05c9e19abdf23c80091932ca51ee8db13223706d9d3c6166aaa9b71c930
Opcode Fuzzy Hash: 40053d5c632fe45c2a89fd75e8e6e1d39c3298ec9ec860fc5ee60152e6dcc4c6
Instruction Fuzzy Hash: CDE01272900239ABCF15DF54C814EEEBB70EF18724F10801AE89577A51DB709A19CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E75F4 Relevance: 3.1, APIs: 2, Instructions: 94COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 6C3E7688
__fread_nolock.LIBCMT ref: 6C3E76B9

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: __fread_nolock
String ID:
API String ID: 2638373210-0
Opcode ID: 36325ae9fc6de725ae21317e91409636039fdbe7c9289d62a526f7f8d673222b
Instruction ID: eb9cb7713cf2fee9c086ff0048b066098f9e9b9276f7fd5deebc472639fdeba8
Opcode Fuzzy Hash: 36325ae9fc6de725ae21317e91409636039fdbe7c9289d62a526f7f8d673222b
Instruction Fuzzy Hash: 3D31D1327002219FDB04CE6DC890AAB77A9EFCA71CF10853EF85497A51D77698088FA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C46B3F2 Relevance: 3.1, APIs: 2, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 258fff93d3b13228f9896675ca51fb7449b4110ad9d73f9725d8ae9cd4bd0da8
Instruction ID: 0387af8ec43a5ac1c367eb214d8d2eff4bc7766c577b7daee9605b5f443bfe5b
Opcode Fuzzy Hash: 258fff93d3b13228f9896675ca51fb7449b4110ad9d73f9725d8ae9cd4bd0da8
Instruction Fuzzy Hash: A121B072901218BAEB02EF669C41F9E37299F4273DF204319F9242BED4DB715D09A6E1

Uniqueness

Uniqueness Score: -1.00%

Function 6C433191 Relevance: 3.1, APIs: 2, Instructions: 76COMMON

Download Yara Rule

APIs

__RTC_Initialize.LIBCMT ref: 6C4331DE

Part of subcall function 6C432A90: InitializeSListHead.KERNEL32(6C4E7B00,6C4331E8,6C4DBA70,00000010,6C433179,?,?,?,6C4333A1,?,00000001,?,?,00000001,?,6C4DBAB8), ref: 6C432A95

___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6C433248

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
String ID:
API String ID: 3231365870-0
Opcode ID: 87ec6077181167195790708f8acd170ae80cf5695bb5949fc8771ffa3f0de738
Instruction ID: 40309e101fbd2ab35f6c10831c1bce78ed9573bc161cea83b09e817d0f410cf3
Opcode Fuzzy Hash: 87ec6077181167195790708f8acd170ae80cf5695bb5949fc8771ffa3f0de738
Instruction Fuzzy Hash: BC21D4316492759EDB20EBB69809FDC3B609F8E32DF10680DD84857FC2CF61054AC6E9

Uniqueness

Uniqueness Score: -1.00%

Function 6C46B6CA Relevance: 3.1, APIs: 2, Instructions: 54timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(00000000,?,?,?,?,6C46B601,?,?,00000000,00000000), ref: 6C46B6F8
SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?,?,?,?,6C46B601,?,?,00000000,00000000), ref: 6C46B70C

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Time$System$FileLocalSpecific
String ID:
API String ID: 1707611234-0
Opcode ID: e1e5bc0c293664574f51121cddf45c648ffe403b1148f024ed7d74ef500d46c3
Instruction ID: 1b888365d7dcdf96063b7ff9a1da358ed1e92da4446c6f45084c8223439627e2
Opcode Fuzzy Hash: e1e5bc0c293664574f51121cddf45c648ffe403b1148f024ed7d74ef500d46c3
Instruction Fuzzy Hash: A0111F7290020CABDB10DEA6C844ECFB7BCAB09316F505266F915E3584EB30EB44DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C4048F6 Relevance: 1.6, APIs: 1, Instructions: 145COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6C4048FD

Part of subcall function 6C40379F: __EH_prolog3_GS.LIBCMT ref: 6C4037A6

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_H_prolog3_catch_
String ID:
API String ID: 2112800272-0
Opcode ID: d0fa2f5cc20ab8b5bdfc972e0e23c41dc6e2566cc9456eaed0db3a77decfa496
Instruction ID: 8a3e02693728fa3afbd1a5253c5046f101ed21b59a1591d29d25cc3b3f2fcb33
Opcode Fuzzy Hash: d0fa2f5cc20ab8b5bdfc972e0e23c41dc6e2566cc9456eaed0db3a77decfa496
Instruction Fuzzy Hash: 8A51CE30E41218EBDB14DFA8D551EEDBBB1AF68308F14812DE95577B80CB344A099F95

Uniqueness

Uniqueness Score: -1.00%

Function 6C40519B Relevance: 1.6, APIs: 1, Instructions: 139COMMON

Download Yara Rule

APIs

__EH_prolog3_GS_align.LIBCMT ref: 6C4051A7

Part of subcall function 6C3E3DE9: __EH_prolog3.LIBCMT ref: 6C3E3DF0

Part of subcall function 6C40E529: __EH_prolog3_GS.LIBCMT ref: 6C40E530

Part of subcall function 6C3F25BF: __EH_prolog3.LIBCMT ref: 6C3F25C6

Part of subcall function 6C3F2573: CloseHandle.KERNEL32(00000000,?,6C4053C1,?,?,000000E8,00000008,6C40542D,?,00000010,6C405832,?), ref: 6C3F25B1

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3H_prolog3_$CloseHandleS_align
String ID:
API String ID: 2238001428-0
Opcode ID: 5e4ba6c91260a76a9c443dd6f18774a55e510cd79103d80e1f978a3be88b7d10
Instruction ID: e78e9ed973817dde562e064977b3dc14cbabd22a7bc5df25e79ec661e3897409
Opcode Fuzzy Hash: 5e4ba6c91260a76a9c443dd6f18774a55e510cd79103d80e1f978a3be88b7d10
Instruction Fuzzy Hash: 62515A31A00269DFCB64DB64CC84FDEB7B5AF19318F1040AED549A7691DB306B89CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6C403EFD Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C403F07

Part of subcall function 6C40379F: __EH_prolog3_GS.LIBCMT ref: 6C4037A6

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID:
API String ID: 2427045233-0
Opcode ID: 999650a7c38d9c6617b28c70f99d8cbe0b9969a25c72e2cecc01d8557ee4f0ac
Instruction ID: 1ff59adc6277efdc3aa4e477ee88dd52dc7fd47dccba7d8739537d0032dda3ef
Opcode Fuzzy Hash: 999650a7c38d9c6617b28c70f99d8cbe0b9969a25c72e2cecc01d8557ee4f0ac
Instruction Fuzzy Hash: DA31BE31B402159BDB14DF68D850FEDBBB1EF48314F14886ED509A7B81DB309A89CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6C403808 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C40380F

Part of subcall function 6C40379F: __EH_prolog3_GS.LIBCMT ref: 6C4037A6

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID:
API String ID: 2427045233-0
Opcode ID: 698b1c943e4cc737b54e9f281841652cfd7031866014bcabff3f8d7630686841
Instruction ID: f735f69ba492be365ec99746916a83a6bfb2c43bb183285e13346b00c7467600
Opcode Fuzzy Hash: 698b1c943e4cc737b54e9f281841652cfd7031866014bcabff3f8d7630686841
Instruction Fuzzy Hash: C0112F32AC462456E711DB348800FED6AA16F88718F10057CEDA55BB81DF64C90E8BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6C480380 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 6C4803BA

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: e31be87a611b6e7000d23cfa744ebab7ca68c45601be361ba39e854b4caccb55
Instruction ID: ff258c0209fb409838d9a3a9d3da28366a97d4df3c6953a4227c07ff11725f82
Opcode Fuzzy Hash: e31be87a611b6e7000d23cfa744ebab7ca68c45601be361ba39e854b4caccb55
Instruction Fuzzy Hash: F1114571A0420AAFCF05DF58E940DCB7BF5EF48308F004069F909AB311D630EA15CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6C4038F6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6C403900

Part of subcall function 6C40379F: __EH_prolog3_GS.LIBCMT ref: 6C4037A6

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_H_prolog3_catch_
String ID:
API String ID: 2112800272-0
Opcode ID: 2703b1805f639ae5df247c7a913d0622eb4ecc125f7d9691b878cad1057c924c
Instruction ID: 9e0b45e498525ecdde9295e5f20b13d4ff91126c9850cc6ac455ece629f83c03
Opcode Fuzzy Hash: 2703b1805f639ae5df247c7a913d0622eb4ecc125f7d9691b878cad1057c924c
Instruction Fuzzy Hash: 65110630E40228DACB11CBB48800FDDBB696F5430CF10889AD589F7780CF705A4E8FA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F228E Relevance: 1.6, APIs: 1, Instructions: 51timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNELBASE(?,?,000493E0,00000000,00000000,00000000,?,?,?,?,?,?,?,000000FF,?,6C3F1CA3), ref: 6C3F22ED

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: TimerWaitable
String ID:
API String ID: 1823812067-0
Opcode ID: 58f3b97b69cdb9066cedd9b68c72b4dfb95d9bf057d405480f81750491a17ffd
Instruction ID: 91bd65d3371fa9bdf536ad966681ca7eaa9cfce81ad9bad821d151df6b65d517
Opcode Fuzzy Hash: 58f3b97b69cdb9066cedd9b68c72b4dfb95d9bf057d405480f81750491a17ffd
Instruction Fuzzy Hash: 0D01B176B04751AFC614DE29C88982BF7A8FB89624B41892EE9158BB00DA31EC058ED1

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F9F6A Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3F9F71

Part of subcall function 6C3F9DA9: WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,?,6C4E88EC,?), ref: 6C3F9DED

Part of subcall function 6C3FA89E: __EH_prolog3.LIBCMT ref: 6C3FA8A5

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3$ObjectSingleWait
String ID:
API String ID: 3802047751-0
Opcode ID: 9f002bfb1d3c18d1172e4c9a371af3a2ba31a84cb8ae97000d38a5c0f410ba6f
Instruction ID: 19c0b269f9b2547230c618acc0b56109af20e1b795c26096bd8a89389438e617
Opcode Fuzzy Hash: 9f002bfb1d3c18d1172e4c9a371af3a2ba31a84cb8ae97000d38a5c0f410ba6f
Instruction Fuzzy Hash: 3C014970A05365AEEB05CF644050AEDBF706F5520CF14054ED6A43BB81CB75AA4BDFE2

Uniqueness

Uniqueness Score: -1.00%

Function 6C4036F2 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C4036F9

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: b15639b36a92a04233bfd7e4f012439db68ee7c1bbf04eb26e58183cf0bbbc76
Instruction ID: bbf61beb3b66481e1955ea3afeb860a174fbec3c503c1508b72f919ed06c0269
Opcode Fuzzy Hash: b15639b36a92a04233bfd7e4f012439db68ee7c1bbf04eb26e58183cf0bbbc76
Instruction Fuzzy Hash: E911A574B402159BCF10DF64C890FED3771AB4930DF1545A9C9917BB41CB216D0EDBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C4026A9 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C4026B0

Part of subcall function 6C3F9DA9: WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,?,6C4E88EC,?), ref: 6C3F9DED

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3ObjectSingleWait
String ID:
API String ID: 2100491740-0
Opcode ID: 4d658bd4263f53f61652dd5892b636420953fb7d46a198aa870f39413654b2d6
Instruction ID: 9b54b4c1d560abaf7a2361a85809c42ef5931ef5fbae0f58dc5b37e9804338b3
Opcode Fuzzy Hash: 4d658bd4263f53f61652dd5892b636420953fb7d46a198aa870f39413654b2d6
Instruction Fuzzy Hash: 83115970A00605DBDB61CF64C084FDEB7F4BB44309F10885ED596A7791DB70A989CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6C3FA89E Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3FA8A5

Part of subcall function 6C3F9AE3: __EH_prolog3.LIBCMT ref: 6C3F9AEA
Part of subcall function 6C3F9AE3: EnterCriticalSection.KERNEL32(?,00000008,6C3FA8DB,?,6C3FAFF3,?), ref: 6C3F9AF5
Part of subcall function 6C3F9AE3: LeaveCriticalSection.KERNEL32(?,?,00000008,6C3FA8DB,?), ref: 6C3F9B23
Part of subcall function 6C3F9AE3: EnterCriticalSection.KERNEL32(?,?,00000008,6C3FA8DB,?), ref: 6C3F9B45
Part of subcall function 6C3F9AE3: LeaveCriticalSection.KERNEL32(?,?,?,00000008,6C3FA8DB,?), ref: 6C3F9B74

Part of subcall function 6C3FADD1: __EH_prolog3.LIBCMT ref: 6C3FADD8

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalSection$H_prolog3$EnterLeave
String ID:
API String ID: 4021137310-0
Opcode ID: 8cd2584721896bd9dad0fc9a8046ee5dc24b645b7e552aeb6e00c88c1a0ddc9f
Instruction ID: d8c4e7f9a5169d369460bd7d6deade89b67301f7bfa1d827655d7c673c1dfbd8
Opcode Fuzzy Hash: 8cd2584721896bd9dad0fc9a8046ee5dc24b645b7e552aeb6e00c88c1a0ddc9f
Instruction Fuzzy Hash: 0311C5B0D0071AAFCB00DF6AC88099AFBB4BF18314B50866E94689BB50C774A655CFE1

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EA437 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3EA43E

Part of subcall function 6C3EC52A: __EH_prolog3_GS.LIBCMT ref: 6C3EC531
Part of subcall function 6C3EC52A: std::_Lockit::_Lockit.LIBCPMT ref: 6C3EC53E
Part of subcall function 6C3EC52A: std::_Lockit::~_Lockit.LIBCPMT ref: 6C3EC5A2

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Lockitstd::_$H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID:
API String ID: 2728201062-0
Opcode ID: 5f4753096f2a90741928abed47baf22cad95d6930fc98c2a7728349143d7a325
Instruction ID: 144b50bd9f617cc62f843d1cdbd1d34a8c8e9a2dab8dfa562799096b726b4d73
Opcode Fuzzy Hash: 5f4753096f2a90741928abed47baf22cad95d6930fc98c2a7728349143d7a325
Instruction Fuzzy Hash: 2A019E306002249FDB01CB65C949FADBBF5BF48329F10802AE5459BF90DB75E908CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6C45E1AA Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,6C3E165C,00000000,6C3E2DF5,?,6C3E165C,00000008,6C4DC3E0,00000008), ref: 6C45E20A

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 0bbdc1c8720d548222beb053baaa403bfc5054203b99e8c4effc9320c44d0c37
Instruction ID: 87bd7d52d4d04b2be01ea4e6aaa7dba13fbec9fd90b43df265520100866ee9b7
Opcode Fuzzy Hash: 0bbdc1c8720d548222beb053baaa403bfc5054203b99e8c4effc9320c44d0c37
Instruction Fuzzy Hash: 9D017C36A00219ABDB01DF58C880FAEBBB8FF48619F114059E925AB391DB70A901CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3FB0EF Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3FB0F6

Part of subcall function 6C3F9AE3: __EH_prolog3.LIBCMT ref: 6C3F9AEA
Part of subcall function 6C3F9AE3: EnterCriticalSection.KERNEL32(?,00000008,6C3FA8DB,?,6C3FAFF3,?), ref: 6C3F9AF5
Part of subcall function 6C3F9AE3: LeaveCriticalSection.KERNEL32(?,?,00000008,6C3FA8DB,?), ref: 6C3F9B23
Part of subcall function 6C3F9AE3: EnterCriticalSection.KERNEL32(?,?,00000008,6C3FA8DB,?), ref: 6C3F9B45
Part of subcall function 6C3F9AE3: LeaveCriticalSection.KERNEL32(?,?,?,00000008,6C3FA8DB,?), ref: 6C3F9B74

Part of subcall function 6C3F9CA2: __EH_prolog3_GS.LIBCMT ref: 6C3F9CA9
Part of subcall function 6C3F9CA2: EnterCriticalSection.KERNEL32(?,00000028,6C3FB167,6C3FB027,?,6C3FACB2,?,6C3FB027,?), ref: 6C3F9CBA
Part of subcall function 6C3F9CA2: CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 6C3F9CDA
Part of subcall function 6C3F9CA2: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 6C3F9CE7
Part of subcall function 6C3F9CA2: SetWaitableTimer.KERNELBASE(00000001,?,000493E0,00000000,00000000,00000000), ref: 6C3F9D29
Part of subcall function 6C3F9CA2: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 6C3F9D8D

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalSection$EnterLeave$H_prolog3TimerWaitable$CreateErrorH_prolog3_Last
String ID:
API String ID: 1872940341-0
Opcode ID: 545ecc589fec3b87d301389ced39897d0a3b95a46a2b7bf2d03007635f735342
Instruction ID: fb7c8d5491d28503a71dd59a738c83614046612554f44b7d073bb6c77b41bbbc
Opcode Fuzzy Hash: 545ecc589fec3b87d301389ced39897d0a3b95a46a2b7bf2d03007635f735342
Instruction Fuzzy Hash: 7411F0B1D00706AFCB40DFB9C400A9AFBF4BF48304B10892E9069D7B00EB34AA56CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6C478EC0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,6C3E2DD3,00000000,?,6C47B30E,00000001,00000364,FFFFFFFF,000000FF,?,6C45D730,7FFFFFC6,7FFFFFC0,7FFFFFC0), ref: 6C478F01

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: dc75889b17fed60a7a000d67e7ed0b9d455e09648e249cea1fb99f9dc86e35c6
Instruction ID: 0464d9489c43b472e977f8257005daad64597326c3a4be3ac633a78ea047a9a1
Opcode Fuzzy Hash: dc75889b17fed60a7a000d67e7ed0b9d455e09648e249cea1fb99f9dc86e35c6
Instruction Fuzzy Hash: F9F0B4326465349BEB71EA2B9C04FCB3799AF41765B114523E924FBE80CB30D40586F0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3FCEE4 Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3FCEEE

Part of subcall function 6C3F14EE: __EH_prolog3.LIBCMT ref: 6C3F14F5

Part of subcall function 6C3E2153: __EH_prolog3.LIBCMT ref: 6C3E21C4
Part of subcall function 6C3E2153: std::locale::_Init.LIBCPMT ref: 6C3E220E

Part of subcall function 6C3FCF6F: __EH_prolog3_catch_GS_align.LIBCMT ref: 6C3FCF7B

Part of subcall function 6C3F0E07: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 6C3F0E3F

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3$H_prolog3_H_prolog3_catch_InitIos_base_dtorS_alignstd::ios_base::_std::locale::_
String ID:
API String ID: 1125224168-0
Opcode ID: 4414f023e69e695a2f8b247797b94163b2fc4385aa8e59bbe916caf3677c32b6
Instruction ID: 00a531deb3312b2014d532be176f413caa9a9dcb92466d81887e5c6b89807b45
Opcode Fuzzy Hash: 4414f023e69e695a2f8b247797b94163b2fc4385aa8e59bbe916caf3677c32b6
Instruction Fuzzy Hash: 87018B71901119DBFB24DB10DC45FE8B374AB50308F108589E50CAB680DBB1AA4ACFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E1A4B Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3E1A52

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 9a36b154d3627d81a01ea5386e823385b7fa6ac97986b6f22aefe6a0fc4bd2bb
Instruction ID: ba9aac2a05722bee7c539084ad705285ca695d0deda54592d0eeeea7364ecc67
Opcode Fuzzy Hash: 9a36b154d3627d81a01ea5386e823385b7fa6ac97986b6f22aefe6a0fc4bd2bb
Instruction Fuzzy Hash: 08011635900229DBCF00CFA4C954EEE7BB4AF5C318F908059E85577691DB74EE49CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C47E245 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 6C478EC0: RtlAllocateHeap.NTDLL(00000008,6C3E2DD3,00000000,?,6C47B30E,00000001,00000364,FFFFFFFF,000000FF,?,6C45D730,7FFFFFC6,7FFFFFC0,7FFFFFC0), ref: 6C478F01

_free.LIBCMT ref: 6C47E267

Part of subcall function 6C47A768: HeapFree.KERNEL32(00000000,00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000), ref: 6C47A77E
Part of subcall function 6C47A768: GetLastError.KERNEL32(00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000,00000000), ref: 6C47A790

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Heap$AllocateErrorFreeLast_free
String ID:
API String ID: 314386986-0
Opcode ID: 276d8724f6e520aee69ebaccae84323900427befc063d678485cd2583d443af5
Instruction ID: b514b23356d28ffe0e31afd99b230dcc1383e6eef9b912307676bccef3e697f7
Opcode Fuzzy Hash: 276d8724f6e520aee69ebaccae84323900427befc063d678485cd2583d443af5
Instruction Fuzzy Hash: 8EF049726017009FE331DF45D841F92B7F8EB91B16F10882EE69A9BA90D7B4E445CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6C413508 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C41350F

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: cdc1fac33cd4df8552a5ff1d26e4614de79af00aaae68be6ab00b7ae4eea8a4c
Instruction ID: 6adbf69f1dc7b19ae8b48cba728d80ece36723a478cadb5c860c776203d3446f
Opcode Fuzzy Hash: cdc1fac33cd4df8552a5ff1d26e4614de79af00aaae68be6ab00b7ae4eea8a4c
Instruction Fuzzy Hash: 2EF06231905229AFDB01DB94CC80EEE77B8BF59318F20004DE1956B780CB34A909CF65

Uniqueness

Uniqueness Score: -1.00%

Function 6C47AAFD Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,7FFFFFC4,7FFFFFC0,?,6C45D730,7FFFFFC6,7FFFFFC0,7FFFFFC0,?,?,6C3E1573,6C3E2DD3,7FFFFFC4,6C3E2DD3,6C3E2DD3), ref: 6C47AB2F

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: ed2289cba83c377fe3d681618ae2de402a6cfbfa677839cbd2a338510bf16483
Instruction ID: e90000be3d9a92457553ad7204e85034df063cc1d7a28d5c32cbd101eb97c7d4
Opcode Fuzzy Hash: ed2289cba83c377fe3d681618ae2de402a6cfbfa677839cbd2a338510bf16483
Instruction Fuzzy Hash: 36E065216421259AEA31DA6A8D14FCA7F9ADF423AAF112125DF1497ED4DB20C800C5F1

Uniqueness

Uniqueness Score: -1.00%

Function 6C4099B8 Relevance: 1.5, APIs: 1, Instructions: 31threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?,00000000,?,?,?,6C3F2735,00000044,6C40527F,00000010,6C405832,?), ref: 6C4099F7

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 063dfcff6d412df66534375c4cda300f12ac54afb51848b2e7fb616d64f63753
Instruction ID: fc8a0be5b17f3434323ecfa4cbce47e70f139a33232a6ee13cf8c33ac3e088f0
Opcode Fuzzy Hash: 063dfcff6d412df66534375c4cda300f12ac54afb51848b2e7fb616d64f63753
Instruction Fuzzy Hash: BFF065313541106BDA24DF58EC81FA573E4EF85315F14046EF945CB751D6619D829A90

Uniqueness

Uniqueness Score: -1.00%

Function 6C4053DA Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6C4053E1

Part of subcall function 6C3F9DA9: WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,?,6C4E88EC,?), ref: 6C3F9DED

Part of subcall function 6C3FCEE4: __EH_prolog3_GS.LIBCMT ref: 6C3FCEEE

Part of subcall function 6C40519B: __EH_prolog3_GS_align.LIBCMT ref: 6C4051A7

Part of subcall function 6C3E2DDE: SetEvent.KERNEL32(00000000,?,00000000), ref: 6C3E2E02

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_$EventH_prolog3_catchObjectS_alignSingleWait
String ID:
API String ID: 2842236713-0
Opcode ID: dc5e7388a26ee399204ecd398175a9bd1e92bec19cf959913acb292118e269c7
Instruction ID: 89319d883e94ffdf91029d2ba9f4adb439bb84e52f1f37429595737095e721c7
Opcode Fuzzy Hash: dc5e7388a26ee399204ecd398175a9bd1e92bec19cf959913acb292118e269c7
Instruction Fuzzy Hash: 06F0B470F402289BCF15EBA88014FECBAA15F9472DF21405DD584ABB80CBB94E0A97D6

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E2B49 Relevance: 1.5, APIs: 1, Instructions: 25networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000002,00000002), ref: 6C3E2B7A

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: b8e81ae17be4991dc70eb2c627c4c547b20b576b664198747d82ad9d1399fa8c
Instruction ID: 0b3c29760e845e8689521f51aa6a6f5561592a9ad4c84c27bcacf8ffeb2153f2
Opcode Fuzzy Hash: b8e81ae17be4991dc70eb2c627c4c547b20b576b664198747d82ad9d1399fa8c
Instruction Fuzzy Hash: B6E09231A152114BDB64FB38C95BAB973E8EB4F329F41062EDD6EC6580EE3194058AC2

Uniqueness

Uniqueness Score: -1.00%

Function 6C4214A1 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C4214A8

Part of subcall function 6C421466: __EH_prolog3.LIBCMT ref: 6C42146D

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 85c26ab7b1b19565ec9f3e4309f186aea75fad1f5d0b35fd39ab0935907b868e
Instruction ID: f81570ba18c0bfbe0aa97be2bd24ce75891fa438804ccee453f71f8283839c20
Opcode Fuzzy Hash: 85c26ab7b1b19565ec9f3e4309f186aea75fad1f5d0b35fd39ab0935907b868e
Instruction Fuzzy Hash: 67E0E531901119AFDF05DF94CC15EED7B31FF54318F108459A4591B6A0DB729A29DF81

Uniqueness

Uniqueness Score: -1.00%

Function 6C3FAFF3 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3FAFFA

Part of subcall function 6C3FB0EF: __EH_prolog3.LIBCMT ref: 6C3FB0F6

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: af9f5824788343aa82165147347c3ddf5e671cca246dc920769abdc67015d713
Instruction ID: 8f3db3130cfa99357a0f75ffaf82a4c93c3dc42a04dca67be046ba234fee1a01
Opcode Fuzzy Hash: af9f5824788343aa82165147347c3ddf5e671cca246dc920769abdc67015d713
Instruction Fuzzy Hash: FFD0C230A5113076E721EB919C01FCC3A106F94A6DF804018F1987EBC1CBA4560987D9

Uniqueness

Uniqueness Score: -1.00%

Function 6C478145 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?,00000000), ref: 6C478162

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: ba888b6c8cd88b57eb77e5a038d5f6ec5a021024d23a8530c11bcbbeafdd6886
Instruction ID: 696ed214f0245d432da759a88967d0156251ae7e1620a26016d19e4a03ec4df6
Opcode Fuzzy Hash: ba888b6c8cd88b57eb77e5a038d5f6ec5a021024d23a8530c11bcbbeafdd6886
Instruction Fuzzy Hash: FDD06C3210010DBBDF129E84DD0AEDA3BBAFB48714F018000BA1856020C732E861EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E3DE9 Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3E3DF0

Part of subcall function 6C427BD6: __EH_prolog3.LIBCMT ref: 6C427BDD

Part of subcall function 6C4214A1: __EH_prolog3.LIBCMT ref: 6C4214A8

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: c37d39a842a58b4b974a0e9395ae5c2303f6281746aa6341fc9c5aadcb238721
Instruction ID: d7b58a4c97ef632b13f1e702a7e051d04bd878ddabcfcbb169a1b86f15f51280
Opcode Fuzzy Hash: c37d39a842a58b4b974a0e9395ae5c2303f6281746aa6341fc9c5aadcb238721
Instruction Fuzzy Hash: 45D0A7B2B40234A7D711DB608413FADB910AF64B3DF00404DE2445FFC0CBB5890983EA

Uniqueness

Uniqueness Score: -1.00%

Function 6C421466 Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C42146D

Part of subcall function 6C42138B: __EH_prolog3_GS.LIBCMT ref: 6C421392
Part of subcall function 6C42138B: BCryptGenRandom.BCRYPT(?,00000000,00000000,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000,00000010,6C3E3E14,00000000), ref: 6C4213C2

Part of subcall function 6C42134F: BCryptCloseAlgorithmProvider.BCRYPT(?,00000000,6C42149B,00000000,?,00000008,6C4214CC,?,?,00000000,00000000,00000010,6C3E3E14,00000000,00000020,00000004), ref: 6C421358

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Crypt$AlgorithmCloseH_prolog3H_prolog3_ProviderRandom
String ID:
API String ID: 3013398009-0
Opcode ID: 69aa529bed7937d3761ddf1599d16b8250951fb42c2c004608644bcd593bcfa0
Instruction ID: c26b02b69b91066be1f691152e0b1e07bb4bc4646934b215eaad07596cb6b283
Opcode Fuzzy Hash: 69aa529bed7937d3761ddf1599d16b8250951fb42c2c004608644bcd593bcfa0
Instruction Fuzzy Hash: C1E0EC314002299ADF01DF91C912FEEBB31BF54219F90440CA41076A90DB369B18CBA2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6C4080C1 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 6C4080C7
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6C4080D5
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6C4080E6
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6C4080F7
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6C408108
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 6C408119
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 6C40812A
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 6C40813B
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 6C40814C
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 6C40815D
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 6C40816E
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 6C40817F
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 6C408190
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 6C4081A1
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 6C4081B2
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 6C4081C3
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 6C4081D4
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 6C4081E5
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 6C4081F6
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 6C408207
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 6C408218
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 6C408229
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 6C40823A
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 6C40824B
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 6C40825C
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C40826D
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 6C40827E
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 6C40828F
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 6C4082A0
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 6C4082B1
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 6C4082C2
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 6C4082D3
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 6C4082E4
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 6C4082F5
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 6C408306
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 6C408317
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 6C408328
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 6C408339
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 6C40834A
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 6C40835B
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 6C40836C

Strings

AcquireSRWLockExclusive, xrefs: 6C4082C8
FlsAlloc, xrefs: 6C4080CF
FlsFree, xrefs: 6C4080DB
FreeLibraryWhenCallbackReturns, xrefs: 6C4081EB
GetLocaleInfoEx, xrefs: 6C408350
CreateThreadpoolTimer, xrefs: 6C408163
WakeConditionVariable, xrefs: 6C408284
CloseThreadpoolWork, xrefs: 6C40832E
InitializeSRWLock, xrefs: 6C4082B7
CreateThreadpoolWork, xrefs: 6C40830C
GetSystemTimePreciseAsFileTime, xrefs: 6C408262
GetTickCount64, xrefs: 6C40822F
GetFileInformationByHandleEx, xrefs: 6C408240
GetCurrentProcessorNumber, xrefs: 6C4081FC
SubmitThreadpoolWork, xrefs: 6C40831D
WaitForThreadpoolTimerCallbacks, xrefs: 6C408185
CreateThreadpoolWait, xrefs: 6C4081A7
kernel32.dll, xrefs: 6C4080C2
SetThreadpoolTimer, xrefs: 6C408174
SleepConditionVariableCS, xrefs: 6C4082A6
FlsSetValue, xrefs: 6C4080FD
CloseThreadpoolTimer, xrefs: 6C408196
LCMapStringEx, xrefs: 6C408361
WakeAllConditionVariable, xrefs: 6C408295
TryAcquireSRWLockExclusive, xrefs: 6C4082D9
CloseThreadpoolWait, xrefs: 6C4081C9
ReleaseSRWLockExclusive, xrefs: 6C4082EA
GetCurrentPackageId, xrefs: 6C40821E
CreateEventExW, xrefs: 6C408130
SetFileInformationByHandle, xrefs: 6C408251
CreateSemaphoreExW, xrefs: 6C408152
InitializeCriticalSectionEx, xrefs: 6C40810E
FlushProcessWriteBuffers, xrefs: 6C4081DA
InitOnceExecuteOnce, xrefs: 6C40811F
InitializeConditionVariable, xrefs: 6C408273
SetThreadpoolWait, xrefs: 6C4081B8
CompareStringEx, xrefs: 6C40833F
SleepConditionVariableSRW, xrefs: 6C4082FB
CreateSymbolicLinkW, xrefs: 6C408212
FlsGetValue, xrefs: 6C4080EC
CreateSemaphoreW, xrefs: 6C408141

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: 0ee1382a0f9bc8954c0320dc5d54ef4e42918cd6b8936267c2d5ebe25fe1bd57
Instruction ID: d9f74078161b7d482b47c21619c72ce706f2dfcc295373558e8b11893f8a02ba
Opcode Fuzzy Hash: 0ee1382a0f9bc8954c0320dc5d54ef4e42918cd6b8936267c2d5ebe25fe1bd57
Instruction Fuzzy Hash: 926127B1A52274ABCF60FFB5888ED963FF8BA2F2157028916B309E3603DB7544118F55

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F7471 Relevance: 117.3, APIs: 45, Strings: 21, Instructions: 1802COMMON

Download Yara Rule

APIs

__EH_prolog3_GS_align.LIBCMT ref: 6C3F747D
GetAdaptersInfo.IPHLPAPI(00000000,?), ref: 6C3F7639
GetAdaptersInfo.IPHLPAPI(00000000,?), ref: 6C3F7662
CoInitializeEx.OLE32(00000000,00000000,00000000,?,?,?,?,00000022,0000000C,6C403897,00000000), ref: 6C3F7708

Strings

Parallels, xrefs: 6C3F8028
Version, xrefs: 6C3F821B
Select Capacity from Win32_PhysicalMemory, xrefs: 6C3F86EF
Select Name, SerialNumber, SMBIOSBIOSVersion, Manufacturer, Version from Win32_BIOS, xrefs: 6C3F7C77
VMware, xrefs: 6C3F800E
SerialNumber, xrefs: 6C3F7F6F
Manufacturer, xrefs: 6C3F81AC, 6C3F841A, 6C3F89DB
Name, xrefs: 6C3F8076, 6C3F88BD
Select Product, Manufacturer from Win32_BaseBoard, xrefs: 6C3F82B8
Select Model from Win32_DiskDrive, xrefs: 6C3F7D9B
ProcessorId, xrefs: 6C3F85F6
Capacity, xrefs: 6C3F8799
Product, xrefs: 6C3F8359
VirtualBox, xrefs: 6C3F8140
SMBIOSBIOSVersion, xrefs: 6C3F8117
Xen, xrefs: 6C3F81CF, 6C3F823E
Select ProcessorId, Name, Manufacturer from Win32_Processor, xrefs: 6C3F8551
root\cimv2, xrefs: 6C3F787E
Winmgmt, xrefs: 6C3F78DE
Model, xrefs: 6C3F7E54
WQL, xrefs: 6C3F79F2

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AdaptersInfo$H_prolog3_InitializeS_align
String ID: Capacity$Manufacturer$Model$Name$Parallels$ProcessorId$Product$SMBIOSBIOSVersion$Select Capacity from Win32_PhysicalMemory$Select Model from Win32_DiskDrive$Select Name, SerialNumber, SMBIOSBIOSVersion, Manufacturer, Version from Win32_BIOS$Select ProcessorId, Name, Manufacturer from Win32_Processor$Select Product, Manufacturer from Win32_BaseBoard$SerialNumber$VMware$Version$VirtualBox$WQL$Winmgmt$Xen$root\cimv2
API String ID: 502173611-2058923299
Opcode ID: e033257122b6f71e32c657796fd897bd37dfc8f0c868734c6c4e527a628c7fdf
Instruction ID: f3c02b3eacd570f2fb340ecd0b4b35c96d12baf6ea9551cc33efe05defb1cf32
Opcode Fuzzy Hash: e033257122b6f71e32c657796fd897bd37dfc8f0c868734c6c4e527a628c7fdf
Instruction Fuzzy Hash: 6CF2D430E002589FDF29CFA5CC48BADB7B9BF46308F144999E429EB651D7319A86CF11

Uniqueness

Uniqueness Score: -1.00%

Function 6C45A541 Relevance: 42.3, APIs: 13, Strings: 11, Instructions: 256fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C44F8F0: MultiByteToWideChar.KERNEL32(0000FDE9,00000008,00000000,000000FF,00000000,00000000,00000000,00000000,6C44F9BD,00000000,00000000,?,00000000,6C441650,00000000,6C498858), ref: 6C44F909
Part of subcall function 6C44F8F0: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,0000071B,?,00000000), ref: 6C44F934

GetFileSizeEx.KERNEL32(00000000,?), ref: 6C45A600
GetLastError.KERNEL32(?,00000100), ref: 6C45A614

Part of subcall function 6C451ED9: _strncpy.LIBCMT ref: 6C451F18
Part of subcall function 6C451ED9: GetLastError.KERNEL32 ref: 6C451F39
Part of subcall function 6C451ED9: SetLastError.KERNEL32(00000000), ref: 6C451F44

GetLastError.KERNEL32(?,00000100,00000000,?,00000000,?), ref: 6C45A597

Part of subcall function 6C451ED9: GetLastError.KERNEL32(?,00000000,?,6C45A3EA,00000000), ref: 6C451EDC

CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,00000000,?), ref: 6C45A5CC
GetLastError.KERNEL32(?,00000100), ref: 6C45A5E5
CloseHandle.KERNEL32(?), ref: 6C45A819

Strings

schannel: failed to determine size of CA file '%s': %s, xrefs: 6C45A622
schannel: CA file exceeds max size of %u bytes, xrefs: 6C45A64E
schannel: failed to add certificate from CA file '%s' to certificate store: %s, xrefs: 6C45A7C4
-----BEGIN CERTIFICATE-----, xrefs: 6C45A6CA
-----END CERTIFICATE-----, xrefs: 6C45A6F0
schannel: failed to extract certificate from CA file '%s': %s, xrefs: 6C45A7F8
schannel: CA file '%s' is not correctly formatted, xrefs: 6C45A800
schannel: unexpected content type '%d' when extracting certificate from CA file '%s', xrefs: 6C45A7D0
schannel: invalid path name for CA file '%s': %s, xrefs: 6C45A5A5
schannel: failed to open CA file '%s': %s, xrefs: 6C45A5F3
schannel: failed to read from CA file '%s': %s, xrefs: 6C45A79C

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast$ByteCharFileMultiWide$CloseCreateHandleSize_strncpy
String ID: -----END CERTIFICATE-----$-----BEGIN CERTIFICATE-----$schannel: CA file '%s' is not correctly formatted$schannel: CA file exceeds max size of %u bytes$schannel: failed to add certificate from CA file '%s' to certificate store: %s$schannel: failed to determine size of CA file '%s': %s$schannel: failed to extract certificate from CA file '%s': %s$schannel: failed to open CA file '%s': %s$schannel: failed to read from CA file '%s': %s$schannel: invalid path name for CA file '%s': %s$schannel: unexpected content type '%d' when extracting certificate from CA file '%s'
API String ID: 1831725766-4093726272
Opcode ID: 584135d4d1c5f69609786c0d3ceb67f4d72d9d86030b4bc36dd6304c158ff9a2
Instruction ID: b0c1d51dc32a860c87f07e0df83b353862257a6c7bd9b00b68b922e860efbdfc
Opcode Fuzzy Hash: 584135d4d1c5f69609786c0d3ceb67f4d72d9d86030b4bc36dd6304c158ff9a2
Instruction Fuzzy Hash: 5581C471A05355AFE710DF25CC48EAB7BBCEF5A718F80091EF68592A80D730D9158BB2

Uniqueness

Uniqueness Score: -1.00%

Function 6C4402AC Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 337networkCOMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 6C440505
htons.WS2_32(?), ref: 6C44053A
htons.WS2_32(?), ref: 6C44057D
htons.WS2_32(?), ref: 6C4405B3
bind.WS2_32(?,?,?), ref: 6C4405EE
htons.WS2_32(?), ref: 6C440610
bind.WS2_32(?,?,?), ref: 6C440627
getsockname.WS2_32(?,?,?), ref: 6C44065D
WSAGetLastError.WS2_32 ref: 6C440667
WSAGetLastError.WS2_32 ref: 6C44069D

Strings

getsockname() failed with errno %d: %s, xrefs: 6C44068A
bind failed with errno %d: %s, xrefs: 6C4406C0
Couldn't bind to '%s', xrefs: 6C440594
Couldn't bind to interface '%s', xrefs: 6C440456

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: htons$ErrorLastbind$___from_strstr_to_strchrgetsockname
String ID: Couldn't bind to '%s'$Couldn't bind to interface '%s'$bind failed with errno %d: %s$getsockname() failed with errno %d: %s
API String ID: 3019491166-44904850
Opcode ID: f918e626deeeca7f6988222851bb671491ed4ca201b384ce32b80681d0caa020
Instruction ID: f193b5fc7d7b3fc7ee9dc889decfc5fb9232bd294e4de89e580bea5966fcb627
Opcode Fuzzy Hash: f918e626deeeca7f6988222851bb671491ed4ca201b384ce32b80681d0caa020
Instruction Fuzzy Hash: 49C1DB71508381AFE721DF24C844FAB7BE8EF99318F24861DF98897641E731D51987A2

Uniqueness

Uniqueness Score: -1.00%

Function 6C448197 Relevance: 24.1, APIs: 16, Instructions: 148networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 6C4481C9
htonl.WS2_32(7F000001), ref: 6C4481EE
setsockopt.WS2_32(00000000,0000FFFF,00000004,00000006,00000004), ref: 6C448213
bind.WS2_32(00000000,00000002,00000010), ref: 6C448229
getsockname.WS2_32(00000000,00000002,00000006), ref: 6C448242
listen.WS2_32(00000000,00000001), ref: 6C448253
socket.WS2_32(00000002,00000001,00000000), ref: 6C448269
connect.WS2_32(00000000,00000002,00000010), ref: 6C44827D
accept.WS2_32(00000000,00000000,00000000), ref: 6C448290
__fprintf_l.LIBCMT ref: 6C4482AA
send.WS2_32(?,?,?,00000000), ref: 6C4482CC
recv.WS2_32(00000008,?,0000000C,00000000), ref: 6C4482E2
closesocket.WS2_32(00000000), ref: 6C448304
closesocket.WS2_32(00000000), ref: 6C448315
closesocket.WS2_32(?), ref: 6C448319
closesocket.WS2_32(00000008), ref: 6C44831E

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: closesocket$socket$__fprintf_lacceptbindconnectgetsocknamehtonllistenrecvsendsetsockopt
String ID:
API String ID: 4040947024-0
Opcode ID: 49ab0df351421ee54859f2d07f3d04595d5af97b01435f5b6b9824642dc2db9d
Instruction ID: 094f7566181ebcf7f63d76f7d90eeacd8bc8f57c79d072bbd1fb02f6f02ae220
Opcode Fuzzy Hash: 49ab0df351421ee54859f2d07f3d04595d5af97b01435f5b6b9824642dc2db9d
Instruction Fuzzy Hash: 8F41C271704214AFE720EF60CD49F6BBBAAFF46704F60491AF551D6180DB71D9088BA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F1F8C Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 284COMMON

Download Yara Rule

APIs

PostQueuedCompletionStatus.KERNEL32(?,00000001,00000001,00000001,?,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F), ref: 6C3F1FBA
GetLastError.KERNEL32(?,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832,?), ref: 6C3F1FC4
__EH_prolog3_GS.LIBCMT ref: 6C3F200A
EnterCriticalSection.KERNEL32(?), ref: 6C3F2039
LeaveCriticalSection.KERNEL32(?,?), ref: 6C3F209F
SetLastError.KERNEL32(00000000,00000048,?,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832), ref: 6C3F20B1
GetQueuedCompletionStatus.KERNEL32(?,000000FF,?,?,00000004,?,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044), ref: 6C3F20C9
GetLastError.KERNEL32(?,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832,?), ref: 6C3F20D2
PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000), ref: 6C3F21DD
GetLastError.KERNEL32 ref: 6C3F21E7

Strings

$8Il, xrefs: 6C3F1FCD, 6C3F1FD2, 6C3F20F0, 6C3F20F8, 6C3F2133, 6C3F21ED, 6C3F21F5, 6C3F2229, 6C3F2231, 6C3F2243
pqcs, xrefs: 6C3F1FF5

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast$CompletionQueuedStatus$CriticalPostSection$EnterH_prolog3_Leave
String ID: $8Il$pqcs
API String ID: 4045081058-1275610015
Opcode ID: 3b75ca05bb478568244b742bde1298d409092cbb360611abbef86c9b19245618
Instruction ID: ab47e4ec37cd697087aa98bd91918cc35eeb4c4fc6519018780e1bcaedbf12ed
Opcode Fuzzy Hash: 3b75ca05bb478568244b742bde1298d409092cbb360611abbef86c9b19245618
Instruction Fuzzy Hash: ACA1E071D00219EFCF19CFA9D9489DEBBB8FF09314B11852AE865A7600DB319906CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F711B Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 266COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3F7125
SysFreeString.OLEAUT32(00000000), ref: 6C3F71F6
VariantClear.OLEAUT32(00000000), ref: 6C3F735B
VariantClear.OLEAUT32(00000000), ref: 6C3F73B6
SysFreeString.OLEAUT32(00000000), ref: 6C3F7452

Strings

GUID, xrefs: 6C3F7273
DeviceID, xrefs: 6C3F7374
SELECT GUID, DeviceID FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE AND (PNPDeviceID LIKE "PCI\\%" OR PNPDeviceID LIKE "U, xrefs: 6C3F71C9
WQL, xrefs: 6C3F713A

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ClearFreeStringVariant$H_prolog3_
String ID: DeviceID$GUID$SELECT GUID, DeviceID FROM Win32_NetworkAdapter WHERE PhysicalAdapter = TRUE AND (PNPDeviceID LIKE "PCI\\%" OR PNPDeviceID LIKE "U$WQL
API String ID: 2589909221-3455312690
Opcode ID: 57e6b480061f5e8d0b6f906e2877f4238ca64b4a9a108a5cc159ed5a182402ab
Instruction ID: 085318332b81f6c8ac3ad7b11b582d501a05445f91a76e3ac7c0fc1d4b4f56cf
Opcode Fuzzy Hash: 57e6b480061f5e8d0b6f906e2877f4238ca64b4a9a108a5cc159ed5a182402ab
Instruction Fuzzy Hash: 8CA1E531E01255DFDB21DFA4CC44AEEB7B5AF85308F1089A9D459AB640DB309E86CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6C45A850 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 140encryptionCOMMON

Download Yara Rule

APIs

CertGetNameStringW.CRYPT32(?,00000006,00010002,00000000,?,?), ref: 6C45A892

Strings

schannel: Not enough memory to list all host names., xrefs: 6C45A9CF
schannel: Null certificate context., xrefs: 6C45A8C4
2.5.29.17, xrefs: 6C45A8ED, 6C45A925
schannel: Null certificate info., xrefs: 6C45A8E0
schannel: CertFindExtension() returned no extension., xrefs: 6C45A8FC
schannel: CryptDecodeObjectEx() returned no alternate name information., xrefs: 6C45A939

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CertNameString
String ID: 2.5.29.17$schannel: CertFindExtension() returned no extension.$schannel: CryptDecodeObjectEx() returned no alternate name information.$schannel: Not enough memory to list all host names.$schannel: Null certificate context.$schannel: Null certificate info.
API String ID: 149855834-882765523
Opcode ID: 07571d2b6deb185a17201bf35c00e163f70548231e555d5d7846f490bd14c097
Instruction ID: de220418ccf9741dcc2ba6bbd10a10849c436ee9f5faaee8f0b085e4168f3b25
Opcode Fuzzy Hash: 07571d2b6deb185a17201bf35c00e163f70548231e555d5d7846f490bd14c097
Instruction Fuzzy Hash: 3341FF71208362EFC310DF19C840E2ABBF1FF85709F81491EF5859BA50D731986ACBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6C486F2A Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C47B16C: GetLastError.KERNEL32(00000006,00000000,0000000A,6C46898C,00000000,00000000,00000006,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B171
Part of subcall function 6C47B16C: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B20F

GetACP.KERNEL32(?,?,?,?,?,?,6C47C7B5,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 6C486FEB
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6C47C7B5,?,?,?,00000055,?,-00000050,?,?), ref: 6C487016
_wcschr.LIBVCRUNTIME ref: 6C4870AA
_wcschr.LIBVCRUNTIME ref: 6C4870B8
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6C487179

Strings

YLlU, xrefs: 6C486F6C
8RLlE, xrefs: 6C486FA1
utf8, xrefs: 6C4870E8

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
String ID: 8RLlE$utf8$YLlU
API String ID: 4147378913-2283748238
Opcode ID: 81985a74834f3bbda8b03abe701737168092c6ea32a4a5b34dab818f4ab250af
Instruction ID: 9377573ad2eda40ce214c2218bf089b60b6cae7ce5e5c68a24f16eecbeeb2566
Opcode Fuzzy Hash: 81985a74834f3bbda8b03abe701737168092c6ea32a4a5b34dab818f4ab250af
Instruction Fuzzy Hash: 4571FF32716602AAE725EB25CC41FEA73B8EF45759F100429FA04DBF81EB70E84487A0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F5929 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 207fileCOMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,?,00000000), ref: 6C3F594C
GetVolumePathNameW.KERNEL32(?,?,00000104), ref: 6C3F596E
GetVolumeNameForVolumeMountPointW.KERNEL32(?,?,00000104), ref: 6C3F5987
CreateFileW.KERNEL32(?,00000000,00000007,00000000,00000003,02000000,00000000), ref: 6C3F59E2
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000020,?,00000000), ref: 6C3F5A58
DeviceIoControl.KERNEL32(?,002D1400,?,0000000C,00000000,?,?,00000000), ref: 6C3F5A97
CloseHandle.KERNEL32(?,?,00000000), ref: 6C3F5B5F

Strings

\, xrefs: 6C3F59AB

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Volume$ControlDeviceNamePath$CloseCreateFileFolderHandleMountPoint
String ID: \
API String ID: 1997105313-2967466578
Opcode ID: 2c8758f939fd175682409fa87f8a26fd3a9088226d3ec65de3639c64565334d7
Instruction ID: 1b6ca2eddc7bb7b8d9700cbc220f5d497b7dc9c73b2b50377489c5c2e4a9c2a8
Opcode Fuzzy Hash: 2c8758f939fd175682409fa87f8a26fd3a9088226d3ec65de3639c64565334d7
Instruction Fuzzy Hash: 8161B171604305AFD714DF25C888EABBBF8EF85314F10892DF9A582641D734DA4ACFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C48788B Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C47B16C: GetLastError.KERNEL32(00000006,00000000,0000000A,6C46898C,00000000,00000000,00000006,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B171
Part of subcall function 6C47B16C: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B20F

Part of subcall function 6C47B16C: _free.LIBCMT ref: 6C47B1CE
Part of subcall function 6C47B16C: _free.LIBCMT ref: 6C47B204

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 6C487997
IsValidCodePage.KERNEL32(00000000), ref: 6C4879E0
IsValidLocale.KERNEL32(?,00000001), ref: 6C4879EF
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 6C487A37
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 6C487A56

Strings

YLlU, xrefs: 6C4878F0
8RLlE, xrefs: 6C487944

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID: 8RLlE$YLlU
API String ID: 949163717-2534537158
Opcode ID: 2915850a409ef135b45497679bf8c0283baf490a114dba4353a4c4de826aafaa
Instruction ID: 6705177bb8df95b0ceb207c5c47359bf3e2e699a95727c04f830be42f83c1a0c
Opcode Fuzzy Hash: 2915850a409ef135b45497679bf8c0283baf490a114dba4353a4c4de826aafaa
Instruction Fuzzy Hash: BB51AD71B06205AAFF10DFA5CC54EAE73B8BF45309F140529F924E7650EB70D944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C44D94F Relevance: 10.6, APIs: 7, Instructions: 79encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextW.ADVAPI32(?,00000000,00000000,?,F0000040), ref: 6C44D98A
CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 6C44D9A0
CryptHashData.ADVAPI32(?,?,?,00000000), ref: 6C44D9B4
CryptGetHashParam.ADVAPI32(?,00000004,?,?,00000000), ref: 6C44D9D1
CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 6C44D9E9
CryptDestroyHash.ADVAPI32(?), ref: 6C44D9F3
CryptReleaseContext.ADVAPI32(?,00000000), ref: 6C44DA02

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Crypt$Hash$ContextParam$AcquireCreateDataDestroyRelease
String ID:
API String ID: 3606780921-0
Opcode ID: 96737903112ee6cf5ac72428ba1e86bbb3cdaba75f1204d3c7259d21c1b6979b
Instruction ID: 024d4ecbc6115f7f806dc7984f4dff3a7d0fb9c3cb2e0636d8a9c18c799d72a8
Opcode Fuzzy Hash: 96737903112ee6cf5ac72428ba1e86bbb3cdaba75f1204d3c7259d21c1b6979b
Instruction Fuzzy Hash: 6121D4B290111DBFEF11EF96CC85DAFBB7DFB05649F208465BA10A2150D7319E21DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F6F7F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 162comCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3F6F86
CoCreateInstance.OLE32(6C4BC5F4,00000000,00000001,6C4BC614,00000000,?,?,?,?,?,?,?,?,?,?,00000010), ref: 6C3F6FC0
SysFreeString.OLEAUT32(00000000), ref: 6C3F700F
CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,?,?,?), ref: 6C3F7028

Strings

root\StandardCimv2, xrefs: 6C3F6FE0

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: BlanketCreateFreeH_prolog3_InstanceProxyString
String ID: root\StandardCimv2
API String ID: 2704008548-3092346560
Opcode ID: d4f9eaf055bbeafb82fdf33a9ed398f4c56c2568ae389c66fc7bbe4766727711
Instruction ID: 4a27b2ae8681cda2c42a8354d4b6a6cf7134bce248c88352e82477731abd25cb
Opcode Fuzzy Hash: d4f9eaf055bbeafb82fdf33a9ed398f4c56c2568ae389c66fc7bbe4766727711
Instruction Fuzzy Hash: B351C170A01216AFEB15CBA4C854FFEB779AF46708F108858E411EB690CB769D46CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C4876B6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,6C4879D4,00000002,00000000,?,?,?,6C4879D4,?,00000000), ref: 6C48774F
GetLocaleInfoW.KERNEL32(?,20001004,6C4879D4,00000002,00000000,?,?,?,6C4879D4,?,00000000), ref: 6C487778
GetACP.KERNEL32(?,?,6C4879D4,?,00000000), ref: 6C48778D

Strings

OCP, xrefs: 6C48770A
ACP, xrefs: 6C4876D4

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: d34d6650fcfd5af4538fada39861599f18aeaa73ed1c7a49aabc1d235042ffdd
Instruction ID: 70d8d43ee97ff71a3fd9d6c59f447e9a7adcd7d71bd9c1d34006d366aaaa5d02
Opcode Fuzzy Hash: d34d6650fcfd5af4538fada39861599f18aeaa73ed1c7a49aabc1d235042ffdd
Instruction Fuzzy Hash: E721B521F0F100A6EB25DF69C961F8773B7AB40B59B5A4524F909D7B14E732FA41C390

Uniqueness

Uniqueness Score: -1.00%

Function 6C45D04E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37encryptionCOMMON

Download Yara Rule

APIs

CryptGetHashParam.ADVAPI32(?,00000002,00000000,?,00000000), ref: 6C45D067
CryptGetHashParam.ADVAPI32(00000020,00000002,?,00000020,00000000), ref: 6C45D080
CryptDestroyHash.ADVAPI32(00000020), ref: 6C45D08E
CryptReleaseContext.ADVAPI32(?,00000000), ref: 6C45D09B

Strings

, xrefs: 6C45D06D

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Crypt$Hash$Param$ContextDestroyRelease
String ID:
API String ID: 2110207923-3916222277
Opcode ID: 7e885de48d194edda202c4c0ac688ac636a62921dd1d0b1d25a01a0c5ad45856
Instruction ID: ddf0e47bac90b5e6f47e29dd091e23c730fd318cb4cd1c40924897a7be702569
Opcode Fuzzy Hash: 7e885de48d194edda202c4c0ac688ac636a62921dd1d0b1d25a01a0c5ad45856
Instruction Fuzzy Hash: 2EF09071500209FFEF30DF80CE89CAABBBDEF05749B908429F646A2510C7719E50DB50

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F31FB Relevance: 7.6, APIs: 5, Instructions: 88memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000007,?,00000000,6C3FBF12), ref: 6C3F3246
SetEntriesInAclW.ADVAPI32(00000001,?,00000000,?,?,00000007,?,00000000,6C3FBF12,?,00000000), ref: 6C3F327E
LocalAlloc.KERNEL32(00000040,00000014,?,00000007,?,00000000,6C3FBF12,?,00000000), ref: 6C3F328C
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000007,?,00000000,6C3FBF12,?,00000000), ref: 6C3F329C
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,00000007,?,00000000,6C3FBF12,?,00000000), ref: 6C3F32AE

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: DescriptorInitializeSecurity$AllocAllocateDaclEntriesLocal
String ID:
API String ID: 1469326821-0
Opcode ID: fccc880287845616df307bf9d317d962d76254f59055f617483dea9504745261
Instruction ID: 160b73d570b6aa107bd07f99be6699a71054cb8c832f8143e508c6bb9dda324e
Opcode Fuzzy Hash: fccc880287845616df307bf9d317d962d76254f59055f617483dea9504745261
Instruction Fuzzy Hash: C531F670601B11AFE7709F2AC848B43FBF8BF45754F104A1EE596C6AA0D7B2E045CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6C46E4D0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 450COMMONLIBRARYCODE

Download Yara Rule

Strings

~XHl, xrefs: 6C46E8F7, 6C46E735, 6C46E73D
~XHl, xrefs: 6C46E4EB, 6C46E674, 6C46E89D, 6C46E837, 6C46E6C3, 6C46E649

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: ~XHl$~XHl
API String ID: 0-4057192888
Opcode ID: 9f3ddfe32db0ceb49d31c68f4458acb65d6e2788ff2468c8e4915f42ec656399
Instruction ID: e2af16735fa39e9af8b611a49fd596554c07b86c94e1b483016c99f18cf1b99a
Opcode Fuzzy Hash: 9f3ddfe32db0ceb49d31c68f4458acb65d6e2788ff2468c8e4915f42ec656399
Instruction Fuzzy Hash: C1F14E71E016199FDB14CFAAC8D0E9EBBF1FF48314F258269D819ABB44D731A905CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6C433B06 Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6C433B12
IsDebuggerPresent.KERNEL32 ref: 6C433BDE
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6C433BFE
UnhandledExceptionFilter.KERNEL32(?), ref: 6C433C08

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 95691492f217b4ae210cdbc58f8662d4823dd89ac8e36478f27fe69bdf520cb1
Instruction ID: 73664dd1284d054884a43057ddef5192cc1def3e3b8761a49b6e47804f4d4c6f
Opcode Fuzzy Hash: 95691492f217b4ae210cdbc58f8662d4823dd89ac8e36478f27fe69bdf520cb1
Instruction Fuzzy Hash: FF312B75D4522C9BDF20DFA5D989BCDBBB8AF48304F10419AE40CA7250EB709A89DF45

Uniqueness

Uniqueness Score: -1.00%

Function 6C44CE90 Relevance: 4.5, APIs: 3, Instructions: 37encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000040), ref: 6C44CEA7
CryptGenRandom.ADVAPI32(?,?,?), ref: 6C44CEC0
CryptReleaseContext.ADVAPI32(?,00000000), ref: 6C44CED5

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Crypt$Context$AcquireRandomRelease
String ID:
API String ID: 1815803762-0
Opcode ID: a9d6d0d57964bca509405dff99c4e2fbaf26fd626d8d006453163224943bfc6f
Instruction ID: a21699bfdd11a87b3755302fd0b5d57b237981c083dcf9986ff364f0ed271108
Opcode Fuzzy Hash: a9d6d0d57964bca509405dff99c4e2fbaf26fd626d8d006453163224943bfc6f
Instruction Fuzzy Hash: 89F09472644119FBEB20EE8A8C0EF8B7B79EB82B51F348025FA01A2000D7708A04E760

Uniqueness

Uniqueness Score: -1.00%

Function 6C487217 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C47B16C: GetLastError.KERNEL32(00000006,00000000,0000000A,6C46898C,00000000,00000000,00000006,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B171
Part of subcall function 6C47B16C: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B20F

EnumSystemLocalesW.KERNEL32(6C48733D,00000001,00000000,?,-00000050,?,6C48796B,00000000,?,?,?,00000055,?), ref: 6C487289

Strings

kyHl, xrefs: 6C48725E

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID: kyHl
API String ID: 2417226690-3941012671
Opcode ID: 8ec3726a68a8123b3f25ad6022763bae9ab220f208a52d05336134e1f64aeff2
Instruction ID: 27fce648cf0dc0678a7a437e7d605db06549bc31163af2097f8e8fe8129fed9e
Opcode Fuzzy Hash: 8ec3726a68a8123b3f25ad6022763bae9ab220f208a52d05336134e1f64aeff2
Instruction Fuzzy Hash: 8E11C2362087059FDB18DF3988A1DAAB7A1FB80369B18452DFA8687B40D771A942C740

Uniqueness

Uniqueness Score: -1.00%

Function 6C43EFB1 Relevance: 3.0, APIs: 2, Instructions: 27networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,00000000), ref: 6C43EFBF
WSAGetLastError.WS2_32 ref: 6C43EFCC

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLastrecv
String ID:
API String ID: 2514157807-0
Opcode ID: 8599f411711810c91163633cfaa6954d224316b7318c184379a1486ba3ea7945
Instruction ID: 6b488a1a0797a6c15a6a9b580911952727f6fda56226d473d271a05c995642e4
Opcode Fuzzy Hash: 8599f411711810c91163633cfaa6954d224316b7318c184379a1486ba3ea7945
Instruction Fuzzy Hash: E3E09231348208AFEF29DF70EC45B6937B9FB85321F104559FE198A7E0CB719D509A51

Uniqueness

Uniqueness Score: -1.00%

Function 6C45D004 Relevance: 3.0, APIs: 2, Instructions: 22encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000018,F0000040,?,?,6C45D0B3,?), ref: 6C45D016
CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?,?,?,6C45D0B3,?), ref: 6C45D02D

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Crypt$AcquireContextCreateHash
String ID:
API String ID: 1914063823-0
Opcode ID: a24417159c2fd302bed96dbbcd70b03a1a6ae899eaf99bbda20d3b1a64055eb3
Instruction ID: 7d539ff9ad161538c5e7dd7149d841a813879f08730e083e79f0774c20e4c692
Opcode Fuzzy Hash: a24417159c2fd302bed96dbbcd70b03a1a6ae899eaf99bbda20d3b1a64055eb3
Instruction Fuzzy Hash: 52D017362051A0BAEA70AE17DC0CF8B3FBDEBC7F41F104029B744A2044CA209516CB74

Uniqueness

Uniqueness Score: -1.00%

Function 6C487590 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 6C47B16C: GetLastError.KERNEL32(00000006,00000000,0000000A,6C46898C,00000000,00000000,00000006,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B171
Part of subcall function 6C47B16C: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B20F

Part of subcall function 6C47B16C: _free.LIBCMT ref: 6C47B1CE
Part of subcall function 6C47B16C: _free.LIBCMT ref: 6C47B204

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6C4875E4

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast_free$InfoLocale
String ID:
API String ID: 2003897158-0
Opcode ID: 09b86410c1cd5241dcae37d2638e9e6f84a75c241899e6acf4ae9fb8c7665dfc
Instruction ID: 4e28ce449487ce3a6f7e4ea80b57e8703570eb8b93b439c4fbad9b243b9bf6ca
Opcode Fuzzy Hash: 09b86410c1cd5241dcae37d2638e9e6f84a75c241899e6acf4ae9fb8c7665dfc
Instruction Fuzzy Hash: 4321F83274A106ABEB18DA29CC51EAA37B8EF45329F14007EFD01D6A44EB34D804D794

Uniqueness

Uniqueness Score: -1.00%

Function 6C4877BC Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C47B16C: GetLastError.KERNEL32(00000006,00000000,0000000A,6C46898C,00000000,00000000,00000006,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B171
Part of subcall function 6C47B16C: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B20F

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,6C487559,00000000,00000000,?), ref: 6C4877E8

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: ece779bbe103dc5f4cb3ccee5bfd17baa222274f52d884bbaed1cc3cc9be1744
Instruction ID: 4b2e043a424755e69b947dac3315b6c733001bcca338c5e9b678f5f24c8fe50e
Opcode Fuzzy Hash: ece779bbe103dc5f4cb3ccee5bfd17baa222274f52d884bbaed1cc3cc9be1744
Instruction Fuzzy Hash: 51F0D632B161116BDB14DA258815EFA37A8EB40759F554828FE15A3A80DA30ED41C5E0

Uniqueness

Uniqueness Score: -1.00%

Function 6C487125 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 6C47B16C: GetLastError.KERNEL32(00000006,00000000,0000000A,6C46898C,00000000,00000000,00000006,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B171
Part of subcall function 6C47B16C: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B20F

Part of subcall function 6C47B16C: _free.LIBCMT ref: 6C47B1CE
Part of subcall function 6C47B16C: _free.LIBCMT ref: 6C47B204

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6C487179

Strings

YLlU, xrefs: 6C486F6C
8RLlE, xrefs: 6C486FA1
utf8, xrefs: 6C4870E8

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast_free$InfoLocale
String ID: 8RLlE$utf8$YLlU
API String ID: 2003897158-2283748238
Opcode ID: d8edf4c1c8c290d914bef57f74e5a778d6a338febdb61730eef34f6701fb1499
Instruction ID: 7319daa0b4e2d63d6973c9158c56c428a032ef68dc729db4ea9f1e61aa9102cf
Opcode Fuzzy Hash: d8edf4c1c8c290d914bef57f74e5a778d6a338febdb61730eef34f6701fb1499
Instruction Fuzzy Hash: 63F0A432715115ABD724EA38CC59DFA33A8DB86718F05017DE606D7B40DE74AD0597E0

Uniqueness

Uniqueness Score: -1.00%

Function 6C47D8C5 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C470F97: EnterCriticalSection.KERNEL32(13B17E7C,?,6C474876,00000000,6C4DBF48,0000000C,6C47483D,6C3E2DD3,?,6C478EF3,6C3E2DD3,?,6C47B30E,00000001,00000364,FFFFFFFF), ref: 6C470FA6

EnumSystemLocalesW.KERNEL32(6C47D8B8,00000001,6C4DC248,0000000C,6C47DD23,00000000), ref: 6C47D8FD

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 6cba542958077fd2ff58bd44ecf8bd8fb88ee6782f0c65f7360fdd14d8ddf16c
Instruction ID: c11880efccc4d72a8fb9b14661d7fa51326d653afc923c9f8dc9e88e55e920cf
Opcode Fuzzy Hash: 6cba542958077fd2ff58bd44ecf8bd8fb88ee6782f0c65f7360fdd14d8ddf16c
Instruction Fuzzy Hash: 92F04976A14214DFDB10EF98D841FDD7BF1EB8A724F10412AE411DB790CB7559048F90

Uniqueness

Uniqueness Score: -1.00%

Function 6C4871CC Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C47B16C: GetLastError.KERNEL32(00000006,00000000,0000000A,6C46898C,00000000,00000000,00000006,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B171
Part of subcall function 6C47B16C: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B20F

EnumSystemLocalesW.KERNEL32(6C487125,00000001,00000006,?,?,6C48798D,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 6C487203

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 6180475e283e2e6dbbeeeb8a62ea93514cfecbd068ea80a82536a104f3fd854d
Instruction ID: 728fe50eca85ee1f6df02a26228a3839f3775f6065bf277f46cdc9c0828d6c73
Opcode Fuzzy Hash: 6180475e283e2e6dbbeeeb8a62ea93514cfecbd068ea80a82536a104f3fd854d
Instruction Fuzzy Hash: 1CF0553670420457CB14DF36C868EAABFA1EFC2758B0A4058FA098BB40CA71D942C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6C47DE7E Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,6C47D310,?,20001004,00000000,00000002,?,?,6C47C91D), ref: 6C47DEB2

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 74ff2d54cb6ba7dfed367d9af98710ffacf304247a394635a285ecc1c100eaf5
Instruction ID: 976e71fc5d80f54f8d81927ad1e06ecad927a4b3490315e47993505f8dde1c11
Opcode Fuzzy Hash: 74ff2d54cb6ba7dfed367d9af98710ffacf304247a394635a285ecc1c100eaf5
Instruction Fuzzy Hash: CCE04F32541528BBCF32AF61DC08EEE3F3AEF95761F004015FD1565650CB328921AAE0

Uniqueness

Uniqueness Score: -1.00%

Function 6C491B8B Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

BCryptCloseAlgorithmProvider.BCRYPT(0099BB70,00000000), ref: 6C491B97

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AlgorithmCloseCryptProvider
String ID:
API String ID: 3378198380-0
Opcode ID: 3f45d4dfa4a8c7eb3c5eb64b0021719119a726a0f4d38fd2468256d214a5afa4
Instruction ID: 4e8cd72eaf956d47b660ce1b5192bd4f486a5804b84bc70e933fc6fb2d0fd4dc
Opcode Fuzzy Hash: 3f45d4dfa4a8c7eb3c5eb64b0021719119a726a0f4d38fd2468256d214a5afa4
Instruction Fuzzy Hash: D1B0122474132051FD68E5338C44F522B6C274A509F9044042A14D1A83DA68E0004050

Uniqueness

Uniqueness Score: -1.00%

Function 6C45D036 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON

Download Yara Rule

APIs

CryptHashData.ADVAPI32(?,?,?,00000000,6C45D0C8,?,?,00000000,?,?), ref: 6C45D047

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CryptDataHash
String ID:
API String ID: 4245837645-0
Opcode ID: 14031a71af21bcbd89b02ecc3e47599a2f059cf8fb40fbc3d8be7fc62bef3739
Instruction ID: 0cf548a193a6e6dfe4af675c62528e960d9080aecc72093972904267a8f7b141
Opcode Fuzzy Hash: 14031a71af21bcbd89b02ecc3e47599a2f059cf8fb40fbc3d8be7fc62bef3739
Instruction Fuzzy Hash: 9FC04832208341EFCF12DF80CE09F1ABBB2BB88700F088848B29445071C732D824EB02

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F555F Relevance: 1.3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

Strings

hXMV, xrefs: 6C3F5577

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: hXMV
API String ID: 0-2057747057
Opcode ID: 67593a9535b0a8fd5aaaf841a0740f933ed5871c41b2fe72853b3936ce6e95e8
Instruction ID: 5ad389eb192d57e48fd738de3fad3d2da78bed6bcd307962d357b47317f4a15b
Opcode Fuzzy Hash: 67593a9535b0a8fd5aaaf841a0740f933ed5871c41b2fe72853b3936ce6e95e8
Instruction Fuzzy Hash: BFF0A0B3D08609DFF704CB85D800BADB3B4EB80735F20492ED011A26D0D3395605CF20

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F5B7A Relevance: 38.9, APIs: 12, Strings: 10, Instructions: 423COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3F5B84
SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,WQL,00000460,6C3F7C62,?,?,00000010,1FFFFFFF), ref: 6C3F5BC4
SysFreeString.OLEAUT32(?), ref: 6C3F5BD4
GetVolumePathNameW.KERNEL32(?,?,00000104,?,?,00000010,1FFFFFFF,?,?,?,?,?,?,?,?,00000022), ref: 6C3F5C01
VariantClear.OLEAUT32(00000000), ref: 6C3F5D7B

Strings

"} WHERE AssocClass = Win32_DiskDriveToDiskPartition KEYSONLY, xrefs: 6C3F5D64
\, xrefs: 6C3F5C25
"} WHERE AssocClass = Win32_LogicalDiskToPartition KEYSONLY, xrefs: 6C3F5C75
Select Model, SerialNumber from Win32_DiskDrive WHERE DeviceID=", xrefs: 6C3F5E41
SerialNumber, xrefs: 6C3F5FC5
Model, xrefs: 6C3F5F10
ASSOCIATORS OF {Win32_LogicalDisk.DeviceID=", xrefs: 6C3F5C4D
DeviceID, xrefs: 6C3F5D14, 6C3F5E12
WQL, xrefs: 6C3F5BA2
ASSOCIATORS OF {Win32_DiskPartition.DeviceID=", xrefs: 6C3F5D43

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Path$ClearFolderFreeH_prolog3_NameStringVariantVolume
String ID: "} WHERE AssocClass = Win32_DiskDriveToDiskPartition KEYSONLY$"} WHERE AssocClass = Win32_LogicalDiskToPartition KEYSONLY$ASSOCIATORS OF {Win32_DiskPartition.DeviceID="$ASSOCIATORS OF {Win32_LogicalDisk.DeviceID="$DeviceID$Model$Select Model, SerialNumber from Win32_DiskDrive WHERE DeviceID="$SerialNumber$WQL$\
API String ID: 1504758213-738064816
Opcode ID: 46e18ec4ebc80832888d088620b4a038e98bbf054d5455b82769e416fe31d200
Instruction ID: eb1bdd35dc80b3007d046ebb8f0405c41530f66e907eefc26422547b1e976e16
Opcode Fuzzy Hash: 46e18ec4ebc80832888d088620b4a038e98bbf054d5455b82769e416fe31d200
Instruction Fuzzy Hash: 700282B0A012599BDF20DF60CC88FDDB778AF45308F1085D8E619EB681DB359A86CF55

Uniqueness

Uniqueness Score: -1.00%

Function 6C45A171 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291encryptionCOMMON

Download Yara Rule

APIs

CertOpenStore.CRYPT32(00000002,00000000,00000000,00002000,00000000), ref: 6C45A289
GetLastError.KERNEL32(?,00000100), ref: 6C45A2A3
CertCreateCertificateChainEngine.CRYPT32(?,?), ref: 6C45A324
GetLastError.KERNEL32(?,00000100), ref: 6C45A338
CertGetCertificateChain.CRYPT32(?,?,00000000,?,?,?,00000000,?), ref: 6C45A3CA
GetLastError.KERNEL32(?,00000100), ref: 6C45A3DE
CertFreeCertificateChainEngine.CRYPT32(00000000), ref: 6C45A4F1
CertCloseStore.CRYPT32(?,00000000), ref: 6C45A4FE
CertFreeCertificateChain.CRYPT32(00000000), ref: 6C45A50F
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C45A520

Strings

schannel: Failed to read remote certificate context: %s, xrefs: 6C45A4D1
schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN, xrefs: 6C45A45B
schannel: this version of Windows is too old to support certificate verification via CA bundle file., xrefs: 6C45A26B
0, xrefs: 6C45A30E
schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT, xrefs: 6C45A443
schannel: failed to create certificate store: %s, xrefs: 6C45A2B0
schannel: CertGetCertificateChain trust error CERT_TRUST_IS_NOT_TIME_VALID, xrefs: 6C45A44F
schannel: CertGetCertificateChain error mask: 0x%08x, xrefs: 6C45A46B
schannel: CertGetCertificateChain failed: %s, xrefs: 6C45A3EB
schannel: failed to create certificate chain engine: %s, xrefs: 6C45A345
schannel: CertGetCertificateChain trust error CERT_TRUST_IS_PARTIAL_CHAIN, xrefs: 6C45A437
schannel: CertGetCertificateChain trust error CERT_TRUST_IS_REVOKED, xrefs: 6C45A428

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Cert$Certificate$Chain$ErrorFreeLast$EngineStore$CloseContextCreateOpen
String ID: 0$schannel: CertGetCertificateChain error mask: 0x%08x$schannel: CertGetCertificateChain failed: %s$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_NOT_TIME_VALID$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_PARTIAL_CHAIN$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_REVOKED$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT$schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN$schannel: Failed to read remote certificate context: %s$schannel: failed to create certificate chain engine: %s$schannel: failed to create certificate store: %s$schannel: this version of Windows is too old to support certificate verification via CA bundle file.
API String ID: 713146188-2670036763
Opcode ID: 21f746474714170bb83b4e3ed7848193ee851902bd3da554f0d109ec7394ea11
Instruction ID: d94043ffa58a194a06ca1e2280fb827d27033229b6d0dbcb4a0362b9e8b2c374
Opcode Fuzzy Hash: 21f746474714170bb83b4e3ed7848193ee851902bd3da554f0d109ec7394ea11
Instruction Fuzzy Hash: 78B1EF71208300EFD720DE64CC49FA7B7F9AF8631AF90491DF5A986691E730D954CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C464255 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 339COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 6C464322
DName::operator+.LIBCMT ref: 6C46435F
DName::DName.LIBVCRUNTIME ref: 6C464373
DName::operator+.LIBCMT ref: 6C464382
DName::operator+.LIBCMT ref: 6C464410
DName::operator|=.LIBCMT ref: 6C46442C
DName::DName.LIBVCRUNTIME ref: 6C464438
DName::operator+.LIBCMT ref: 6C464446
DName::operator+.LIBCMT ref: 6C464480
DName::operator+.LIBCMT ref: 6C4644C1
UnDecorator::getReturnType.LIBCMT ref: 6C4644F1
operator+.LIBVCRUNTIME ref: 6C4645FE

Strings

j;NlQ;Nl, xrefs: 6C464258, 6C464285, 6C4642A5, 6C464333, 6C464393, 6C46439D, 6C4643B6

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Name::operator+$NameName::$Decorator::getName::operator|=ReturnTypeoperator+
String ID: j;NlQ;Nl
API String ID: 1186856153-2525777580
Opcode ID: edd9606dc46fd03dcc0280be825fa455a1f812d43c08b7f45b11bc1d03ead1b8
Instruction ID: 89258b8575e7363f8dd2f8c62d4da5cb509fa34247619978b043f8a696ec465d
Opcode Fuzzy Hash: edd9606dc46fd03dcc0280be825fa455a1f812d43c08b7f45b11bc1d03ead1b8
Instruction Fuzzy Hash: 3CC181B5D00208AFCF04DF99C4A1EEDBBB5AB09358F10515EE115A7F95DB30D649CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6C42B627 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 46COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C42B631

Strings

PaddingByte, xrefs: 6C42B856
Grouper, xrefs: 6C42B945
Separator, xrefs: 6C42B940, 6C42B95C
BaseN_Encoder, xrefs: 6C42B822, 6C42B839
Terminator, xrefs: 6C42B971
DecodingLookupArray, xrefs: 6C42B75C
Pad, xrefs: 6C42B866
Log2Base, xrefs: 6C42B773, 6C42B834
BaseN_Decoder, xrefs: 6C42B761, 6C42B778
BaseN_Encoder: Log2Base must be between 1 and 7 inclusive, xrefs: 6C42B8BB
BaseN_Decoder: Log2Base must be between 1 and 7 inclusive, xrefs: 6C42B7DC
: missing required parameter ', xrefs: 6C42B5D4, 6C42B664
EncodingLookupArray, xrefs: 6C42B81D
GroupSize, xrefs: 6C42B901

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: : missing required parameter '$BaseN_Decoder$BaseN_Decoder: Log2Base must be between 1 and 7 inclusive$BaseN_Encoder$BaseN_Encoder: Log2Base must be between 1 and 7 inclusive$DecodingLookupArray$EncodingLookupArray$GroupSize$Grouper$Log2Base$Pad$PaddingByte$Separator$Terminator
API String ID: 2427045233-4155197624
Opcode ID: a2e94c4efa93a089f91cc474d0366dfd6517ec0fb003e261baa534351adf1a6f
Instruction ID: ed97d631110a76aa5e4303ce5b171831f1b3c237c34b1787974922ed97d6d234
Opcode Fuzzy Hash: a2e94c4efa93a089f91cc474d0366dfd6517ec0fb003e261baa534351adf1a6f
Instruction Fuzzy Hash: 84019275800258BADF01DBA0CC44FDE7B7CAF5820CF104545F449B7B01CB35A6098BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C4656C4 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 6C46572F
DName::operator+.LIBCMT ref: 6C465865

Part of subcall function 6C461641: shared_ptr.LIBCMT ref: 6C46165D

DName::operator+.LIBCMT ref: 6C4658B1
DName::operator+.LIBCMT ref: 6C4658C0
DName::operator+.LIBCMT ref: 6C46581B

Part of subcall function 6C466F4B: DName::operator=.LIBVCRUNTIME ref: 6C466FDA

DName::operator+.LIBCMT ref: 6C4659ED
DName::operator=.LIBVCRUNTIME ref: 6C465A2D
DName::DName.LIBVCRUNTIME ref: 6C465A45
DName::operator+.LIBCMT ref: 6C465A54
DName::operator+.LIBCMT ref: 6C465A60

Part of subcall function 6C466F4B: Replicator::operator[].LIBVCRUNTIME ref: 6C466F88

Strings

j;NlQ;Nl, xrefs: 6C4656DC, 6C465760, 6C465771, 6C4657CA, 6C46583B, 6C465890, 6C4658DD, 6C46590E, 6C46591C, 6C465962, 6C4659BE, 6C465A08

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Name::operator+$Name::operator=$NameName::Replicator::operator[]shared_ptr
String ID: j;NlQ;Nl
API String ID: 1026175760-2525777580
Opcode ID: 4d2d19a769481076bf11654abeaec145de9328938bd4eba41cedd1a144081483
Instruction ID: 4f4354493ca890d1bdc17c5436885f39d424194df159af3ee84763aa3755344c
Opcode Fuzzy Hash: 4d2d19a769481076bf11654abeaec145de9328938bd4eba41cedd1a144081483
Instruction Fuzzy Hash: 9EC19171A042089FDF14CFA9C880FEEB7F9AB09309F14445EE546A7F86EB359649CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6C471503 Relevance: 22.9, APIs: 15, Instructions: 357COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6C471572
_free.LIBCMT ref: 6C471588
_free.LIBCMT ref: 6C47159B
_free.LIBCMT ref: 6C4715B0
_free.LIBCMT ref: 6C4715C5
GetCPInfo.KERNEL32(?,?), ref: 6C47160F

Part of subcall function 6C48087D: _free.LIBCMT ref: 6C4808E8

_free.LIBCMT ref: 6C47187A
_free.LIBCMT ref: 6C47188D
_free.LIBCMT ref: 6C47189B
_free.LIBCMT ref: 6C4718A6
_free.LIBCMT ref: 6C4718E8
_free.LIBCMT ref: 6C4718F0
_free.LIBCMT ref: 6C4718F6
_free.LIBCMT ref: 6C4718FE
_free.LIBCMT ref: 6C47190C

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: b779acd89bb6c1bf17988d960bfb1d3b4a5f7dfb28f3f11a900c50e311c4414a
Instruction ID: 5b3a8595cdfdce1f88f78c0ec849f27dfc2b92bd39f95ce580e135ab63880d72
Opcode Fuzzy Hash: b779acd89bb6c1bf17988d960bfb1d3b4a5f7dfb28f3f11a900c50e311c4414a
Instruction Fuzzy Hash: E5D17A71E012059FDB21DFA8C890FEABBF5BF08305F144169E499A7781D775E849CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C462B3C Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 330COMMONLIBRARYCODE

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 6C462BAB
shared_ptr.LIBCMT ref: 6C462BF3
shared_ptr.LIBCMT ref: 6C462C12
shared_ptr.LIBCMT ref: 6C462D29
DName::operator+.LIBCMT ref: 6C462D69
operator+.LIBVCRUNTIME ref: 6C462DE2
DName::operator=.LIBVCRUNTIME ref: 6C462DFA
shared_ptr.LIBCMT ref: 6C462EDF
shared_ptr.LIBCMT ref: 6C462F1D
operator+.LIBVCRUNTIME ref: 6C462FD0

Strings

j;NlQ;Nl, xrefs: 6C462B3F, 6C462B61, 6C462C53, 6C462CBE, 6C462DEF, 6C462F9E
double, xrefs: 6C462C07, 6C462C1A, 6C462E7F, 6C462EA1

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: shared_ptr$operator+$Name::operator+Name::operator=
String ID: double$j;NlQ;Nl
API String ID: 1464150960-3889802265
Opcode ID: 87c7b03d69b424d1bcce4e717cf61acc1d6f065dda3c4a3da04dae53e656f1cf
Instruction ID: 41cb5a56e13278d74a1e7f9ecad1c9060e4d3c2366c646a2595b6c426ed7da20
Opcode Fuzzy Hash: 87c7b03d69b424d1bcce4e717cf61acc1d6f065dda3c4a3da04dae53e656f1cf
Instruction Fuzzy Hash: 6BD16EB6C0520AAECB14CF9AC589FEEBB74AF05308F10815AD521B7F58DB349606CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E59F3 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 280COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6C3E59FD

Part of subcall function 6C3F121D: __EH_prolog3_catch_GS.LIBCMT ref: 6C3F1227

Part of subcall function 6C3E57D4: __EH_prolog3_GS_align.LIBCMT ref: 6C3E57E0

Strings

rsp, xrefs: 6C3E5BCA
deactivation, xrefs: 6C3E5D3C
$, xrefs: 6C3E5E37
ret, xrefs: 6C3E5D70
&pv_id=, xrefs: 6C3E5AB1
stat, xrefs: 6C3E5C01
code, xrefs: 6C3E5C8D
#, xrefs: 6C3E5B26
err, xrefs: 6C3E5C59
fail, xrefs: 6C3E5C41
method=limelm.activation.deactivate&ablock=, xrefs: 6C3E5A83

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_catch_$H_prolog3_S_align
String ID: #$$$&pv_id=$code$deactivation$err$fail$method=limelm.activation.deactivate&ablock=$ret$rsp$stat
API String ID: 681511622-3673989637
Opcode ID: 941bb680ecd16fdc8b41271aa1148f3df676579b4b033855d8e60cbdeaa3ffa0
Instruction ID: 13132390509031822a3bf9309bdc63969c2f1216c08f50559856c812b6933807
Opcode Fuzzy Hash: 941bb680ecd16fdc8b41271aa1148f3df676579b4b033855d8e60cbdeaa3ffa0
Instruction Fuzzy Hash: 2EB16771C0426CAEDB10EFA4C995FDDBBB8AB09308F50449BD119B7A50DB315B89CF62

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F6CD7 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 238COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3F6CDE

Part of subcall function 6C3F564A: SysAllocString.OLEAUT32(00000000), ref: 6C3F5661

SysFreeString.OLEAUT32(00000000), ref: 6C3F6D5B
SysFreeString.OLEAUT32(00000000), ref: 6C3F6F60

Strings

FALSE, xrefs: 6C3F6D02
PermanentAddress, xrefs: 6C3F6E7B
SELECT DeviceID, PermanentAddress FROM MSFT_NetAdapter WHERE (Virtual = , xrefs: 6C3F6CF2
DeviceID, xrefs: 6C3F6DAB
TRUE, xrefs: 6C3F6D09, 6C3F6D14
OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%") AND (InterfaceType = 6 OR InterfaceType = 71) AND NOT NdisPhysicalM, xrefs: 6C3F6D1A
WQL, xrefs: 6C3F6D36

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: String$Free$AllocH_prolog3_
String ID: OR PNPDeviceID LIKE "XEN%\\%" OR PNPDeviceID LIKE "VMBUS\\%") AND (InterfaceType = 6 OR InterfaceType = 71) AND NOT NdisPhysicalM$DeviceID$FALSE$PermanentAddress$SELECT DeviceID, PermanentAddress FROM MSFT_NetAdapter WHERE (Virtual = $TRUE$WQL
API String ID: 3315771951-3087152901
Opcode ID: 0cbf694387e951c3270970ceca85cb972513d44d9191a7321b6f8622db49a64b
Instruction ID: cfab6efd83a75300be44486cb91b9d0c4aacc9edd6bfce6596752c311cb95129
Opcode Fuzzy Hash: 0cbf694387e951c3270970ceca85cb972513d44d9191a7321b6f8622db49a64b
Instruction Fuzzy Hash: E491AE71A11349EFDF10CFA4C884EEEBBB4AF55308F14886DE461EB691D731990ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 6C42E282 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 106COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C42E289

Part of subcall function 6C3E34D1: __EH_prolog3.LIBCMT ref: 6C3E34D8

Part of subcall function 6C42BEA0: __EH_prolog3.LIBCMT ref: 6C42BEA7

Part of subcall function 6C42E104: __EH_prolog3.LIBCMT ref: 6C42E10B

Part of subcall function 6C3F057F: __EH_prolog3_GS.LIBCMT ref: 6C3F0586

Part of subcall function 6C3EDCEE: __EH_prolog3_GS.LIBCMT ref: 6C3EDCF5

Strings

8pIl, xrefs: 6C42E2A5
Terminator, xrefs: 6C42E36B
InsertLineBreaks, xrefs: 6C42E297
(DIl, xrefs: 6C42E3AA
PaddingByte, xrefs: 6C42E32E
MaxLineLength, xrefs: 6C42E2B0
VIl, xrefs: 6C42E39B, 6C42E3A0
Log2Base, xrefs: 6C42E37D
EncodingLookupArray, xrefs: 6C42E316
GroupSize, xrefs: 6C42E347
Separator, xrefs: 6C42E359

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: (DIl$8pIl$EncodingLookupArray$GroupSize$InsertLineBreaks$Log2Base$MaxLineLength$PaddingByte$Separator$Terminator$VIl
API String ID: 4240126716-2892921949
Opcode ID: 2e409f686697738ba3c18dfa5ae897ba7e2f6363a58e6024d5b7300e019558ac
Instruction ID: aa08cdf19c490d23c08f03388188d4d98f72df18f2e0aff449d76a96d3d0f579
Opcode Fuzzy Hash: 2e409f686697738ba3c18dfa5ae897ba7e2f6363a58e6024d5b7300e019558ac
Instruction Fuzzy Hash: AA41C3B1A00278ABDF04CBA0C855FFEBBB4AF18354F04455DE555AB780DB749E08CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C4328AE Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C4E7ADC,00000FA0,?,?,6C43288C), ref: 6C4328BA
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,6C43288C), ref: 6C4328C5
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,6C43288C), ref: 6C4328D6
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 6C4328E8
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 6C4328F6
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,6C43288C), ref: 6C432919
DeleteCriticalSection.KERNEL32(6C4E7ADC,00000007,?,?,6C43288C), ref: 6C432935
CloseHandle.KERNEL32(?,?,?,6C43288C), ref: 6C432945

Strings

WakeAllConditionVariable, xrefs: 6C4328EE
kernel32.dll, xrefs: 6C4328D1
SleepConditionVariableCS, xrefs: 6C4328E2
api-ms-win-core-synch-l1-2-0.dll, xrefs: 6C4328C0

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2565136772-3242537097
Opcode ID: ef24409b5f71e1081a35aa0daec16a08fc9e21783551d8a2baa631af1992df26
Instruction ID: d50df9cea38f5a9bc76e101c44bf440daf8db3f58ca4a4eebd49f0349469deb6
Opcode Fuzzy Hash: ef24409b5f71e1081a35aa0daec16a08fc9e21783551d8a2baa631af1992df26
Instruction Fuzzy Hash: B3015271B056316BDE30FF768C0DE563B78EB9A6267114414FE19E2A42DE60C90086A1

Uniqueness

Uniqueness Score: -1.00%

Function 6C4841B6 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 6C4841FA

Part of subcall function 6C485B30: _free.LIBCMT ref: 6C485B4D
Part of subcall function 6C485B30: _free.LIBCMT ref: 6C485B5F
Part of subcall function 6C485B30: _free.LIBCMT ref: 6C485B71
Part of subcall function 6C485B30: _free.LIBCMT ref: 6C485B83
Part of subcall function 6C485B30: _free.LIBCMT ref: 6C485B95
Part of subcall function 6C485B30: _free.LIBCMT ref: 6C485BA7
Part of subcall function 6C485B30: _free.LIBCMT ref: 6C485BB9
Part of subcall function 6C485B30: _free.LIBCMT ref: 6C485BCB
Part of subcall function 6C485B30: _free.LIBCMT ref: 6C485BDD
Part of subcall function 6C485B30: _free.LIBCMT ref: 6C485BEF
Part of subcall function 6C485B30: _free.LIBCMT ref: 6C485C01
Part of subcall function 6C485B30: _free.LIBCMT ref: 6C485C13
Part of subcall function 6C485B30: _free.LIBCMT ref: 6C485C25

_free.LIBCMT ref: 6C4841EF

Part of subcall function 6C47A768: HeapFree.KERNEL32(00000000,00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000), ref: 6C47A77E
Part of subcall function 6C47A768: GetLastError.KERNEL32(00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000,00000000), ref: 6C47A790

_free.LIBCMT ref: 6C484211
_free.LIBCMT ref: 6C484226
_free.LIBCMT ref: 6C484231
_free.LIBCMT ref: 6C484253
_free.LIBCMT ref: 6C484266
_free.LIBCMT ref: 6C484274
_free.LIBCMT ref: 6C48427F
_free.LIBCMT ref: 6C4842B7
_free.LIBCMT ref: 6C4842BE
_free.LIBCMT ref: 6C4842DB
_free.LIBCMT ref: 6C4842F3

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: f3bf350a3ae1c7165b7a7ed3e7d34a9396890e091b312ae3234a1473787e1aa6
Instruction ID: ef12d43389b2951acf81425fea498b1b1f5f670026116d7a242ddbaee0c6bdf5
Opcode Fuzzy Hash: f3bf350a3ae1c7165b7a7ed3e7d34a9396890e091b312ae3234a1473787e1aa6
Instruction Fuzzy Hash: 1F318D31A0A300DFEB20EA79D950F9AB3FCAF0139AF64652DE055D6B50DB34E884C760

Uniqueness

Uniqueness Score: -1.00%

Function 6C485C2E Relevance: 18.4, APIs: 12, Instructions: 373COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6C485C76
_free.LIBCMT ref: 6C485C9A
_free.LIBCMT ref: 6C485CA7
_free.LIBCMT ref: 6C485CCC
_free.LIBCMT ref: 6C485CD9
_free.LIBCMT ref: 6C485CE2
_free.LIBCMT ref: 6C485FBC
_free.LIBCMT ref: 6C485FC4

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 71214c0496030dc74753500b5d6845871cef569483820ffbb82d93f52444198d
Instruction ID: c4948c71da2e9a89796f33f5db30708ba195f9ae56c60698fadf71949ae5f8ef
Opcode Fuzzy Hash: 71214c0496030dc74753500b5d6845871cef569483820ffbb82d93f52444198d
Instruction Fuzzy Hash: A4C142B2D41214ABEB20DBA8CD81FDE77F8AF08705F540159FA05EB785EB70D9458BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C450328 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 390COMMON

Download Yara Rule

Strings

file, xrefs: 6C4504FE
%s://%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s, xrefs: 6C45073E
%%25%s], xrefs: 6C45062E
VIl, xrefs: 6C450729
file://%s%s%s, xrefs: 6C45052A
https, xrefs: 6C45055F, 6C450568
%ld, xrefs: 6C450402, 6C450587

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: VIl$%%25%s]$%ld$%s://%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$file$file://%s%s%s$https
API String ID: 0-2300113248
Opcode ID: 9eba1d01c39142c5cf0b47c88f65d12c956444a5d89b6a2ab7efb258de929f9e
Instruction ID: 89368a01386cb4cca3e188cbfe3d22e130d79bc89b06e26add5a5a6f9339fdfe
Opcode Fuzzy Hash: 9eba1d01c39142c5cf0b47c88f65d12c956444a5d89b6a2ab7efb258de929f9e
Instruction Fuzzy Hash: B9D1E179609385AFD720CE29C840F17BBE4AF8675DF94091DF89587B40E371E825CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6C4661A5 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 295COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 6C46627A
UnDecorator::getSignedDimension.LIBCMT ref: 6C466285
DName::DName.LIBVCRUNTIME ref: 6C466296
UnDecorator::getSignedDimension.LIBCMT ref: 6C4663A2
UnDecorator::getSignedDimension.LIBCMT ref: 6C4663BF
UnDecorator::getSignedDimension.LIBCMT ref: 6C4663DC
UnDecorator::getSignedDimension.LIBCMT ref: 6C466418
DName::operator+.LIBCMT ref: 6C466511

Part of subcall function 6C4625A9: DName::DName.LIBVCRUNTIME ref: 6C4625BE

DName::operator+.LIBCMT ref: 6C46651C

Strings

j;NlQ;Nl, xrefs: 6C4661B5, 6C4661C6, 6C46623D, 6C466291

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Decorator::getDimensionSigned$Name::operator+$NameName::
String ID: j;NlQ;Nl
API String ID: 3679549980-2525777580
Opcode ID: beb73e8a15571d71ca9ec5a795383e5993792da92c0b8fc5935ab7e17777706c
Instruction ID: 95e2d816599b80fdfeb6f4758a2791a195869b49ba2d21831ca6665faf999392
Opcode Fuzzy Hash: beb73e8a15571d71ca9ec5a795383e5993792da92c0b8fc5935ab7e17777706c
Instruction Fuzzy Hash: 2191C6719452069ACB00DFB6C995FFEBB78AB06319F20012DD111E2F8CDB35D609C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 6C44ED4E Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 244encryptionCOMMON

Download Yara Rule

APIs

CertFreeCertificateContext.CRYPT32(?), ref: 6C44F023

Strings

http, xrefs: 6C44EE9F
schannel: failed to setup sequence detection, xrefs: 6C44EDDE
schannel: failed to setup replay detection, xrefs: 6C44EDF5
schannel: failed to setup stream orientation, xrefs: 6C44EE40
schannel: failed to retrieve ALPN result, xrefs: 6C44EE86
schannel: failed to setup confidentiality, xrefs: 6C44EE0C
/1.1, xrefs: 6C44EEA8
schannel: failed to setup memory allocation, xrefs: 6C44EE26
schannel: failed to retrieve remote cert context, xrefs: 6C44F040

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CertCertificateContextFree
String ID: /1.1$http$schannel: failed to retrieve ALPN result$schannel: failed to retrieve remote cert context$schannel: failed to setup confidentiality$schannel: failed to setup memory allocation$schannel: failed to setup replay detection$schannel: failed to setup sequence detection$schannel: failed to setup stream orientation
API String ID: 3080675121-158868958
Opcode ID: 24ebb873c7099b346d72703b139dca3bdce005ab225ec4a289c0af6187a4e75e
Instruction ID: 08ccb57eb0ba238e8da73788a4ed5f2368ca4713ef96dd3c780e0751fca82791
Opcode Fuzzy Hash: 24ebb873c7099b346d72703b139dca3bdce005ab225ec4a289c0af6187a4e75e
Instruction Fuzzy Hash: 2F91E031109741AFE710CE15C885F9AB7E4FF8932AF30890DF59886A91DB31A949CBD6

Uniqueness

Uniqueness Score: -1.00%

Function 6C444F0C Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 235COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 6C444F9C
___from_strstr_to_strchr.LIBCMT ref: 6C444FAE

Strings

Content-Type:, xrefs: 6C44507E, 6C44509F
Cookie:, xrefs: 6C445130
%s, xrefs: 6C44516F
Authorization:, xrefs: 6C44511C
Connection:, xrefs: 6C4450E3
Host:, xrefs: 6C44505D
Content-Length:, xrefs: 6C4450C3
Transfer-Encoding:, xrefs: 6C445108

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: %s$Authorization:$Connection:$Content-Length:$Content-Type:$Cookie:$Host:$Transfer-Encoding:
API String ID: 601868998-2985882615
Opcode ID: e73d1bbed8d98f830082abb76d9749a2f8a8767420392419bcccd4e00ccd12e8
Instruction ID: c9cde48119c7ba50c58aeacccb8fe5b149466dbcd55fb0e7e2e176ff5d32fce2
Opcode Fuzzy Hash: e73d1bbed8d98f830082abb76d9749a2f8a8767420392419bcccd4e00ccd12e8
Instruction Fuzzy Hash: 1171F670A09382ABFB21CE298840F5B7BF4DF8134EF34866DE89996B81E731D504C752

Uniqueness

Uniqueness Score: -1.00%

Function 6C44D68A Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 140COMMON

Download Yara Rule

APIs

_wcschr.LIBVCRUNTIME ref: 6C44D697
_wcschr.LIBVCRUNTIME ref: 6C44D7B2

Strings

LocalMachine, xrefs: 6C44D6D1
CurrentUserGroupPolicy, xrefs: 6C44D753
CurrentUser, xrefs: 6C44D6AF
LocalMachineEnterprise, xrefs: 6C44D791
Users, xrefs: 6C44D734
CurrentService, xrefs: 6C44D6F3
Services, xrefs: 6C44D715
LocalMachineGroupPolicy, xrefs: 6C44D772

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _wcschr
String ID: CurrentService$CurrentUser$CurrentUserGroupPolicy$LocalMachine$LocalMachineEnterprise$LocalMachineGroupPolicy$Services$Users
API String ID: 2691759472-3209074899
Opcode ID: 54966282bd6a15f7929e6a3d46ee2a03b9ce09333edabc9337c305b1d2506e5c
Instruction ID: 08108bb361ba82227d5342238c89d0217d6dde638e2cb038623edd4bd4bb64e0
Opcode Fuzzy Hash: 54966282bd6a15f7929e6a3d46ee2a03b9ce09333edabc9337c305b1d2506e5c
Instruction Fuzzy Hash: 9F41D576D082129BE322DE15DC80F6B7BE8EF96369F158828FC0497B00E774944686F2

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E504A Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6C3E5054

Part of subcall function 6C3F121D: __EH_prolog3_catch_GS.LIBCMT ref: 6C3F1227

Strings

exp, xrefs: 6C3E4E42
avm, xrefs: 6C3E4E8C
Response, xrefs: 6C3E50C2
exdata, xrefs: 6C3E4F2A
feats, xrefs: 6C3E4E68
data, xrefs: 6C3E4E2E
genuine, xrefs: 6C3E4E05, 6C3E4E18
jab, xrefs: 6C3E4EF6
activation, xrefs: 6C3E4DF7

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_catch_
String ID: Response$activation$avm$data$exdata$exp$feats$genuine$jab
API String ID: 1329019490-252001470
Opcode ID: 86d1c9dcf6e08a73af067f0484d6bfd791d503bb9d6402d17032efc61b96ce01
Instruction ID: 6b6f8aace23cc4b786dd11c07118ed888062dfc6e1fa7f0b5bd804854fc2d782
Opcode Fuzzy Hash: 86d1c9dcf6e08a73af067f0484d6bfd791d503bb9d6402d17032efc61b96ce01
Instruction Fuzzy Hash: 15114275D002589ADB20CB55CC81FDE7B78AB58348F0089ABE50777640DB705A89CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C460545 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 6C460642
___TypeMatch.LIBVCRUNTIME ref: 6C460773
CatchIt.LIBVCRUNTIME ref: 6C4607C4
IsInExceptionSpec.LIBVCRUNTIME ref: 6C460845
_UnwindNestedFrames.LIBCMT ref: 6C4608C9
CallUnexpected.LIBVCRUNTIME ref: 6C4608E4

Strings

csm, xrefs: 6C46069B
csm, xrefs: 6C460582
csm, xrefs: 6C4605EF

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwind
String ID: csm$csm$csm
API String ID: 2378971308-393685449
Opcode ID: 853c80ceff433293d9edb33f78611d571cb597d343cd0168e27ae44539096123
Instruction ID: c4b2545dade9548348975dad92c40173f8cc0244f08b84364bef2e3cbe15e164
Opcode Fuzzy Hash: 853c80ceff433293d9edb33f78611d571cb597d343cd0168e27ae44539096123
Instruction Fuzzy Hash: 1EB16471801289EFCF04CFA6C880D9EBBB5EF0431AB14425AE8116BF09D775DA55CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 6C466F4B Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 180COMMONLIBRARYCODE

Download Yara Rule

APIs

Replicator::operator[].LIBVCRUNTIME ref: 6C466F88
DName::operator=.LIBVCRUNTIME ref: 6C466FDA

Strings

j;NlQ;Nl, xrefs: 6C466F60, 6C466F82, 6C466FAC, 6C466FBA, 6C466FCB, 6C46703D, 6C4670FB, 6C467105
generic-type-, xrefs: 6C467013
template-parameter-, xrefs: 6C466FEC

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Name::operator=Replicator::operator[]
String ID: generic-type-$j;NlQ;Nl$template-parameter-
API String ID: 3211817929-1437206786
Opcode ID: 4c39eacb98ba880fcf6b048c7cd88ea59d5af7698a5a437333a548627fcd7fa2
Instruction ID: fbf84ac18ddf6aea5a49062cdd2991b275253e033995501464b8a0ae7d630ca2
Opcode Fuzzy Hash: 4c39eacb98ba880fcf6b048c7cd88ea59d5af7698a5a437333a548627fcd7fa2
Instruction Fuzzy Hash: FF61B171D042099FCF04DFAAC851FEEBBB8AB09304F11401ED551A7F85DB349A49CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3FDC82 Relevance: 15.2, APIs: 10, Instructions: 160COMMON

Download Yara Rule

APIs

WinHttpGetIEProxyConfigForCurrentUser.WINHTTP(?,?,?,?,00000000), ref: 6C3FDCE5
GlobalFree.KERNEL32(?), ref: 6C3FDDD6
GlobalFree.KERNEL32(?), ref: 6C3FDDE1
GlobalFree.KERNEL32(?), ref: 6C3FDDED
GlobalFree.KERNEL32(?), ref: 6C3FDDF8
GlobalFree.KERNEL32(?), ref: 6C3FDE04

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: FreeGlobal$ConfigCurrentHttpProxyUser
String ID:
API String ID: 3941548018-0
Opcode ID: c653a4e99f851b7c6fc26ad9ff92d920ca556e54d0a5a2d4f580510a39437ebd
Instruction ID: 05cff5972b77043a88a20d3570c6a2beaa8c604f908a76891f00fe6fca062d85
Opcode Fuzzy Hash: c653a4e99f851b7c6fc26ad9ff92d920ca556e54d0a5a2d4f580510a39437ebd
Instruction Fuzzy Hash: 2C519DB1209305AFE714EF29C84892BB7F9FF99648B114D2DF5A5D3610DB31E8068F62

Uniqueness

Uniqueness Score: -1.00%

Function 6C47B028 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6C47B03E

Part of subcall function 6C47A768: HeapFree.KERNEL32(00000000,00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000), ref: 6C47A77E
Part of subcall function 6C47A768: GetLastError.KERNEL32(00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000,00000000), ref: 6C47A790

_free.LIBCMT ref: 6C47B04A
_free.LIBCMT ref: 6C47B055
_free.LIBCMT ref: 6C47B060
_free.LIBCMT ref: 6C47B06B
_free.LIBCMT ref: 6C47B076
_free.LIBCMT ref: 6C47B081
_free.LIBCMT ref: 6C47B08C
_free.LIBCMT ref: 6C47B097
_free.LIBCMT ref: 6C47B0A5

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 014c01ff0ad40affa1412a4ed3ba98ac18b80688c147cba6c6e2bd6d88be4719
Instruction ID: 1167d43c809377b48aa965a3604a8da02a0ac951fd6819aad640a6815f9c73e0
Opcode Fuzzy Hash: 014c01ff0ad40affa1412a4ed3ba98ac18b80688c147cba6c6e2bd6d88be4719
Instruction Fuzzy Hash: BF21CB7A900208EFCB11EF94C940DDE7BF9BF08645F44516AF515AB621EB35DA48CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6C46FE47 Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 496COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 6C470224

Strings

f, xrefs: 6C46FF32
:, xrefs: 6C46FF09
p, xrefs: 6C46FF9B
p, xrefs: 6C46FF55
f, xrefs: 6C46FF4E
p, xrefs: 6C46FF39
f, xrefs: 6C46FF94

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: __aulldvrm
String ID: :$f$f$f$p$p$p
API String ID: 1302938615-1434680307
Opcode ID: d7617a95ef95273675babb54a9996f7ff7c87d82bfd2498a6b23da885754df9c
Instruction ID: a216f10f700fb108999f7ce8ed42f45109ec0ddaa33caccac35a2c1d61c10819
Opcode Fuzzy Hash: d7617a95ef95273675babb54a9996f7ff7c87d82bfd2498a6b23da885754df9c
Instruction Fuzzy Hash: FC02A275A03298CBEB31CFA5D488EDDB7B2FB40B58F644256D014B7A84D7324D888B72

Uniqueness

Uniqueness Score: -1.00%

Function 6C4091F7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 250timeCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C4091FE
CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 6C4092AE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4092DC

Part of subcall function 6C40913F: TlsGetValue.KERNEL32(FFFFFFFF,6C40923A,00000048,6C409516,00000000,000000FF,0000000C,6C3F2886,?,9634BA50,?,?,1A85EC53), ref: 6C40914D

WaitForMultipleObjectsEx.KERNEL32(00000000,?,00000000,?,00000000,00000048,6C409516,00000000,000000FF,0000000C,6C3F2886,?,9634BA50,?,?,1A85EC53), ref: 6C4093AC
CloseHandle.KERNEL32(00000000,00000048,6C409516,00000000,000000FF,0000000C,6C3F2886,?,9634BA50,?,?,1A85EC53), ref: 6C409464

Part of subcall function 6C4099A2: Sleep.KERNEL32(00000000,6C4093DF,?,00000048,6C409516,00000000,000000FF,0000000C,6C3F2886,?,9634BA50,?), ref: 6C4099B1

CloseHandle.KERNEL32(00000000,?,1A85EC53), ref: 6C409483
ResetEvent.KERNEL32(00000000,?,1A85EC53), ref: 6C40949B

Part of subcall function 6C409739: QueryPerformanceFrequency.KERNEL32(?,00000000,9634BA50,?,?,1A85EC53), ref: 6C409744

Part of subcall function 6C409110: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C409139

Strings

, xrefs: 6C4092C2

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CloseHandleUnothrow_t@std@@@__ehfuncinfo$??2@$CreateEventFrequencyH_prolog3_MultipleObjectsPerformanceQueryResetSleepTimerValueWaitWaitable
String ID:
API String ID: 2922591083-3916222277
Opcode ID: 523869b46fb672966449235c0723743e5064d20d12443035a1bd21c66965d775
Instruction ID: 2ce410bb204b3d4979d84ee2ed4f564ad9d1bf1f8d0d61ef439030ca79b8f3b4
Opcode Fuzzy Hash: 523869b46fb672966449235c0723743e5064d20d12443035a1bd21c66965d775
Instruction Fuzzy Hash: 32918075E452089FDB04CFA4C884DEDBBB5AF5D324F24822EE821A7B90DB319945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 6C4628E4 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 151COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 6C462972
DName::operator+.LIBCMT ref: 6C4629C5

Part of subcall function 6C461641: shared_ptr.LIBCMT ref: 6C46165D

Part of subcall function 6C46156C: DName::operator+.LIBCMT ref: 6C46158D

DName::operator+.LIBCMT ref: 6C4629B6
DName::operator+.LIBCMT ref: 6C462A16
DName::operator+.LIBCMT ref: 6C462A23
DName::operator+.LIBCMT ref: 6C462A6A
DName::operator+.LIBCMT ref: 6C462A77

Strings

j;NlQ;Nl, xrefs: 6C4628E7, 6C462947

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Name::operator+$shared_ptr
String ID: j;NlQ;Nl
API String ID: 1037112749-2525777580
Opcode ID: da8d8754d7579759df680e34027d3a522639cecd9050d6d5439e41a658ee6404
Instruction ID: 9fe41e0adbf5d1ab1d11177f2b7500ea6f7b042e017c4dce23e1f512f41bd9b3
Opcode Fuzzy Hash: da8d8754d7579759df680e34027d3a522639cecd9050d6d5439e41a658ee6404
Instruction Fuzzy Hash: 625162B1A00219BFCF15CB95C855EEEBBB8AB48714F04415EE506A7B84EF70D648CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6C463B2E Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 6C463B56
DName::DName.LIBVCRUNTIME ref: 6C463B83

Part of subcall function 6C4613B1: __aulldvrm.LIBCMT ref: 6C4613E2

DName::operator+.LIBCMT ref: 6C463B9E
DName::DName.LIBVCRUNTIME ref: 6C463BBB
DName::DName.LIBVCRUNTIME ref: 6C463BEB
DName::DName.LIBVCRUNTIME ref: 6C463BF5
DName::DName.LIBVCRUNTIME ref: 6C463C1C

Strings

j;NlQ;Nl, xrefs: 6C463B31, 6C463B45, 6C463B79, 6C463BB1, 6C463BD5, 6C463C0D

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: NameName::$Name::operator+__aulldvrm
String ID: j;NlQ;Nl
API String ID: 4069495278-2525777580
Opcode ID: a88a8e6739535b544b48e7bc6ddd8bf71eeebcd96b8ab426b3dcc7448ff5149a
Instruction ID: 4fd5a12db8ff1ead3598dac0cca36ec0f1e73d5826927c142f5ce3f7a50321fc
Opcode Fuzzy Hash: a88a8e6739535b544b48e7bc6ddd8bf71eeebcd96b8ab426b3dcc7448ff5149a
Instruction Fuzzy Hash: 0E3192729481849ADF08DFBAC890FED7BB5BF0A718F04414DE452A7E8ADB31964AC750

Uniqueness

Uniqueness Score: -1.00%

Function 6C451DF9 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,?,6C43F189,00000000,?,00000100), ref: 6C451DFC
_strncpy.LIBCMT ref: 6C451E43
_strrchr.LIBCMT ref: 6C451E7B
_strrchr.LIBCMT ref: 6C451E95
GetLastError.KERNEL32(6C43F189,00000000,?,00000100), ref: 6C451EC0
SetLastError.KERNEL32(00000000), ref: 6C451ECB

Strings

Unknown error %d (%#x), xrefs: 6C451E65

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast$_strrchr$_strncpy
String ID: Unknown error %d (%#x)
API String ID: 1320708361-2414550090
Opcode ID: bc2747a8c09b7d91e978fbf34e10b54dd41b76a24365d74af6704beddacd48de
Instruction ID: 202124e733e85a9d26bb7ca6baf3a9e1316e515c08124cb77fc168effa02044c
Opcode Fuzzy Hash: bc2747a8c09b7d91e978fbf34e10b54dd41b76a24365d74af6704beddacd48de
Instruction Fuzzy Hash: 6621F1613086429EEB02EE269C44FAF7BA8DFA225DF21045EE44197F51EB60CC5482F2

Uniqueness

Uniqueness Score: -1.00%

Function 6C483606 Relevance: 13.7, APIs: 9, Instructions: 208COMMON

Download Yara Rule

APIs

_wcschr.LIBVCRUNTIME ref: 6C483630
_free.LIBCMT ref: 6C483713

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free_wcschr
String ID:
API String ID: 3422831350-0
Opcode ID: 27fed7ab220e5315aa185a25f0a7bf42d53ef90364e0d7554951645528c22710
Instruction ID: 593a120a7031e229e6c1c10612b30e6a6fc3dfba9483efe53af2f950d22580bf
Opcode Fuzzy Hash: 27fed7ab220e5315aa185a25f0a7bf42d53ef90364e0d7554951645528c22710
Instruction Fuzzy Hash: 6D5116B1E023019BDB20EFA9C880F9E77F4AF05719F55456EE910E7B80E731D5048BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C48604D Relevance: 13.7, APIs: 9, Instructions: 199COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6C4860BB
_free.LIBCMT ref: 6C4860C7
_free.LIBCMT ref: 6C4861F0
_free.LIBCMT ref: 6C4861FB

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 1c6545dd3c35e55a85425d5c62c7090959eb8791fb8e46acfb4fe560cd7c79bc
Instruction ID: 3af9657ce330da2977d86f877b49124a868e4924702f623dd635511df2051988
Opcode Fuzzy Hash: 1c6545dd3c35e55a85425d5c62c7090959eb8791fb8e46acfb4fe560cd7c79bc
Instruction Fuzzy Hash: 6F610F71912700AFEB20EF68C880FDAB7F8AF05715F14415AE955EB781EB30E940CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C406FD8 Relevance: 13.6, APIs: 9, Instructions: 139threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C407000
GetCurrentThreadId.KERNEL32 ref: 6C40701D
GetCurrentThreadId.KERNEL32 ref: 6C407032
_xtime_get.LIBCPMT ref: 6C4070B8
GetCurrentThreadId.KERNEL32 ref: 6C4070E2
__Xtime_diff_to_millis2.LIBCPMT ref: 6C4070FE
_xtime_get.LIBCPMT ref: 6C407121
GetCurrentThreadId.KERNEL32 ref: 6C40712B
GetCurrentThreadId.KERNEL32 ref: 6C407162

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CurrentThread$_xtime_get$Xtime_diff_to_millis2
String ID:
API String ID: 3943753294-0
Opcode ID: 5e878222b53d93d9162934e2c59692f9bd6198f226e1b940b4a99bd6d2ac0d99
Instruction ID: d316fa271d95afc7344cfc61806e289b873b039d83d3ca1c711ba7a1099f3498
Opcode Fuzzy Hash: 5e878222b53d93d9162934e2c59692f9bd6198f226e1b940b4a99bd6d2ac0d99
Instruction Fuzzy Hash: 48519E70B88215CFCF10EF64C584DAA77B4FF09315B244669E815ABB86DB30ED41CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6C3FF0E3 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3FF0EA

Strings

exp, xrefs: 6C3FF12E
avm, xrefs: 6C3FF154
exdata, xrefs: 6C3FF18B
data, xrefs: 6C3FF11A
user_ts, xrefs: 6C3FF202
veritrial, xrefs: 6C3FF0FE

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: avm$data$exdata$exp$user_ts$veritrial
API String ID: 2427045233-2543966825
Opcode ID: 016a9e7f94c7bb6095c17ad322f67bcb615d96bc379534e83f3966e436c05968
Instruction ID: d7b0b657879f49239649a3595c81fde80e1a65c0291e8980b350e7e8cb270663
Opcode Fuzzy Hash: 016a9e7f94c7bb6095c17ad322f67bcb615d96bc379534e83f3966e436c05968
Instruction Fuzzy Hash: 75514975C0029DAECF10DFE0C980EEEBBB5AF58308F14482AD56177A50DB755A4ACFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C41FF1F Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 149COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C41FF29
__EH_prolog3_GS.LIBCMT ref: 6C420090

Strings

StreamTransformationFilter: ONE_AND_ZEROS_PADDING cannot be used with , xrefs: 6C41FFF5
BlockPaddingScheme, xrefs: 6C41FF56
StreamTransformationFilter: PKCS_PADDING cannot be used with , xrefs: 6C42005F
StreamTransformationFilter: W3C_PADDING cannot be used with , xrefs: 6C41FFBC
FilterWithBufferedInput, xrefs: 6C4200BC

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: BlockPaddingScheme$FilterWithBufferedInput$StreamTransformationFilter: ONE_AND_ZEROS_PADDING cannot be used with $StreamTransformationFilter: PKCS_PADDING cannot be used with $StreamTransformationFilter: W3C_PADDING cannot be used with
API String ID: 2427045233-2286867357
Opcode ID: 6bc54b63ad9212aa8c442768cfc52124f71eb2df8b246770db59a84debb6442d
Instruction ID: 6d0f48dd6ace91640ddb68984539f7e50ee08e7e955bc868d28c061be0cd699f
Opcode Fuzzy Hash: 6bc54b63ad9212aa8c442768cfc52124f71eb2df8b246770db59a84debb6442d
Instruction Fuzzy Hash: D751EE71900258EFEB00DFA4CC44FDEBBB4BF09308F104199E449ABA90CB75AA49CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F1B24 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 133COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3F1B2E
VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832,?), ref: 6C3F1B9B
VerifyVersionInfoW.KERNEL32(0000011C,00000002,00000000), ref: 6C3F1BAC
CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,000000FF,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832,?), ref: 6C3F1BF2
GetLastError.KERNEL32(?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832,?), ref: 6C3F1BFF

Strings

iocp, xrefs: 6C3F1C8D
$8Il, xrefs: 6C3F1C08, 6C3F1C0D

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CompletionConditionCreateErrorH_prolog3_InfoLastMaskPortVerifyVersion
String ID: $8Il$iocp
API String ID: 1253481005-4004021322
Opcode ID: e9e97139cd4fe11822ea033568000e1819ed35b0e792da59692fbcee17328d75
Instruction ID: 5111fe5b555edd6209d8208403c05e8baf5a15ef97ed1bd88f6a7aa23397a56b
Opcode Fuzzy Hash: e9e97139cd4fe11822ea033568000e1819ed35b0e792da59692fbcee17328d75
Instruction Fuzzy Hash: 1751CFB0900350AFDB20DF6AD885B9ABBF4AF95714F10419EE9189B291CB74C945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6C466DF5 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 6C466E39
DName::operator+.LIBCMT ref: 6C466E45

Part of subcall function 6C461641: shared_ptr.LIBCMT ref: 6C46165D

DName::operator+=.LIBCMT ref: 6C466F05

Part of subcall function 6C4656C4: DName::operator+.LIBCMT ref: 6C46572F
Part of subcall function 6C4656C4: DName::operator+.LIBCMT ref: 6C4659ED

Part of subcall function 6C46156C: DName::operator+.LIBCMT ref: 6C46158D

DName::operator+.LIBCMT ref: 6C466EC0

Part of subcall function 6C461699: DName::operator=.LIBVCRUNTIME ref: 6C4616BA

DName::DName.LIBVCRUNTIME ref: 6C466F29
DName::operator+.LIBCMT ref: 6C466F35

Strings

j;NlQ;Nl, xrefs: 6C466E18, 6C466E5E, 6C466E88, 6C466ECD, 6C466ED8, 6C466F13, 6C466F1E

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator+=Name::operator=shared_ptr
String ID: j;NlQ;Nl
API String ID: 2795783184-2525777580
Opcode ID: 4f91a8a0c3dee93965b2077cc6bfba145fd68dbbd9f752fe4830165cd408e2fa
Instruction ID: 1156ff85ab7cf10f36114e447db458ab6b5e35e12b4cbf68c7c12a86b648dfc4
Opcode Fuzzy Hash: 4f91a8a0c3dee93965b2077cc6bfba145fd68dbbd9f752fe4830165cd408e2fa
Instruction Fuzzy Hash: 364192B0A04248AFDB14DFA9C490FDEBBF9AB0A308F44445DE196D7F89DB349944CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6C465A76 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 95COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C466F4B: Replicator::operator[].LIBVCRUNTIME ref: 6C466F88

DName::operator=.LIBVCRUNTIME ref: 6C465B1C

Part of subcall function 6C4656C4: DName::operator+.LIBCMT ref: 6C46572F
Part of subcall function 6C4656C4: DName::operator+.LIBCMT ref: 6C4659ED

DName::operator+.LIBCMT ref: 6C465AD7
DName::operator+.LIBCMT ref: 6C465AE3
DName::DName.LIBVCRUNTIME ref: 6C465B30
DName::operator+.LIBCMT ref: 6C465B3F
DName::operator+.LIBCMT ref: 6C465B4B

Strings

j;NlQ;Nl, xrefs: 6C465AA6, 6C465AF2, 6C465AFF

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]
String ID: j;NlQ;Nl
API String ID: 955152517-2525777580
Opcode ID: 0a9cc14050dbbbde2c6c9321fbb669a879ed98a9ff40819f84f01f7661dafb97
Instruction ID: 8b08485fc0ed33fe164b0c7016d8c4c956f599f6ce68ee014757f518179cc7de
Opcode Fuzzy Hash: 0a9cc14050dbbbde2c6c9321fbb669a879ed98a9ff40819f84f01f7661dafb97
Instruction Fuzzy Hash: 7931A2B1A043049FCB18CFAAC490EEABBF9AF59708F00445EE587A7F55DB319548CB64

Uniqueness

Uniqueness Score: -1.00%

Function 6C439539 Relevance: 12.1, APIs: 8, Instructions: 78networkCOMMON

Download Yara Rule

APIs

__fprintf_l.LIBCMT ref: 6C439561

Part of subcall function 6C44C651: getaddrinfo.WS2_32(?,?,?,?), ref: 6C44C673
Part of subcall function 6C44C651: freeaddrinfo.WS2_32(?), ref: 6C44C77B

WSAGetLastError.WS2_32 ref: 6C43958A
WSAGetLastError.WS2_32 ref: 6C439590
EnterCriticalSection.KERNEL32(?), ref: 6C4395A1
LeaveCriticalSection.KERNEL32(?), ref: 6C4395AF
send.WS2_32(000000FF,?), ref: 6C4395DD
WSAGetLastError.WS2_32 ref: 6C4395E7
LeaveCriticalSection.KERNEL32(?), ref: 6C4395F5

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalErrorLastSection$Leave$Enter__fprintf_lfreeaddrinfogetaddrinfosend
String ID:
API String ID: 3536314493-0
Opcode ID: 176306f736046c60a2ff2e371832d7abe073eacd4688ddb0c1167e6a55c9cb96
Instruction ID: 4a4bd5a510730ce8f15e2f4df56b3ad07598a0cbcb6e31e5d449c10860ff3b11
Opcode Fuzzy Hash: 176306f736046c60a2ff2e371832d7abe073eacd4688ddb0c1167e6a55c9cb96
Instruction Fuzzy Hash: 13219F721007119FE720EF26CC49E5BB7F8FF99315F10492DE99A82650EF32E5588BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C47CF4E Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 255COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C47B16C: GetLastError.KERNEL32(00000006,00000000,0000000A,6C46898C,00000000,00000000,00000006,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B171
Part of subcall function 6C47B16C: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B20F

_free.LIBCMT ref: 6C47D239
_free.LIBCMT ref: 6C47D252
_free.LIBCMT ref: 6C47D290
_free.LIBCMT ref: 6C47D299
_free.LIBCMT ref: 6C47D2A5

Strings

C, xrefs: 6C47D0AA

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$ErrorLast
String ID: C
API String ID: 3291180501-1037565863
Opcode ID: 34bf0537aff0c936b2362018fd0409907979f48f43ae0d9691e907bdc8cac907
Instruction ID: 85f190bccd9e17fe36a58e45b1ef7df3fc50e1c8277b0a7004c9b650a5bd0e67
Opcode Fuzzy Hash: 34bf0537aff0c936b2362018fd0409907979f48f43ae0d9691e907bdc8cac907
Instruction Fuzzy Hash: 80B13875A112199BDB24DF28C888EDDB3B4FF49309F5045AED809A7750D730AE91CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C4483A7 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 236COMMON

Download Yara Rule

APIs

__fprintf_l.LIBCMT ref: 6C4485D8

Strings

Read callback asked for PAUSE when not supported!, xrefs: 6C448534
operation aborted by trailing headers callback, xrefs: 6C4484D2
read function returned funny value, xrefs: 6C448571
operation aborted by callback, xrefs: 6C4484BD
%zx%s, xrefs: 6C4485C8

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: __fprintf_l
String ID: %zx%s$Read callback asked for PAUSE when not supported!$operation aborted by callback$operation aborted by trailing headers callback$read function returned funny value
API String ID: 3906573944-3409421463
Opcode ID: c7d3badc93b3668b5f868b39da10167bae9cb47037277aae6722370b530e5ec9
Instruction ID: c6a5a374b0e4f8562b25559595851a24b5d4b9c5ef04a97b8344d45d6fb2932a
Opcode Fuzzy Hash: c7d3badc93b3668b5f868b39da10167bae9cb47037277aae6722370b530e5ec9
Instruction Fuzzy Hash: E981F8314083009FFB11CF25C885FDA7BE4EB89319F28456EEC489E685DB769849CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C44FC6A Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 152COMMON

Download Yara Rule

APIs

__fprintf_l.LIBCMT ref: 6C44FD81
__fprintf_l.LIBCMT ref: 6C44FDA5
__fprintf_l.LIBCMT ref: 6C44FDBF

Strings

%c%c%c=, xrefs: 6C44FD9D
%c%c==, xrefs: 6C44FDB7
%c%c%c%c, xrefs: 6C44FD79

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: __fprintf_l
String ID: %c%c%c%c$%c%c%c=$%c%c==
API String ID: 3906573944-3943651191
Opcode ID: 82d3ed3d007d2e0642e3a687199752014e0a324b996d450e7a2da973bd907ec9
Instruction ID: ea67fe3836d7543e40aed734934df5fc69fc63ee194f11659faea3e540169e2d
Opcode Fuzzy Hash: 82d3ed3d007d2e0642e3a687199752014e0a324b996d450e7a2da973bd907ec9
Instruction Fuzzy Hash: C041196140D7D15FF311CE388850F6BBFE4EB4A315F244A9DF8E1D7642D619C60687A1

Uniqueness

Uniqueness Score: -1.00%

Function 6C45DAD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 6C45DB07
___except_validate_context_record.LIBVCRUNTIME ref: 6C45DB0F
_ValidateLocalCookies.LIBCMT ref: 6C45DB98
__IsNonwritableInCurrentImage.LIBCMT ref: 6C45DBC3
_ValidateLocalCookies.LIBCMT ref: 6C45DC18

Strings

csm, xrefs: 6C45DBAD

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: a02329a680137a6ea55d5ba66dd97a817cc2355e76933fe0efd097fd478fee46
Instruction ID: c3fdc62793cb17f237d0c0f30517b9e6a983d40e96881f63e705d15c12789e02
Opcode Fuzzy Hash: a02329a680137a6ea55d5ba66dd97a817cc2355e76933fe0efd097fd478fee46
Instruction Fuzzy Hash: FB41D134E012099BCF00DF69C980E9E7FB5EF45328F548199E8189BB95D731EA25CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E7084 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 114registrytimeCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,00000000,00020019,?,00000002,00000000,00000000,00000000,?,?,00000000,00000000,6C3EFB7D,000000FC,000000FC), ref: 6C3E70B3
RegQueryValueExW.ADVAPI32(?,ShutdownTime,00000000,00000000,?,00000000), ref: 6C3E70E8
FileTimeToSystemTime.KERNEL32(?,?), ref: 6C3E70FA

Part of subcall function 6C46A5B4: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,6C3FC297,00000000,00000000,?,?,00000000,?,?,?,00000000,?,00000000), ref: 6C46A5C7
Part of subcall function 6C46A5B4: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C46A5F8

RegCloseKey.ADVAPI32(?), ref: 6C3E7164

Strings

ShutdownTime, xrefs: 6C3E70E0
System\CurrentControlSet\Control\Windows, xrefs: 6C3E70A3

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Time$FileSystem$CloseOpenQueryUnothrow_t@std@@@Value__ehfuncinfo$??2@
String ID: ShutdownTime$System\CurrentControlSet\Control\Windows
API String ID: 3100410667-4198653432
Opcode ID: ea06582fb585368e3b0df4e0ad99e87b9e528127426b9a09be7cf6ac031d0a85
Instruction ID: 2acf8c83ffd159bec7d9d0190b3ae22b5cb4f98dee28f0f5c134a0cf74c55649
Opcode Fuzzy Hash: ea06582fb585368e3b0df4e0ad99e87b9e528127426b9a09be7cf6ac031d0a85
Instruction Fuzzy Hash: B1419171E0032CAFDF20DFA5C845BEE7BB9EF0A304F14001AE910E6641EB359949DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6C440CDE Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 111COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 6C440D90

Strings

Digest, xrefs: 6C440CE7
%.*s, xrefs: 6C440D9F
Proxy-, xrefs: 6C440E01, 6C440E09
%sAuthorization: Digest %s, xrefs: 6C440E0A
n, xrefs: 6C440D31

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: %.*s$%sAuthorization: Digest %s$Digest$Proxy-$n
API String ID: 601868998-4248446944
Opcode ID: 2e98f3d8d924abae8ec67ea41fbfacef93e6e72e9620bd51bddfe70d2e2c4bfc
Instruction ID: aab4ee5bb4c8db6f80ae4486fe6822328f531af4a375f6aad729a1c36e1c08a1
Opcode Fuzzy Hash: 2e98f3d8d924abae8ec67ea41fbfacef93e6e72e9620bd51bddfe70d2e2c4bfc
Instruction Fuzzy Hash: 7A41C371A08745AFE700DF28C800E5BBBE4EF89308F60096DF48497341EB31E968CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F6171 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 107registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020119,?,?,00000000,00000000), ref: 6C3F61B6
RegQueryValueExW.ADVAPI32(?,PnpInstanceID,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6C3F61DB
RegQueryValueExW.ADVAPI32(?,PnpInstanceID,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6C3F621D
RegCloseKey.ADVAPI32(?,?,?,00000000,00000000), ref: 6C3F6234

Strings

PnpInstanceID, xrefs: 6C3F61D1, 6C3F61D6, 6C3F6218
SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%s\Connection, xrefs: 6C3F6193

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: QueryValue$CloseOpen
String ID: PnpInstanceID$SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%s\Connection
API String ID: 1586453840-3921133955
Opcode ID: 2009e7e2e98f0230facc7efc56af3c1ff7f952a81b0926e71867d13f1da4130b
Instruction ID: adb4c3f9977f96e9e44fbead7e88f3ba0a68a5f9ac304cfc809fd8461292ca3c
Opcode Fuzzy Hash: 2009e7e2e98f0230facc7efc56af3c1ff7f952a81b0926e71867d13f1da4130b
Instruction Fuzzy Hash: 8431CF72104215AFD728DE25DC85DFB73FCEF49348F048A2DF959C6540EB229D068AA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C47DA8E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

ext-ms-, xrefs: 6C47DAF9
api-ms-, xrefs: 6C47DAE5

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: f04fe359646cf9a873baf81839a060eff45d2b604499831e5a2ed3d41fec32b8
Instruction ID: e245c89fc5e9cd582a1f1ce214378008cee6b1940f00aed83cd7a7c577ec88d3
Opcode Fuzzy Hash: f04fe359646cf9a873baf81839a060eff45d2b604499831e5a2ed3d41fec32b8
Instruction Fuzzy Hash: B2210832B56221ABCB31CE658C44F8A3B68EF467A9F210610EC15A7B80D730E901C5F1

Uniqueness

Uniqueness Score: -1.00%

Function 6C48650F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C48625B: _free.LIBCMT ref: 6C486280

_free.LIBCMT ref: 6C48655D

Part of subcall function 6C47A768: HeapFree.KERNEL32(00000000,00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000), ref: 6C47A77E
Part of subcall function 6C47A768: GetLastError.KERNEL32(00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000,00000000), ref: 6C47A790

_free.LIBCMT ref: 6C486568
_free.LIBCMT ref: 6C486573
_free.LIBCMT ref: 6C4865C7
_free.LIBCMT ref: 6C4865D2
_free.LIBCMT ref: 6C4865DD
_free.LIBCMT ref: 6C4865E8

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 80dcd65657719537ad1fb46a5a0d9fd5db74bb28997df363f943005b6895872d
Instruction ID: f57d2c210d795c7488bf0703b2b6f3e1eba5f24964e56318a2a6047dc8fd6618
Opcode Fuzzy Hash: 80dcd65657719537ad1fb46a5a0d9fd5db74bb28997df363f943005b6895872d
Instruction Fuzzy Hash: 3C118471951B04E6D5B0FB70CC49FDB77EE6F84706F44081CA299A6A90DB24F5088690

Uniqueness

Uniqueness Score: -1.00%

Function 6C440F9F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 57networklibraryloaderCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 6C440FC4
WSACleanup.WS2_32 ref: 6C440FE4
GetProcAddress.KERNEL32(00000000,if_nametoindex), ref: 6C44100F
QueryPerformanceFrequency.KERNEL32(6C4E8968), ref: 6C441044

Strings

iphlpapi.dll, xrefs: 6C440FF5
if_nametoindex, xrefs: 6C441009

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AddressCleanupFrequencyPerformanceProcQueryStartup
String ID: if_nametoindex$iphlpapi.dll
API String ID: 1406996172-3097795196
Opcode ID: 9303f982ced346c846b558b89e55af2dceec98448ec0c58554f96776e3a34577
Instruction ID: 7acb76b10776a7ad2f3e2ca73d132568900e4f6415783def426eebb9f40c7ab5
Opcode Fuzzy Hash: 9303f982ced346c846b558b89e55af2dceec98448ec0c58554f96776e3a34577
Instruction Fuzzy Hash: F6110630B043449BFB20EB788D5AF5937B4DB0A309FA04469E905E6A82EB70C911C691

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EBE3D Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3EBE44
std::_Lockit::_Lockit.LIBCPMT ref: 6C3EBE51

Part of subcall function 6C3E1E9E: std::_Lockit::_Lockit.LIBCPMT ref: 6C3E1EBA
Part of subcall function 6C3E1E9E: std::_Lockit::~_Lockit.LIBCPMT ref: 6C3E1ED6

std::_Facet_Register.LIBCPMT ref: 6C3EBE9F
std::_Lockit::~_Lockit.LIBCPMT ref: 6C3EBEB5
Concurrency::cancel_current_task.LIBCPMT ref: 6C3EBEC2

Strings

PgNl, xrefs: 6C3EBE5A

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_Register
String ID: PgNl
API String ID: 3498242614-2368684771
Opcode ID: 0b20f14ff7e16a8ab5f500ec1491d95d3493ee4358563076abef406ad8746d22
Instruction ID: 88d4842e8690afe9ec1a7d23d24bba560e4c78ea4fbe19ddb4aeead46833baa4
Opcode Fuzzy Hash: 0b20f14ff7e16a8ab5f500ec1491d95d3493ee4358563076abef406ad8746d22
Instruction Fuzzy Hash: 2501F531A012258BCB01DB64C440FEE77B5AFC872CF20054AE955ABB80CB34CE498BD2

Uniqueness

Uniqueness Score: -1.00%

Function 6C413567 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C41356E

Part of subcall function 6C40E125: __EH_prolog3.LIBCMT ref: 6C40E12C

Part of subcall function 6C40DDDF: __EH_prolog3.LIBCMT ref: 6C40DDE6

Part of subcall function 6C40DE52: __EH_prolog3.LIBCMT ref: 6C40DE59

Strings

Min, xrefs: 6C41357D
Max, xrefs: 6C413599
RandomNumberType, xrefs: 6C4135AC
Mod, xrefs: 6C4135D6
EquivalentTo, xrefs: 6C4135C2

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: EquivalentTo$Max$Min$Mod$RandomNumberType
API String ID: 431132790-3534478594
Opcode ID: 910c0445901c51f2b365c8f7cf6accc6d462a784dc9111744e6602268c3a44b7
Instruction ID: 3201dc9df8be10f62d545604deb563562abfdfa44e005feeaf4363e1235fea2f
Opcode Fuzzy Hash: 910c0445901c51f2b365c8f7cf6accc6d462a784dc9111744e6602268c3a44b7
Instruction Fuzzy Hash: 2A01B5B56001A87EEF0ADB70C865EFE3B959F44248F04445CB8661BBA1DB249D1CDBB0

Uniqueness

Uniqueness Score: -1.00%

Function 6C451D81 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,6C45A14C,?,?,00000100,?,rcmd), ref: 6C451D84
_strncpy.LIBCMT ref: 6C451DC0
GetLastError.KERNEL32(00000100,?,rcmd), ref: 6C451DE1
SetLastError.KERNEL32(00000000), ref: 6C451DEC

Strings

Error, xrefs: 6C451DB2, 6C451DBB
No error, xrefs: 6C451DA8

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast$_strncpy
String ID: Error$No error
API String ID: 3397631897-894398594
Opcode ID: 66528d57db5b524df3e021f45473bb098955bde9147a4f601b47fdbccfa61a80
Instruction ID: 40794ebdafabd6b7728fe31998ec94adb5d6bc96b9ba630f6ac54c2f2ccb629d
Opcode Fuzzy Hash: 66528d57db5b524df3e021f45473bb098955bde9147a4f601b47fdbccfa61a80
Instruction Fuzzy Hash: D601A2B4604316AFC701EF65D409E5ABBB8EF9225AF01042EE411C7F11EB70D85886F2

Uniqueness

Uniqueness Score: -1.00%

Function 6C451ED9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000,?,6C45A3EA,00000000), ref: 6C451EDC
_strncpy.LIBCMT ref: 6C451F18
GetLastError.KERNEL32 ref: 6C451F39
SetLastError.KERNEL32(00000000), ref: 6C451F44

Strings

Error, xrefs: 6C451F00
No error, xrefs: 6C451F0A, 6C451F13

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast$_strncpy
String ID: Error$No error
API String ID: 3397631897-894398594
Opcode ID: 055c517c442cb80e4875b79fcd2de03b5f0586156bc710092e4ca8755a2b2723
Instruction ID: d9d4f3be688d581008dda62f33ab097266eae4df0a03c0f24009ac56e15f64d5
Opcode Fuzzy Hash: 055c517c442cb80e4875b79fcd2de03b5f0586156bc710092e4ca8755a2b2723
Instruction Fuzzy Hash: 5001A2B5204316EFC301EF69D408E5ABBB8EFA225AF010469E451C7F11EB71D85486B2

Uniqueness

Uniqueness Score: -1.00%

Function 6C479D21 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(00000000,00000000,?), ref: 6C479D69
__fassign.LIBCMT ref: 6C479F4E
__fassign.LIBCMT ref: 6C479F6B
WriteFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C479FB3
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6C479FF3
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C47A09B

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: 267a73a5978936175a102d89eef880f169070cef428de8c280d34dd84a9dcdb3
Instruction ID: ac15559fc370612abea42340651506690f087fbd248724b15252012493f55453
Opcode Fuzzy Hash: 267a73a5978936175a102d89eef880f169070cef428de8c280d34dd84a9dcdb3
Instruction Fuzzy Hash: E1C19E75D012988FCF21CFA8C884DEDBBB5AF09314F28416AE855B7741D7329946CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C478FF4 Relevance: 9.3, APIs: 6, Instructions: 264COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C47917C
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C479198
__allrem.LIBCMT ref: 6C4791AF
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4791CD
__allrem.LIBCMT ref: 6C4791E4
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C479202

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: b373f589be5bc6dbce8ebe9e11362efe6a7a8c701dad155c810c0b83a26beaf4
Instruction ID: a39f6df29e6434cc6b83396fb81798241950cd1f79b15ab4295b06ea7bf9572c
Opcode Fuzzy Hash: b373f589be5bc6dbce8ebe9e11362efe6a7a8c701dad155c810c0b83a26beaf4
Instruction Fuzzy Hash: F581D271A017069BE730DE69CC40FDAB3B9AF51368F24462DE511E7B90E776D90887A0

Uniqueness

Uniqueness Score: -1.00%

Function 6C44A3C0 Relevance: 9.3, APIs: 6, Instructions: 257COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C44A435
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C44A449
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C44A49F
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C44A4CA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C44A52D
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C44A6AB

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 885266447-0
Opcode ID: 76b17f00a888fbab5e3550b0a3983c379dfb7f8c02c281b129ea10211a84dfb2
Instruction ID: fc6684bd9b5829024148a14118e72ff0d96c5088bd5d7dc673f1c7e004b0183a
Opcode Fuzzy Hash: 76b17f00a888fbab5e3550b0a3983c379dfb7f8c02c281b129ea10211a84dfb2
Instruction Fuzzy Hash: EC91AD719087108BE711DE298884FAB77E5EF89724F24867DEC4C9F701DB74A8058BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C47515B Relevance: 9.2, APIs: 6, Instructions: 221COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6C4751EB
_free.LIBCMT ref: 6C475206
_free.LIBCMT ref: 6C475211
_free.LIBCMT ref: 6C47531E

Part of subcall function 6C478EC0: RtlAllocateHeap.NTDLL(00000008,6C3E2DD3,00000000,?,6C47B30E,00000001,00000364,FFFFFFFF,000000FF,?,6C45D730,7FFFFFC6,7FFFFFC0,7FFFFFC0), ref: 6C478F01

_free.LIBCMT ref: 6C4752F3

Part of subcall function 6C47A768: HeapFree.KERNEL32(00000000,00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000), ref: 6C47A77E
Part of subcall function 6C47A768: GetLastError.KERNEL32(00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000,00000000), ref: 6C47A790

_free.LIBCMT ref: 6C475314

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$Heap$AllocateErrorFreeLast
String ID:
API String ID: 4150789928-0
Opcode ID: ac849dd02413efd32639604387616eccf3978339a2a8152788d0a068d7f3f7b8
Instruction ID: 7663f0467bf472cc13ec52e4b00f3f53bd5cedf568d113fefa2651b0bf89384a
Opcode Fuzzy Hash: ac849dd02413efd32639604387616eccf3978339a2a8152788d0a068d7f3f7b8
Instruction Fuzzy Hash: C8516936A042056BDB24DB689850FEA77B9DF85719B24015DE940EFB40EB31D906C6B0

Uniqueness

Uniqueness Score: -1.00%

Function 6C45005B Relevance: 9.2, APIs: 6, Instructions: 177COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 6C4500A8
_strrchr.LIBCMT ref: 6C4500BD
___from_strstr_to_strchr.LIBCMT ref: 6C4500CD
_strrchr.LIBCMT ref: 6C450113
___from_strstr_to_strchr.LIBCMT ref: 6C45013E
___from_strstr_to_strchr.LIBCMT ref: 6C45014A

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ___from_strstr_to_strchr$_strrchr
String ID:
API String ID: 531880317-0
Opcode ID: c938420adb56bf72317b966f7316bf301e339bd3c05ddcdd4ad19f8011f0cfca
Instruction ID: d64eb396da36c9ee29c3adda893183d43847b2c0e0c18e3057621b03b947c131
Opcode Fuzzy Hash: c938420adb56bf72317b966f7316bf301e339bd3c05ddcdd4ad19f8011f0cfca
Instruction Fuzzy Hash: 99516C2A40E3C35FE722CE249814F577BE49F0221DFA4026DE89157F82E766C429C397

Uniqueness

Uniqueness Score: -1.00%

Function 6C4083D4 Relevance: 9.2, APIs: 6, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 6C40841D
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 6C408488
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C4084A5
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 6C4084E4
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6C408543
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6C408566

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 1a5da746d48e1cb3dcf8a0c6bd381e0ab0109e52a289b5bbc2e971dfa0ca0e72
Instruction ID: 246c217419c8c41c5f71cf2599ab216a0ba5ebc27c9580920df1c4acf16889f6
Opcode Fuzzy Hash: 1a5da746d48e1cb3dcf8a0c6bd381e0ab0109e52a289b5bbc2e971dfa0ca0e72
Instruction Fuzzy Hash: BA51CE7274021AAFEF10CF64CD45FAA3BB9EB45769F20453AFD14A6650EB30C915CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C472A0E Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 375COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 6C472B94
__freea.LIBCMT ref: 6C472BB0

Strings

Q/Gl, xrefs: 6C472E1F
a/p, xrefs: 6C472C78
am/pm, xrefs: 6C472C14

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: __freea
String ID: Q/Gl$a/p$am/pm
API String ID: 240046367-4263137853
Opcode ID: 0d2f1aec8d99c0b32709515ef2a845a9b72b10d0f062f8a999c4e4adc34012d2
Instruction ID: c54c78d1eb4751efbcbd619fc8dfbc2225dbee98c26a8bfec3ea7a2bc9fcb079
Opcode Fuzzy Hash: 0d2f1aec8d99c0b32709515ef2a845a9b72b10d0f062f8a999c4e4adc34012d2
Instruction Fuzzy Hash: CEC1CC31901216DBDB30CF68C988FEABBB1FF16709F244159E810ABB50DB359942CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 6C452581 Relevance: 9.1, APIs: 6, Instructions: 106COMMON

Download Yara Rule

APIs

VerSetConditionMask.KERNEL32(00000000,00000000,00000002,?,?,?,?,1A85EC53), ref: 6C452641
VerSetConditionMask.KERNEL32(00000000,?,00000001,?,?,?,1A85EC53), ref: 6C452649
VerSetConditionMask.KERNEL32(00000000,?,00000020,?,?,00000001,?,?,?,1A85EC53), ref: 6C452652
VerSetConditionMask.KERNEL32(00000000,?,00000010,?,?,00000020,?,?,00000001,?,?,?,1A85EC53), ref: 6C45265B
VerSetConditionMask.KERNEL32(00000000,?,00000008,00000001,?,00000010,?,?,00000020,?,?,00000001,?,?,?,1A85EC53), ref: 6C45266B
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C452675

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersion
String ID:
API String ID: 2793162063-0
Opcode ID: e64144c33f480c9887adc33a6c1a3bc55c58b82a9fd1aace6064cc9be925e234
Instruction ID: 81ef19bedf94b4808dc805eed685ae0a325df55d5d07dc3e3578f524c54a0c79
Opcode Fuzzy Hash: e64144c33f480c9887adc33a6c1a3bc55c58b82a9fd1aace6064cc9be925e234
Instruction Fuzzy Hash: 4B31A3B1A0438CAEEF31DFB98C99FEE7BB8AB85304F50402EE514AB181DA705558CF11

Uniqueness

Uniqueness Score: -1.00%

Function 6C43FA36 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMON

Download Yara Rule

Strings

Failed to connect to %s port %ld: %s, xrefs: 6C43FE05
Connection time-out, xrefs: 6C43FAD1
L', xrefs: 6C43FB9A

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: Connection time-out$Failed to connect to %s port %ld: %s$L'
API String ID: 0-1426291924
Opcode ID: d4e562a1db501a3940497d80820d0978c5266db567e105e582f0492ec7cce11e
Instruction ID: 6b3e595f6d98ceb32743517cf6c169ca36e635ef2c04a86813823e0a8ab323fd
Opcode Fuzzy Hash: d4e562a1db501a3940497d80820d0978c5266db567e105e582f0492ec7cce11e
Instruction Fuzzy Hash: CEB12A31406350AFF711DE668884EAB7BE4EFCE359F140A9DFC588B792D33198048792

Uniqueness

Uniqueness Score: -1.00%

Function 6C4601D7 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,6C45FE01,6C432CA1,6C433169,?,6C4333A1,?,00000001,?,?,00000001,?,6C4DBAB8,0000000C,6C43349A), ref: 6C4601E5
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6C4601F3
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6C46020C
SetLastError.KERNEL32(00000000,6C4333A1,?,00000001,?,?,00000001,?,6C4DBAB8,0000000C,6C43349A,?,00000001,?), ref: 6C46025E

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: db8b223005e84f40e02e0c007eed2a993099329f714853e2982959852c79351c
Instruction ID: 5c3e359705cbeac41737503296dd07060b246a6041156b23bfd2a3faa9d91f49
Opcode Fuzzy Hash: db8b223005e84f40e02e0c007eed2a993099329f714853e2982959852c79351c
Instruction Fuzzy Hash: 2801B53661E6125DF625EAB76C84D862774EF4277A734033EE12081FD8EF129C4691C8

Uniqueness

Uniqueness Score: -1.00%

Function 6C443B8D Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 265COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 6C443CA9
___from_strstr_to_strchr.LIBCMT ref: 6C443D32

Part of subcall function 6C444274: __fprintf_l.LIBCMT ref: 6C4442BD

Strings

+, xrefs: 6C443E57
*, xrefs: 6C443E7D
%255[^:]:%d, xrefs: 6C443BE8

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ___from_strstr_to_strchr$__fprintf_l
String ID: %255[^:]:%d$*$+
API String ID: 172319450-1234501806
Opcode ID: 9957b79a20802032f6ebc79ea5ee6c07600dd12812ef9ffba25747966bfb321b
Instruction ID: e2444ec1821ec2def91b6d5aa9c0e436627508d50d6820ae27684a8f69c15037
Opcode Fuzzy Hash: 9957b79a20802032f6ebc79ea5ee6c07600dd12812ef9ffba25747966bfb321b
Instruction Fuzzy Hash: 8C91467200C3419FF721DA24C884F9BB7E9EF85B08F348A1DE59543B81E7319549CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6C40D1E4 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 222COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C40D1EE
__EH_prolog3_GS.LIBCMT ref: 6C40D364

Strings

PK_DefaultDecryptionFilter: ciphertext too long, xrefs: 6C40D331
: invalid ciphertext, xrefs: 6C40D2C2
PK_DefaultEncryptionFilter: plaintext too long, xrefs: 6C40D44C

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: : invalid ciphertext$PK_DefaultDecryptionFilter: ciphertext too long$PK_DefaultEncryptionFilter: plaintext too long
API String ID: 2427045233-2902848663
Opcode ID: fc499000a69672218f5897bcda385771e086860f9cf765505bf65a73040ac669
Instruction ID: 64f74c079c5dc1925dd0555ba653a72b89ef68fd7aae1f44292f1dc9b949d81a
Opcode Fuzzy Hash: fc499000a69672218f5897bcda385771e086860f9cf765505bf65a73040ac669
Instruction Fuzzy Hash: AB817071600214AFCF04DFA4C894EEE7BB5FF88318F104168E805AB696DB35DA59CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6C440828 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 220COMMON

Download Yara Rule

APIs

Part of subcall function 6C43F582: htons.WS2_32(?), ref: 6C43F5C0

setsockopt.WS2_32(?,00000006,00000001,?,00000004), ref: 6C440926

Part of subcall function 6C451DF9: GetLastError.KERNEL32(00000000,?,?,6C43F189,00000000,?,00000100), ref: 6C451DFC

Part of subcall function 6C43F5EC: closesocket.WS2_32(6C43CAF5), ref: 6C43F625

Strings

sa_addr inet_ntop() failed with errno %d: %s, xrefs: 6C4408D8
*, xrefs: 6C4409DE

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLastclosesockethtonssetsockopt
String ID: *$sa_addr inet_ntop() failed with errno %d: %s
API String ID: 239416242-841833560
Opcode ID: 14f25f18146e134a442cad5baedaca1bd9de0410f1f659674653fd9dceb4b07c
Instruction ID: 39f26cf2acc0b1a0aae53635e97f676525521c8e7bdca9d58ba9700e300a4d92
Opcode Fuzzy Hash: 14f25f18146e134a442cad5baedaca1bd9de0410f1f659674653fd9dceb4b07c
Instruction Fuzzy Hash: BC71F471408381ABF720DE25CC44FDF7BE8EF95308F24491EF95896641D7319558CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C4638C4 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 201COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C4638CB
UnDecorator::getSymbolName.LIBCMT ref: 6C463959
DName::operator+.LIBCMT ref: 6C463A5D

Part of subcall function 6C461641: shared_ptr.LIBCMT ref: 6C46165D

DName::DName.LIBVCRUNTIME ref: 6C463B1A

Strings

j;NlQ;Nl, xrefs: 6C463918, 6C463929, 6C463940, 6C463949, 6C463996, 6C4639E4, 6C463AA4, 6C463AC3

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Name$Decorator::getH_prolog3Name::Name::operator+Symbolshared_ptr
String ID: j;NlQ;Nl
API String ID: 334624791-2525777580
Opcode ID: 16b217729eca9dd920f307d7141ed1c34331ca6b1fcf3628cf806e130c5e1c20
Instruction ID: 53183d9369763a88927b84b1150d87481b9a781972bb3dea0995867a8be209c4
Opcode Fuzzy Hash: 16b217729eca9dd920f307d7141ed1c34331ca6b1fcf3628cf806e130c5e1c20
Instruction Fuzzy Hash: 378159B1D052898FDF00CF9AC480FEDBBB4BB49315F16405AD905ABB56D7309949CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C45BDAD Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 186COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 6C45BE0A

Strings

../, xrefs: 6C45BE32
/./, xrefs: 6C45BE4E
/../, xrefs: 6C45BE88
/.., xrefs: 6C45BEAE

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: ../$/..$/../$/./
API String ID: 601868998-456519384
Opcode ID: 33103a9e198cba91bd468572430bebc20d028020306dbc91636f13f1e9e1d604
Instruction ID: f6ead062c870569d304f177ba2184dbb07cf4443fa0eac30bee5efbd70318da5
Opcode Fuzzy Hash: 33103a9e198cba91bd468572430bebc20d028020306dbc91636f13f1e9e1d604
Instruction Fuzzy Hash: BD516C2674D2911BE321DE399810F767FE48F4321DFAC486DE9C5C7F82E503886687A1

Uniqueness

Uniqueness Score: -1.00%

Function 6C46509F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 178COMMONLIBRARYCODE

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 6C46510A
operator+.LIBVCRUNTIME ref: 6C46515A
shared_ptr.LIBCMT ref: 6C465226
operator+.LIBVCRUNTIME ref: 6C4652AC

Strings

j;NlQ;Nl, xrefs: 6C4650A5, 6C46510F, 6C465125, 6C46516B, 6C4651AA, 6C4651D8, 6C4651EE, 6C46522B, 6C46525B, 6C465270, 6C46528A, 6C4652D8

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: operator+shared_ptr
String ID: j;NlQ;Nl
API String ID: 864562889-2525777580
Opcode ID: 2670084ba932aab65b5b6d3a9aba549864f58794222edb3192f72e8e98362437
Instruction ID: a737bc3f325e531cfc082824a1aeb85c908a554ee521fce0e8e6bb232d9cb0c5
Opcode Fuzzy Hash: 2670084ba932aab65b5b6d3a9aba549864f58794222edb3192f72e8e98362437
Instruction Fuzzy Hash: 09615C71904149AFCF00CFAAC844EEABBB5FB46308F14825AE4249BF1AD331D645CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6C45D13B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 145COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 6C45D18C
___from_strstr_to_strchr.LIBCMT ref: 6C45D1E4
___from_strstr_to_strchr.LIBCMT ref: 6C45D1F7
___from_strstr_to_strchr.LIBCMT ref: 6C45D21D

Strings

xn--, xrefs: 6C45D208

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: xn--
API String ID: 601868998-2826155999
Opcode ID: ccae5f30af421dcc08f527b91f811f327f355b8df2ae6efa6442249c70e4f800
Instruction ID: 802336b67733859d61091992de16f77e0e63bf4274f34ba0178a256558628e0c
Opcode Fuzzy Hash: ccae5f30af421dcc08f527b91f811f327f355b8df2ae6efa6442249c70e4f800
Instruction Fuzzy Hash: D841996630E3822EF714DA799E44E7B779CDF86248F94412CFD01C2F85EB42D41982E1

Uniqueness

Uniqueness Score: -1.00%

Function 6C463F49 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 6C463FD1

Part of subcall function 6C4613B1: __aulldvrm.LIBCMT ref: 6C4613E2

DName::operator+.LIBCMT ref: 6C463FDE
DName::operator=.LIBVCRUNTIME ref: 6C46405E
DName::DName.LIBVCRUNTIME ref: 6C46407E

Strings

j;NlQ;Nl, xrefs: 6C463F4F, 6C463F57, 6C463FB6, 6C463FF8, 6C46400F, 6C46402C, 6C46403D, 6C4640B4, 6C4640E1, 6C4640EA

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: NameName::$Name::operator+Name::operator=__aulldvrm
String ID: j;NlQ;Nl
API String ID: 2448499823-2525777580
Opcode ID: 806aee6effab039335a3e660b527b0589147f142e46eae5b21ac8ce04ddd40fc
Instruction ID: 91752485c276e08447de3cb03774de71fcbd891b7a4bf1dfd1e481f1166a05f0
Opcode Fuzzy Hash: 806aee6effab039335a3e660b527b0589147f142e46eae5b21ac8ce04ddd40fc
Instruction Fuzzy Hash: A851E074A00264EFCF01CF5AC8A0E9EBBB0FF4A344F01819AD8919BF59C7719A41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EC105 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 129COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3EC10C
__EH_prolog3.LIBCMT ref: 6C3EC158
__EH_prolog3.LIBCMT ref: 6C3EC1C6

Strings

no write access, xrefs: 6C3EC23C
write area exhausted, xrefs: 6C3EC202

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: no write access$write area exhausted
API String ID: 431132790-3740649124
Opcode ID: b29db426cc3876e6c0f403c6d7eb6eca15e510946b5fb5f018e606ed7b8c925f
Instruction ID: 52554b661fe8e239c9b750b5f88e52a6fa8d530bbd2d872d83ce6cb95f580ef4
Opcode Fuzzy Hash: b29db426cc3876e6c0f403c6d7eb6eca15e510946b5fb5f018e606ed7b8c925f
Instruction Fuzzy Hash: 1641A131600224DFCB04EFA4D840EAD77B0EF49318F20455AE9518BAE0DB72E946DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C44FF30 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 119COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 6C44FFB3
__fprintf_l.LIBCMT ref: 6C450020

Strings

%*[^]]%c%n, xrefs: 6C44FF7A
[%*45[0123456789abcdefABCDEF:.]%c%n, xrefs: 6C44FF51
%ld, xrefs: 6C45000F

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ___from_strstr_to_strchr__fprintf_l
String ID: %*[^]]%c%n$%ld$[%*45[0123456789abcdefABCDEF:.]%c%n
API String ID: 1914635646-723072255
Opcode ID: 3c6a10e87065da86f70a549ae310e06706969b5f020b7f1717760e07a9d44771
Instruction ID: cbdca5544565c8f845a127a153547884added2dedcdeba9854b57fd337d29154
Opcode Fuzzy Hash: 3c6a10e87065da86f70a549ae310e06706969b5f020b7f1717760e07a9d44771
Instruction Fuzzy Hash: 36313731D06295ABFB20CA689800FEE7BB8DF03719F60445AE944E7B81E724DA4583A5

Uniqueness

Uniqueness Score: -1.00%

Function 6C464161 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 6C464185
DName::DName.LIBVCRUNTIME ref: 6C4641A9

Strings

%lf, xrefs: 6C4641EA
j;NlQ;Nl, xrefs: 6C464171, 6C4641A0, 6C4641C0, 6C4641D4

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: NameName::
String ID: %lf$j;NlQ;Nl
API String ID: 1333004437-1371756581
Opcode ID: 9da38ea8ec7d92513fe14300e2f5da367a0cea987b525e68fecde263dcd893e2
Instruction ID: a7493d017cf9e49573e002013393b60dd0b9f70038cc4cb31647d22b72aae325
Opcode Fuzzy Hash: 9da38ea8ec7d92513fe14300e2f5da367a0cea987b525e68fecde263dcd893e2
Instruction Fuzzy Hash: 3631BC74A042589BCF14DFEAC854EDDBBB5FB4A388F04505EE045ABF48CB74994ACB42

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F1EAA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3F1EB1
TlsGetValue.KERNEL32(00000030,6C3F2958,9634BA50,?,?,9634BA50,?), ref: 6C3F1F28
TlsSetValue.KERNEL32(?,?,?,9634BA50,?), ref: 6C3F1F3B
TlsSetValue.KERNEL32(?,?,?,?,?,?,?,?,?,9634BA50,?), ref: 6C3F1F6F

Part of subcall function 6C3F1F8C: PostQueuedCompletionStatus.KERNEL32(?,00000001,00000001,00000001,?,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F), ref: 6C3F1FBA
Part of subcall function 6C3F1F8C: GetLastError.KERNEL32(?,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832,?), ref: 6C3F1FC4

Strings

$8Il, xrefs: 6C3F1ED2

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Value$CompletionErrorH_prolog3_LastPostQueuedStatus
String ID: $8Il
API String ID: 104022934-1104382562
Opcode ID: 63adf453d7d744aa3ed3d1cc0728e5debc3653b3c35f583f844362008a3f05d4
Instruction ID: 5ac69f9b4aa079772075de3dc387ad60781b82d1e87c97229055987c5c24c00b
Opcode Fuzzy Hash: 63adf453d7d744aa3ed3d1cc0728e5debc3653b3c35f583f844362008a3f05d4
Instruction Fuzzy Hash: FD218D75E00208AFEF05DFA9D8409DEBBB5AF4C314B01452AE915B7220D734D94A8FA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C4063F2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73libraryloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,00000000,9634BA50), ref: 6C40648E

Part of subcall function 6C4329BA: EnterCriticalSection.KERNEL32(6C4E7ADC,6C4E6A10,?,?,6C4213DE,6C4E6A10,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000), ref: 6C4329C5
Part of subcall function 6C4329BA: LeaveCriticalSection.KERNEL32(6C4E7ADC,?,6C4213DE,6C4E6A10,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000,00000010,6C3E3E14), ref: 6C432A02

GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2,9634BA50), ref: 6C406464
GetProcAddress.KERNEL32(00000000), ref: 6C40646B

Part of subcall function 6C432970: EnterCriticalSection.KERNEL32(6C4E7ADC,?,?,6C42140A,6C4E6A10,6C491B8B,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000), ref: 6C43297A
Part of subcall function 6C432970: LeaveCriticalSection.KERNEL32(6C4E7ADC,?,6C42140A,6C4E6A10,6C491B8B,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000,00000010), ref: 6C4329AD

Strings

kernel32, xrefs: 6C40645F
IsWow64Process2, xrefs: 6C40645A

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AddressCurrentHandleModuleProcProcess
String ID: IsWow64Process2$kernel32
API String ID: 4065268087-1416006014
Opcode ID: 4e4ed3403226eaed36275660da14d3b0d3cbd1e928efeb6165a07530c90c5d33
Instruction ID: 398c5d3e3f0601ce872a108471ef587fa70b20d9029c7ee57c7861a9783ddd63
Opcode Fuzzy Hash: 4e4ed3403226eaed36275660da14d3b0d3cbd1e928efeb6165a07530c90c5d33
Instruction Fuzzy Hash: 0721C432F012559FCF10DFA9C549FDA77B8EB0A325F11052AE511D3681CB389544CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C46760C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,6C4676CD,6C4BD64C,6C4BD644,6C4DCB00,00000000,?,6C46777F,00000002,FlsGetValue,6C4BD644,6C4BD64C,00000000), ref: 6C46769C

Strings

api-ms-, xrefs: 6C46765C

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 0760d4d339f2a7c3ba998ab288d3c8f8f65ea6fe9888da69dde4eaed469122fd
Instruction ID: 9d506b79fab145ddda8b54226c2b847472024bc080eedfd218e2ce1094ca9a49
Opcode Fuzzy Hash: 0760d4d339f2a7c3ba998ab288d3c8f8f65ea6fe9888da69dde4eaed469122fd
Instruction Fuzzy Hash: 32117731A49532ABDF22DB6F8C44F4937B49F12779F250260E914A7F88D770E9018AE5

Uniqueness

Uniqueness Score: -1.00%

Function 6C406334 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55libraryloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,9634BA50,?,?,?,00000000), ref: 6C4063C1

Part of subcall function 6C4329BA: EnterCriticalSection.KERNEL32(6C4E7ADC,6C4E6A10,?,?,6C4213DE,6C4E6A10,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000), ref: 6C4329C5
Part of subcall function 6C4329BA: LeaveCriticalSection.KERNEL32(6C4E7ADC,?,6C4213DE,6C4E6A10,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000,00000010,6C3E3E14), ref: 6C432A02

GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,9634BA50,?,?,?,00000000), ref: 6C40639B
GetProcAddress.KERNEL32(00000000), ref: 6C4063A2

Part of subcall function 6C432970: EnterCriticalSection.KERNEL32(6C4E7ADC,?,?,6C42140A,6C4E6A10,6C491B8B,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000), ref: 6C43297A
Part of subcall function 6C432970: LeaveCriticalSection.KERNEL32(6C4E7ADC,?,6C42140A,6C4E6A10,6C491B8B,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000,00000010), ref: 6C4329AD

Strings

kernel32, xrefs: 6C406396
IsWow64Process, xrefs: 6C406391

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AddressCurrentHandleModuleProcProcess
String ID: IsWow64Process$kernel32
API String ID: 4065268087-3789238822
Opcode ID: 2386f1f0d4e3c5a1d06521c3844e4d9d76c76397be4049d705019ab26403cf98
Instruction ID: 897ea55825b7877e22bbcd4e07f9a2d990cd326fbccce72cfcfbc7a1a7ac5bdc
Opcode Fuzzy Hash: 2386f1f0d4e3c5a1d06521c3844e4d9d76c76397be4049d705019ab26403cf98
Instruction Fuzzy Hash: B5119435E01295DFCF14EF68C849F9A77B8FB09715F110A2EE512E3A82DB385944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C432062 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C432069
QueryPerformanceFrequency.KERNEL32(00000000), ref: 6C43207A
GetLastError.KERNEL32(0000000A), ref: 6C432092
__EH_prolog3.LIBCMT ref: 6C4320DD

Strings

Timer: QueryPerformanceFrequency failed with error , xrefs: 6C4320AA

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorFrequencyH_prolog3H_prolog3_LastPerformanceQuery
String ID: Timer: QueryPerformanceFrequency failed with error
API String ID: 4231316894-348333943
Opcode ID: 248ba904e5631a6dee8d89cb2b4fa3923a32651e78cbee83bb82768f6f18105f
Instruction ID: 5d8d466eb2890892982fa6e2b73535bd326c009f8018814611f24e3a462ec63a
Opcode Fuzzy Hash: 248ba904e5631a6dee8d89cb2b4fa3923a32651e78cbee83bb82768f6f18105f
Instruction Fuzzy Hash: CF118671E40224ABDB10EBA1C848FDD7778BB49329F114558E605E7B82CF749509CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C430537 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C43053E
__Mtx_unlock.LIBCPMT ref: 6C43059E
__Mtx_init_in_situ.LIBCPMT ref: 6C4305C4

Strings

lzNl, xrefs: 6C4305AC
<zNl, xrefs: 6C43054B

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3Mtx_init_in_situMtx_unlock
String ID: <zNl$lzNl
API String ID: 1360302138-1320618036
Opcode ID: 135ebb34c7095cf838d129db120e025e15cbb6434df0bf1424309c7e6133b1bf
Instruction ID: 66ec52349177cddd3f20f2a2efb4befdeca80af2a2d3e0fc4f5e220e1d2ccc57
Opcode Fuzzy Hash: 135ebb34c7095cf838d129db120e025e15cbb6434df0bf1424309c7e6133b1bf
Instruction Fuzzy Hash: 6601C831B0817097D610DB358841F4E37646B8D339B06265CE4089BF83CF34DA064BD5

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E29E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32(?,?,?,?,?,?,?,00000000,00000014), ref: 6C3E29F1
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000014), ref: 6C3E29FF
DeleteCriticalSection.KERNEL32 ref: 6C3E2A43

Strings

tss, xrefs: 6C3E2A34
$8Il, xrefs: 6C3E2A09, 6C3E2A0E

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AllocCriticalDeleteErrorLastSection
String ID: $8Il$tss
API String ID: 941276211-1186032462
Opcode ID: 9015e76705a023e839cc0dbab63bc7d9641b236542ee70975c7efcf07e5f0ec1
Instruction ID: b8e76a6cde34510006fe8ee63a0ef1723be7c1819e4b7d1969ca7bbfc54af756
Opcode Fuzzy Hash: 9015e76705a023e839cc0dbab63bc7d9641b236542ee70975c7efcf07e5f0ec1
Instruction Fuzzy Hash: E7F0F471A002345BCF14FF79840EDDEB7B4EB45214B01025ED421A3680DF3199058F95

Uniqueness

Uniqueness Score: -1.00%

Function 6C432970 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C4E7ADC,?,?,6C42140A,6C4E6A10,6C491B8B,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000), ref: 6C43297A
LeaveCriticalSection.KERNEL32(6C4E7ADC,?,6C42140A,6C4E6A10,6C491B8B,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000,00000010), ref: 6C4329AD
SetEvent.KERNEL32(?,6C4E6A10,6C491B8B,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000,00000010,6C3E3E14,00000000), ref: 6C432A2E
ResetEvent.KERNEL32(?,6C4E6A10,6C491B8B,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000,00000000,00000010,6C3E3E14,00000000), ref: 6C432A3A

Strings

2X@l, xrefs: 6C432986

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalEventSection$EnterLeaveReset
String ID: 2X@l
API String ID: 3553466030-2914316872
Opcode ID: cfae2c3c2d34411c4c1e12134eeae99c1efcb8f9a7b59ce5eb8d43946becaa3b
Instruction ID: 13d1c155edd085fcb0dec4dc2c0d89adb14497ca6aaa8f6c86caabd17650286a
Opcode Fuzzy Hash: cfae2c3c2d34411c4c1e12134eeae99c1efcb8f9a7b59ce5eb8d43946becaa3b
Instruction Fuzzy Hash: 9F01E43170A570AFCA65FF18E948D993BB5EB4F7227024059EA0183602CF706E018B94

Uniqueness

Uniqueness Score: -1.00%

Function 6C42BF61 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C42BF68

Part of subcall function 6C3F053D: __EH_prolog3.LIBCMT ref: 6C3F0544

Part of subcall function 6C3F057F: __EH_prolog3_GS.LIBCMT ref: 6C3F0586

Part of subcall function 6C42B747: __EH_prolog3_GS.LIBCMT ref: 6C42B74E

Strings

hfIl, xrefs: 6C42BF7F
DecodingLookupArray, xrefs: 6C42BF86
Log2Base, xrefs: 6C42BF9E
VIl, xrefs: 6C42BFBA, 6C42BFC1

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: DecodingLookupArray$Log2Base$hfIl$VIl
API String ID: 3355343447-3812364788
Opcode ID: 1d34ecaabed70f62a3d387c6acadd5e1cb55eb621d001247213972bba5a7692c
Instruction ID: 3765344d08b4a00542597bd71f4314cbdee5714098b1c84a7e50fb3e3af3c2cd
Opcode Fuzzy Hash: 1d34ecaabed70f62a3d387c6acadd5e1cb55eb621d001247213972bba5a7692c
Instruction Fuzzy Hash: 5C016DB5D0126CAADF05CFA4C846FEEBBB4AB58318F000519D404B7B80DBB45A08CFB2

Uniqueness

Uniqueness Score: -1.00%

Function 6C474CFC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6C474CAE,?,?,6C474C76,?,00000000,?), ref: 6C474D11
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6C474D24
FreeLibrary.KERNEL32(00000000,?,?,6C474CAE,?,?,6C474C76,?,00000000,?), ref: 6C474D47

Strings

CorExitProcess, xrefs: 6C474D1C
mscoree.dll, xrefs: 6C474D0A

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 65d264043fd596675a106e013b38e20e848db4dfa3e2b00f98f8d84a36b76ce4
Instruction ID: 6e887c5c2aa19cdd39687f23e03c71d70e4040d0a4f43fe14331092afc927434
Opcode Fuzzy Hash: 65d264043fd596675a106e013b38e20e848db4dfa3e2b00f98f8d84a36b76ce4
Instruction Fuzzy Hash: CBF01235602169FBDF21EF61CA0DFED7B79EB5575AF100050F815B1550CB348A01DAA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C432A42 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

LeaveCriticalSection.KERNEL32(6C4E7ADC,2X@l,?,6C4329DF,00000064,?,6C4213DE,6C4E6A10,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?), ref: 6C432A6F
WaitForSingleObjectEx.KERNEL32(2X@l,00000000,?,6C4329DF,00000064,?,6C4213DE,6C4E6A10,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?), ref: 6C432A80
EnterCriticalSection.KERNEL32(6C4E7ADC,?,6C4329DF,00000064,?,6C4213DE,6C4E6A10,00000044,6C42148C,00000000,?,00000008,6C4214CC,?,?,00000000), ref: 6C432A87

Strings

2X@l, xrefs: 6C432A45
2X@l, xrefs: 6C432A77, 6C432A50

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalSection$EnterLeaveObjectSingleWait
String ID: 2X@l$2X@l
API String ID: 501323975-3816884801
Opcode ID: 8a04ed8ecb79a385ff1106368d79074026d18619d6aa8803dc27d57f1a13d5be
Instruction ID: 9e0b8e542f4ed7b4628880a86be82d3f689f959b0222fc8c935d8acecb8da52b
Opcode Fuzzy Hash: 8a04ed8ecb79a385ff1106368d79074026d18619d6aa8803dc27d57f1a13d5be
Instruction Fuzzy Hash: A8E06D32649134AFCE35FE51CC0DD893F38EB0E626B024000FF08A29028EA00A118BC4

Uniqueness

Uniqueness Score: -1.00%

Function 6C47CAC3 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C47AAFD: RtlAllocateHeap.NTDLL(00000000,7FFFFFC4,7FFFFFC0,?,6C45D730,7FFFFFC6,7FFFFFC0,7FFFFFC0,?,?,6C3E1573,6C3E2DD3,7FFFFFC4,6C3E2DD3,6C3E2DD3), ref: 6C47AB2F

_free.LIBCMT ref: 6C47CBD2
_free.LIBCMT ref: 6C47CBE9
_free.LIBCMT ref: 6C47CC06
_free.LIBCMT ref: 6C47CC21
_free.LIBCMT ref: 6C47CC38

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$AllocateHeap
String ID:
API String ID: 3033488037-0
Opcode ID: 3b41959da4cc36bb881be667490c71fc7b80e7dba8f003758666117673957509
Instruction ID: 377712f53453ffc1a5754041b0369087931e73669ed0e5b381a0620c496c026e
Opcode Fuzzy Hash: 3b41959da4cc36bb881be667490c71fc7b80e7dba8f003758666117673957509
Instruction Fuzzy Hash: 5D51B271A01204AFEB21EF29D941FEAB7F4EF45719B14066DE809E7B50E731E901CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E23B8 Relevance: 7.6, APIs: 5, Instructions: 114windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3E23BF
FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000,00000028), ref: 6C3E23E4
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C3E2410
LocalFree.KERNEL32(?,00000000,-00000001,00000000,?,?,00000000,00000000), ref: 6C3E24DD

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ByteCharFormatFreeH_prolog3_LocalMessageMultiWide
String ID:
API String ID: 4049754800-0
Opcode ID: 0af822507af64d886c09da99fd7c8f9702046496892a44d2c2f2b743ff3e8ea5
Instruction ID: 0318ac1343b08176554ce7317d0e747b7f436eaf84e9d1c5865edf81ccef6272
Opcode Fuzzy Hash: 0af822507af64d886c09da99fd7c8f9702046496892a44d2c2f2b743ff3e8ea5
Instruction Fuzzy Hash: 5E4182B0A1421AAEEF08CB94C959FFEBBBCEB0D324F54411EE401B6580DB7699448F31

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EC52A Relevance: 7.5, APIs: 5, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3EC531
std::_Lockit::_Lockit.LIBCPMT ref: 6C3EC53E

Part of subcall function 6C3E1E9E: std::_Lockit::_Lockit.LIBCPMT ref: 6C3E1EBA
Part of subcall function 6C3E1E9E: std::_Lockit::~_Lockit.LIBCPMT ref: 6C3E1ED6

std::_Facet_Register.LIBCPMT ref: 6C3EC58C
std::_Lockit::~_Lockit.LIBCPMT ref: 6C3EC5A2
Concurrency::cancel_current_task.LIBCPMT ref: 6C3EC5AF

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_Register
String ID:
API String ID: 3498242614-0
Opcode ID: 8e0fc19ace708a6a918b894cf27c5768ce5292f0d5a8ead224b8947115c82a79
Instruction ID: 1211052ef93b2635411e6d5e9557269b6001f251e06997d45c2d4accd1e9326f
Opcode Fuzzy Hash: 8e0fc19ace708a6a918b894cf27c5768ce5292f0d5a8ead224b8947115c82a79
Instruction Fuzzy Hash: D501B931A012258FCB01DB65C400EEE7BB55F8C718F21015AD9556BBC1DB34DE498BD2

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EC6C7 Relevance: 7.5, APIs: 5, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3EC6CE
std::_Lockit::_Lockit.LIBCPMT ref: 6C3EC6DB

Part of subcall function 6C3E1E9E: std::_Lockit::_Lockit.LIBCPMT ref: 6C3E1EBA
Part of subcall function 6C3E1E9E: std::_Lockit::~_Lockit.LIBCPMT ref: 6C3E1ED6

std::_Facet_Register.LIBCPMT ref: 6C3EC729
std::_Lockit::~_Lockit.LIBCPMT ref: 6C3EC73F
Concurrency::cancel_current_task.LIBCPMT ref: 6C3EC74C

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_Register
String ID:
API String ID: 3498242614-0
Opcode ID: a57373e101864cdc171eba6433afd4c29e46951575199b65847a7f1edb2e5d1f
Instruction ID: 917fc0292d72ffa6f9a47049105ed57104b070c528392dd103b0c156d922c715
Opcode Fuzzy Hash: a57373e101864cdc171eba6433afd4c29e46951575199b65847a7f1edb2e5d1f
Instruction Fuzzy Hash: 5301B531A012258FCB01DB69C540FEE7BB46F4C618F21015AE955ABB81DB34DE098BE2

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EC752 Relevance: 7.5, APIs: 5, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3EC759
std::_Lockit::_Lockit.LIBCPMT ref: 6C3EC766

Part of subcall function 6C3E1E9E: std::_Lockit::_Lockit.LIBCPMT ref: 6C3E1EBA
Part of subcall function 6C3E1E9E: std::_Lockit::~_Lockit.LIBCPMT ref: 6C3E1ED6

std::_Facet_Register.LIBCPMT ref: 6C3EC7B4
std::_Lockit::~_Lockit.LIBCPMT ref: 6C3EC7CA
Concurrency::cancel_current_task.LIBCPMT ref: 6C3EC7D7

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_Register
String ID:
API String ID: 3498242614-0
Opcode ID: 117e3cd1a95588831fa2632a70803c1da0e3d3a2f0259d4725da71e072c70817
Instruction ID: 05f90bbf26008e97473c125d6e460910523947527afb5d9605bbef1233d00c9f
Opcode Fuzzy Hash: 117e3cd1a95588831fa2632a70803c1da0e3d3a2f0259d4725da71e072c70817
Instruction Fuzzy Hash: 8C01B531A012258FCB01EB65D500EEE7BB46F4D628F21055AE955ABB80DF34DE098BD2

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E2ACF Relevance: 7.5, APIs: 5, Instructions: 40synchronizationthreadinjectionCOMMON

Download Yara Rule

APIs

WaitForMultipleObjects.KERNEL32(00000002,6C3F1CA3,00000000,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832), ref: 6C3E2AF8
CloseHandle.KERNEL32(0000001E,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832,?), ref: 6C3E2B01
TerminateThread.KERNEL32(00000006,00000000,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832,?), ref: 6C3E2B1B
QueueUserAPC.KERNEL32(6C3E2B46,00000006,00000000,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832,?), ref: 6C3E2B28
WaitForSingleObject.KERNEL32(00000006,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832,?), ref: 6C3E2B33

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Wait$CloseHandleMultipleObjectObjectsQueueSingleTerminateThreadUser
String ID:
API String ID: 3892215915-0
Opcode ID: 1f94cd0d1a17f321412c4249bec1ddb4123d0704682aa0f88479b93e2473053d
Instruction ID: a794029dd5ba408f1410fd98a105b1e7b97936e018a9a1b4da2948ede5500de4
Opcode Fuzzy Hash: 1f94cd0d1a17f321412c4249bec1ddb4123d0704682aa0f88479b93e2473053d
Instruction Fuzzy Hash: 71014434601216AFDB20EF68CD0EE59B7F4FB1A714F104169E526D66D0DF71A9108F90

Uniqueness

Uniqueness Score: -1.00%

Function 6C485FE4 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 6C485FFC

Part of subcall function 6C47A768: HeapFree.KERNEL32(00000000,00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000), ref: 6C47A77E
Part of subcall function 6C47A768: GetLastError.KERNEL32(00000000,?,6C486285,00000000,00000000,00000000,7FFFFFC6,?,6C486528,00000000,00000007,00000000,?,6C48434D,00000000,00000000), ref: 6C47A790

_free.LIBCMT ref: 6C48600E
_free.LIBCMT ref: 6C486020
_free.LIBCMT ref: 6C486032
_free.LIBCMT ref: 6C486044

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 0aa4af633fd5953d0d79233c33c059b113710ff68e6e6dd1b97e4095bc9094bf
Instruction ID: 9d17a294863df516a06c7bd2e8acc12da23fdefeb814cfedca8c9fae8a78859e
Opcode Fuzzy Hash: 0aa4af633fd5953d0d79233c33c059b113710ff68e6e6dd1b97e4095bc9094bf
Instruction Fuzzy Hash: 80F04F7195720897CA70FA58D5C1CC633FDAF02B5A7B55809F014D7B00C734F8808AA8

Uniqueness

Uniqueness Score: -1.00%

Function 6C4523DA Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 6C452446
___from_strstr_to_strchr.LIBCMT ref: 6C45245C

Part of subcall function 6C45233B: ___from_strstr_to_strchr.LIBCMT ref: 6C452362

Strings

0123456789ABCDEF, xrefs: 6C452451, 6C452457
0123456789abcdef, xrefs: 6C452438, 6C45243E

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: 0123456789ABCDEF$0123456789abcdef
API String ID: 601868998-885041942
Opcode ID: f1792664e0d2422ce080a188a3d71b69f7249ff27ef2cd18e03868d381fd2ff2
Instruction ID: 6429b5c1270af7ce93a9b3d003171194626b92be7a9de587a654ce565517d704
Opcode Fuzzy Hash: f1792664e0d2422ce080a188a3d71b69f7249ff27ef2cd18e03868d381fd2ff2
Instruction Fuzzy Hash: A951157260C3469BC324CE29C458D5BBBE1AF86659FD40A2FF0C597B04EB30E545CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6C40D78D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 140COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C40D797

Strings

exceeds the maximum of , xrefs: 6C40D84D
is less than the minimum of , xrefs: 6C40D903
: IV length , xrefs: 6C40D825, 6C40D8DB

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: exceeds the maximum of $ is less than the minimum of $: IV length
API String ID: 2427045233-1273958906
Opcode ID: f7673bb3e1d645d5c3d40a2fb67a106026ef43548255b51fa39bc127270121a5
Instruction ID: 2d67450ddccd350fd218cc13e3b6c9eb7cd4a1653fe767437a4db0ff481fd137
Opcode Fuzzy Hash: f7673bb3e1d645d5c3d40a2fb67a106026ef43548255b51fa39bc127270121a5
Instruction Fuzzy Hash: A8519171E00358ABDB11DBA4C848FCEBBBC6F19308F1045D5E149A7741DB749A488FA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C463C99 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 125COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 6C463CCC

Part of subcall function 6C46161F: DName::operator+=.LIBCMT ref: 6C461635

Strings

j;NlQ;Nl, xrefs: 6C463C9C, 6C463CF5, 6C463D55

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Name::operator+Name::operator+=
String ID: j;NlQ;Nl
API String ID: 382699925-2525777580
Opcode ID: 0fffc4d535c6d7df0b07352f56953c0d29bddf6d06abbbef41c6b82b16e26d77
Instruction ID: 1a27616834d03846237583d3309e7e445d24b45fb2372e211470cac1a5dbbfef
Opcode Fuzzy Hash: 0fffc4d535c6d7df0b07352f56953c0d29bddf6d06abbbef41c6b82b16e26d77
Instruction Fuzzy Hash: EF411BB6D0424A9ACF00CFAAD582FEEBBB5EF45308F10015AE505B7F59C7349649CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E5E53 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 125COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6C3E5E5D

Part of subcall function 6C3F121D: __EH_prolog3_catch_GS.LIBCMT ref: 6C3F1227

Part of subcall function 6C3E57D4: __EH_prolog3_GS_align.LIBCMT ref: 6C3E57E0

Part of subcall function 6C3E7B7F: __EH_prolog3.LIBCMT ref: 6C3E7B86

Part of subcall function 6C3E2153: __EH_prolog3.LIBCMT ref: 6C3E21C4
Part of subcall function 6C3E2153: std::locale::_Init.LIBCPMT ref: 6C3E220E

Part of subcall function 6C3F07CB: DeleteFileW.KERNEL32(00000000,00000000), ref: 6C3F07F4

Part of subcall function 6C3EFBB3: __EH_prolog3_GS.LIBCMT ref: 6C3EFBBD
Part of subcall function 6C3EFBB3: DeleteFileW.KERNEL32(00000000,000000B4,6C3E5FC5,?,00000032,?,?,00000000,000000B0), ref: 6C3EFBD6

Strings

<?xml version="1.0" encoding="utf-8"?><DeactivationRequest><ablock data=", xrefs: 6C3E5EDE
"/></DeactivationRequest>, xrefs: 6C3E5F34
" id=", xrefs: 6C3E5EEC

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: DeleteFileH_prolog3H_prolog3_H_prolog3_catch_$InitS_alignstd::locale::_
String ID: " id="$"/></DeactivationRequest>$<?xml version="1.0" encoding="utf-8"?><DeactivationRequest><ablock data="
API String ID: 1165413723-2913120866
Opcode ID: 17171531833bc5affe341792850d08a6b8a8a471108fccccb1d5343068ac41be
Instruction ID: 56ad8d12ada16263ad811d45acd03e6e6dd5fbf2830dea9af207a10228ded9cb
Opcode Fuzzy Hash: 17171531833bc5affe341792850d08a6b8a8a471108fccccb1d5343068ac41be
Instruction Fuzzy Hash: AA41807194026CAECF05DBA4DD81FDDBBB8AF18308F10809AE145A7681DB705B4DCFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C4652EE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

operator+.LIBVCRUNTIME ref: 6C465351
DName::operator+.LIBCMT ref: 6C46540F
operator+.LIBVCRUNTIME ref: 6C46544E

Strings

j;NlQ;Nl, xrefs: 6C4652F1, 6C46530F, 6C46536E, 6C465388, 6C4653C1

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: operator+$Name::operator+
String ID: j;NlQ;Nl
API String ID: 1198235884-2525777580
Opcode ID: 22b7fc49afd32086accdd5b44180530615de26f958bed540f111b9a51a620521
Instruction ID: 804716cd39a7007da4d6ce312d5dcaca73e3a7c6b74d37d5b6179188600f1928
Opcode Fuzzy Hash: 22b7fc49afd32086accdd5b44180530615de26f958bed540f111b9a51a620521
Instruction Fuzzy Hash: 93418D7190824DEFDF00CF86C845FDEBBB1AB05319F04819AE514ABE56D7B49689CF80

Uniqueness

Uniqueness Score: -1.00%

Function 6C4608EF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6C460914
CatchIt.LIBVCRUNTIME ref: 6C4609FA

Strings

MOC, xrefs: 6C460926
RCC, xrefs: 6C46092E

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 253530753a0da11fa8cb5e4ecdb8987fe47402d738f145b87308b3fd564509f4
Instruction ID: 775bcf14ab744c1870e81a401d7ffd0065b0f3aa0684bdeb8a2a0711d25549f2
Opcode Fuzzy Hash: 253530753a0da11fa8cb5e4ecdb8987fe47402d738f145b87308b3fd564509f4
Instruction Fuzzy Hash: B9418871900289AFDF02CF95C880EEE7BB6FF08308F158199EA05A6A18D335D954CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E4B3B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 108COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6C3E4B45

Part of subcall function 6C3F121D: __EH_prolog3_catch_GS.LIBCMT ref: 6C3F1227

Strings

<?xml version="1.0" encoding="utf-8"?><ActivationRequest><ablock data=", xrefs: 6C3E4BA2
" id=", xrefs: 6C3E4BB0
"/></ActivationRequest>, xrefs: 6C3E4BF8

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_catch_
String ID: " id="$"/></ActivationRequest>$<?xml version="1.0" encoding="utf-8"?><ActivationRequest><ablock data="
API String ID: 1329019490-832694437
Opcode ID: a5ad431008d487daaad3ae66148dae7a0cf9b02cbccfdc6b7b8bff6b82d8c2ee
Instruction ID: f24ff45aa60b75de7b78f6204414714248f5ab6a46535925327a0e2ca2f641ac
Opcode Fuzzy Hash: a5ad431008d487daaad3ae66148dae7a0cf9b02cbccfdc6b7b8bff6b82d8c2ee
Instruction Fuzzy Hash: B941517190026CAECF04DBE4DC85FDDBB78AF18308F10449AE145A7681DB709B49CF62

Uniqueness

Uniqueness Score: -1.00%

Function 6C43A0CD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 101COMMON

Download Yara Rule

APIs

__fprintf_l.LIBCMT ref: 6C43A18F
_strncpy.LIBCMT ref: 6C43A1D6

Strings

%s%s%s%s, xrefs: 6C43A186
T7Il, xrefs: 6C43A178

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: __fprintf_l_strncpy
String ID: %s%s%s%s$T7Il
API String ID: 1857242416-3598447550
Opcode ID: 5a72dfc0473484eeef945a55649c82021cfdbcdf07e5e503bf6f82cb45970749
Instruction ID: 559f5a39ad175cd2fbe2bc9ba50a658d0e67332bf5efa79086fd4a9be0da72c1
Opcode Fuzzy Hash: 5a72dfc0473484eeef945a55649c82021cfdbcdf07e5e503bf6f82cb45970749
Instruction Fuzzy Hash: 9B31F4726092559BEF10DF5EC881F5ABBE8AFDE215F54052EE948C3A42D620DC09C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6C44D80B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 101encryptionCOMMON

Download Yara Rule

APIs

CertFreeCertificateContext.CRYPT32(?), ref: 6C44D930

Strings

SSL: public key does not match pinned public key!, xrefs: 6C44D8EE
schannel: Failed to read remote certificate context: %s, xrefs: 6C44D918
SSL: failed retrieving public key from server certificate, xrefs: 6C44D8FD

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CertCertificateContextFree
String ID: SSL: failed retrieving public key from server certificate$SSL: public key does not match pinned public key!$schannel: Failed to read remote certificate context: %s
API String ID: 3080675121-1775170315
Opcode ID: e062a7a55f7329ecd82303714d8343d99a2d990f6bfa3b1e3b8d4aecc77e64cb
Instruction ID: 9c9c3d8fce347daf56316d99bbe34a16561f3656840d2d7ef1e4655c29340ce8
Opcode Fuzzy Hash: e062a7a55f7329ecd82303714d8343d99a2d990f6bfa3b1e3b8d4aecc77e64cb
Instruction Fuzzy Hash: C731A171605345AFE724DE64C884FBBB7E8EF89355F10882DE998C7A41EB70E8048692

Uniqueness

Uniqueness Score: -1.00%

Function 6C41F81E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 90COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C41F825

Part of subcall function 6C41F67E: __EH_prolog3.LIBCMT ref: 6C41F685

Strings

BlockPaddingScheme, xrefs: 6C41F8E3
StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher, xrefs: 6C41F90F
XIl, xrefs: 6C41F86F

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: BlockPaddingScheme$StreamTransformationFilter: please use AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter for AuthenticatedSymmetricCipher$XIl
API String ID: 3355343447-3622851053
Opcode ID: 325ca3684c7ad95187d0cd532008c8d7733aa1a981d5e5a3d22e13ef37f1353e
Instruction ID: 606b6f5972bd74e1982da2d05f729ccd9353aa3dbdcb10fa18b412a91367bc82
Opcode Fuzzy Hash: 325ca3684c7ad95187d0cd532008c8d7733aa1a981d5e5a3d22e13ef37f1353e
Instruction Fuzzy Hash: 2B317E70901259EFDB05DFA4C884EADBBB4BF08308F14459EE4559BB60DB30E919CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6C466532 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getSignedDimension.LIBCMT ref: 6C466583

Strings

j;NlQ;Nl, xrefs: 6C466542, 6C46655A

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Decorator::getDimensionSigned
String ID: j;NlQ;Nl
API String ID: 2996861206-2525777580
Opcode ID: 87c0611fa375f021dd28aec7c4bd32ece74838e1d1d8afc0911dbdc4c01749f1
Instruction ID: 0ba659f54ba4a1a7017bfe23aa36ddf59a1c11c22e9d5525dce486e6fafa7d50
Opcode Fuzzy Hash: 87c0611fa375f021dd28aec7c4bd32ece74838e1d1d8afc0911dbdc4c01749f1
Instruction Fuzzy Hash: 1B319371A042099BDF14DBAAD855FEEB7F9AB49318F10011ED501F3A88DF349A09CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6C463E29 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 6C463E9A
DName::operator+.LIBCMT ref: 6C463EE8
DName::DName.LIBVCRUNTIME ref: 6C463F1C

Strings

j;NlQ;Nl, xrefs: 6C463E2F, 6C463E9F, 6C463EA7

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: NameName::Name::operator+shared_ptr
String ID: j;NlQ;Nl
API String ID: 3919194733-2525777580
Opcode ID: ffca1a1adddb2487067aba251ceabce20176b841d833a09759386b78b3b1989d
Instruction ID: 08adb60b43fa2d5e8ee6d9c7ce5f5554a478bef9b4ddc959325871c1791534d1
Opcode Fuzzy Hash: ffca1a1adddb2487067aba251ceabce20176b841d833a09759386b78b3b1989d
Instruction Fuzzy Hash: 70312AB0904289DFCF08CFA9D445FAEBBB0BB05308F00859AE525A7B99D770D605CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C43F950 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76networkCOMMON

Download Yara Rule

APIs

getpeername.WS2_32(?,?,?), ref: 6C43F99E
WSAGetLastError.WS2_32(?,?), ref: 6C43F9A8

Part of subcall function 6C451DF9: GetLastError.KERNEL32(00000000,?,?,6C43F189,00000000,?,00000100), ref: 6C451DFC

Strings

getpeername() failed with errno %d: %s, xrefs: 6C43F9C1
ssrem inet_ntop() failed with errno %d: %s, xrefs: 6C43FA10

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast$getpeername
String ID: getpeername() failed with errno %d: %s$ssrem inet_ntop() failed with errno %d: %s
API String ID: 664652874-4047410615
Opcode ID: 7c7230ac538c5e6a8fe03a7dca2b1e3d65fd02182df8cefdf0d90f19c2c287e7
Instruction ID: 82070c7638bf82188842d048a7b88336c771d4144d6426d677fedcb14c41c966
Opcode Fuzzy Hash: 7c7230ac538c5e6a8fe03a7dca2b1e3d65fd02182df8cefdf0d90f19c2c287e7
Instruction Fuzzy Hash: 942165729011186BEB21DF75DC45EDE77ACEF09304F10055AF919E7641EB71AA488BE0

Uniqueness

Uniqueness Score: -1.00%

Function 6C45FCEA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

FindMITargetTypeInstance.LIBVCRUNTIME ref: 6C45FD56
PMDtoOffset.LIBCMT ref: 6C45FD7C

Strings

Bad dynamic_cast!, xrefs: 6C45FDBE

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: FindInstanceOffsetTargetType
String ID: Bad dynamic_cast!
API String ID: 2363274979-2956939130
Opcode ID: 45d967f4aee52410fe97a9e091065532b7e602f85df16cd224a6d1f5ffb9377f
Instruction ID: aee01aa0e9f3e781392d8c5770965450d3825af942b6cdd816c214dd4ef324c7
Opcode Fuzzy Hash: 45d967f4aee52410fe97a9e091065532b7e602f85df16cd224a6d1f5ffb9377f
Instruction Fuzzy Hash: 52212632A052059FEB04CF68C904EDA77B4FB45718B54861DEC1197B84D730E92986D2

Uniqueness

Uniqueness Score: -1.00%

Function 6C420175 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C42017C

Strings

PutMessage, xrefs: 6C4201FF
TruncatedDigestSize, xrefs: 6C420217
FilterWithBufferedInput: invalid buffer size, xrefs: 6C4201C5

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: FilterWithBufferedInput: invalid buffer size$PutMessage$TruncatedDigestSize
API String ID: 2427045233-3547780871
Opcode ID: 9aecd0cccbb37a0e83f9361ed76364ab1317417c42d9cb84001ffa60c56f86ed
Instruction ID: 3b2ac7e5759e447867250dbd502f2d5fc61ce9e9da97b0b64dd36c83289d0146
Opcode Fuzzy Hash: 9aecd0cccbb37a0e83f9361ed76364ab1317417c42d9cb84001ffa60c56f86ed
Instruction Fuzzy Hash: D221C231201259AFCB04DFA0C894FE9BBB4FF48329F10025EE5595BE80DB74E959CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6C43F87B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71networkCOMMON

Download Yara Rule

APIs

getsockname.WS2_32(?,?,?), ref: 6C43F8C8
WSAGetLastError.WS2_32 ref: 6C43F8D2

Part of subcall function 6C451DF9: GetLastError.KERNEL32(00000000,?,?,6C43F189,00000000,?,00000100), ref: 6C451DFC

Strings

getsockname() failed with errno %d: %s, xrefs: 6C43F8EE
ssloc inet_ntop() failed with errno %d: %s, xrefs: 6C43F933

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast$getsockname
String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
API String ID: 3066790409-2605427207
Opcode ID: 1189508aa9e3d9b8cf0afe8b79f8b3f3a1d1bff453325880f6d5d6cc352b2fc9
Instruction ID: a124f6f07657bbbc612f16adffc4f419a7ee5137627a0f1f5602013d0520bbe6
Opcode Fuzzy Hash: 1189508aa9e3d9b8cf0afe8b79f8b3f3a1d1bff453325880f6d5d6cc352b2fc9
Instruction Fuzzy Hash: ED214D76901229BBDF11DE669C45EDA776CEF49314F50049AF908E3641EF30AE488BE0

Uniqueness

Uniqueness Score: -1.00%

Function 6C44B42D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 6C44B449

Strings

Host: %s, xrefs: 6C44B4A0
%s%s%s:%d, xrefs: 6C44B472
Host, xrefs: 6C44B48A

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: %s%s%s:%d$Host$Host: %s
API String ID: 601868998-4134764909
Opcode ID: 56b9bb0099b5161d71affb72b80d2d4a9bfa67d6c46f7f22053d2c1ffc377d73
Instruction ID: ee1e8d86973f69eb30912397ae7b7aeaf46abcd378c6a5bd4e11d946af10df29
Opcode Fuzzy Hash: 56b9bb0099b5161d71affb72b80d2d4a9bfa67d6c46f7f22053d2c1ffc377d73
Instruction Fuzzy Hash: B51121722059246FFB02DE599C41E9B3BACDF862A5B24C02AFD08DBB01F631CC1186E0

Uniqueness

Uniqueness Score: -1.00%

Function 6C447996 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON

Download Yara Rule

APIs

__fprintf_l.LIBCMT ref: 6C447A06

Strings

PROXY %s %s %s %i %i, xrefs: 6C4479F8
TCP6, xrefs: 6C4479BB
TCP4, xrefs: 6C4479CA

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: __fprintf_l
String ID: PROXY %s %s %s %i %i$TCP4$TCP6
API String ID: 3906573944-1048566547
Opcode ID: 5525e4633421e455701a6d47d9a055dfdcec3e702cf4faf06d4d182dc94a1bdf
Instruction ID: c2f00ade4bc8f73a4c24d7a48f51a9b8a0271075419e15b8793c9d7566f2ff0a
Opcode Fuzzy Hash: 5525e4633421e455701a6d47d9a055dfdcec3e702cf4faf06d4d182dc94a1bdf
Instruction Fuzzy Hash: 46214F72900658AEEB11DFA8CC44EEB7BFCEB09204F14452BE959D3641EB30E549CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C40D99D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C40D9A7

Strings

byte digest to , xrefs: 6C40D9FD
bytes, xrefs: 6C40DA25
HashTransformation: can't truncate a , xrefs: 6C40D9F2

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: byte digest to $ bytes$HashTransformation: can't truncate a
API String ID: 2427045233-1139078987
Opcode ID: 2c503902c78c1526cebe13a3bafc0a4078f7bfa0e915e9d66284d363f2f821b4
Instruction ID: 9bd7bb71392c3b9cdd9ee7d04d25db4ff23499f899160ff303da99b9cfa4ed3a
Opcode Fuzzy Hash: 2c503902c78c1526cebe13a3bafc0a4078f7bfa0e915e9d66284d363f2f821b4
Instruction Fuzzy Hash: D11190B19012A8BADB11D7E0CC48FCEBB7C6F08348F0405A9E548B7741DB749A088BA6

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EF28E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3EF295

Part of subcall function 6C3EF39C: __EH_prolog3_GS.LIBCMT ref: 6C3EF3A6

Strings

Cause unknown: error caused by bad argument with value %1%, xrefs: 6C3EF2BB, 6C3EF2C3
Error in function , xrefs: 6C3EF2C9
Unknown function operating on type %1%, xrefs: 6C3EF2A1, 6C3EF2AC

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: Cause unknown: error caused by bad argument with value %1%$Error in function $Unknown function operating on type %1%
API String ID: 2427045233-2592140482
Opcode ID: 1d91ee1d7a20401f44cb4964c6f3cb5f3c5aa03ff5b1b243083c80afa8d516f1
Instruction ID: bd5f75c258350a65b7a94a87d0775c2d0453d031a55dc6683d96a5050d0503b0
Opcode Fuzzy Hash: 1d91ee1d7a20401f44cb4964c6f3cb5f3c5aa03ff5b1b243083c80afa8d516f1
Instruction Fuzzy Hash: 45116D36D01218EACF05DBE0D854EDEB7B89F28228F20411AD456B7A50DF309A0DCF62

Uniqueness

Uniqueness Score: -1.00%

Function 6C40C21A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C40C224

Strings

Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6C40C290
2X@l, xrefs: 6C40C2C1
Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6C40C256

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: 2X@l$Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
API String ID: 2427045233-483205406
Opcode ID: d8f63f8d0953679446ed1ddff76c5757eb263c88dd84a270e5f1074ae34d844d
Instruction ID: d4684551e5dc538b6542e153efe7b4a221efadcd664cbc00d9e1ad04f031dc76
Opcode Fuzzy Hash: d8f63f8d0953679446ed1ddff76c5757eb263c88dd84a270e5f1074ae34d844d
Instruction Fuzzy Hash: C0115E71901228AACB10EBA0C840FDD7B78AF1926CF04006AE444A7F40DB759A4DCBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6C421284 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C42128E
GetLastError.KERNEL32(00000010,00000080,6C421234,0000000F,BCryptOpenAlgorithmProvider,?,RNG,Microsoft Primitive Provider,00000000,00000044,6C421260,00000001,?,?,6C42147A,00000008), ref: 6C4212A6

Part of subcall function 6C40B184: __EH_prolog3_GS.LIBCMT ref: 6C40B18B

Part of subcall function 6C3E2E5F: __EH_prolog3.LIBCMT ref: 6C3E2E66

Strings

operation failed with error , xrefs: 6C4212CE
OS_Rng: , xrefs: 6C4212C3

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_$ErrorH_prolog3Last
String ID: operation failed with error $OS_Rng:
API String ID: 1247511005-700108173
Opcode ID: 6838abef1177f57c5aa05fad3e6a7da3eb3f07bf5f694efcbd43663c21a0b578
Instruction ID: 18796a8497ab9c29b87fd9a37d93a13c9d7fd54304e0b450679120a5e3e8f278
Opcode Fuzzy Hash: 6838abef1177f57c5aa05fad3e6a7da3eb3f07bf5f694efcbd43663c21a0b578
Instruction Fuzzy Hash: 38115171804278AADF15DBA0CD44FCEBF7C6F18208F10446AA585B7641DF754A4DCFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C3FD9F1 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3FD9F8

Strings

RIl, xrefs: 6C3FDA70
(DIl, xrefs: 6C3FDA1D
pRIl, xrefs: 6C3FDA51

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: (DIl$pRIl$RIl
API String ID: 431132790-3051331711
Opcode ID: 1b8e4abc7bf86181319dfb3d7292ec6a2aa95b533b5f2089fefd7878a8fcf376
Instruction ID: 5df6c79d93cd017b7571cfebe7130a4a6923b2bda36e8bf9270d623948620f85
Opcode Fuzzy Hash: 1b8e4abc7bf86181319dfb3d7292ec6a2aa95b533b5f2089fefd7878a8fcf376
Instruction Fuzzy Hash: AD213AB0601666EEC704CFA4C181FDCFB60BF15205F90865EC56827B50C770AA29DBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6C4305DE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C4305E5
__Mtx_unlock.LIBCPMT ref: 6C430645
__Mtx_init_in_situ.LIBCPMT ref: 6C43066B

Strings

tzNl, xrefs: 6C4305F2

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3Mtx_init_in_situMtx_unlock
String ID: tzNl
API String ID: 1360302138-3061926569
Opcode ID: 294c732f8b53769fbd7ccda844ca3c82f50c4288484a96725740b0e23802730f
Instruction ID: cbb81f6ecfc98d8bb24c35e15e3a76b1c390f1b51cec3aba0a85634cb99476da
Opcode Fuzzy Hash: 294c732f8b53769fbd7ccda844ca3c82f50c4288484a96725740b0e23802730f
Instruction Fuzzy Hash: 5901C431B4C1709BDB11DB2A8881F4D3364AB8E729F1A265DE4089BF83CF34990647C5

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F1CC1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,9634BA50,$8Il,?,00000000,6C48AB06,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044), ref: 6C3F1D1D
CloseHandle.KERNEL32(00000000,?,00000000,6C48AB06,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010), ref: 6C3F1D32
CloseHandle.KERNEL32(00000000,?,00000000,6C48AB06,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010), ref: 6C3F1D45

Part of subcall function 6C3F1F8C: PostQueuedCompletionStatus.KERNEL32(?,00000001,00000001,00000001,?,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F), ref: 6C3F1FBA
Part of subcall function 6C3F1F8C: GetLastError.KERNEL32(?,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832,?), ref: 6C3F1FC4

Part of subcall function 6C3E2ACF: WaitForMultipleObjects.KERNEL32(00000002,6C3F1CA3,00000000,000000FF,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832), ref: 6C3E2AF8
Part of subcall function 6C3E2ACF: CloseHandle.KERNEL32(0000001E,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832,?), ref: 6C3E2B01
Part of subcall function 6C3E2ACF: TerminateThread.KERNEL32(00000006,00000000,?,6C3F1CA3,?,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832,?), ref: 6C3E2B1B

Part of subcall function 6C3F2A63: CloseHandle.KERNEL32(?,00000000,00000000,6C3F1C83,00000000,00000000,00000000,?,?,?,00000000,6C3F2640,00000044,6C40527F,00000010,6C405832), ref: 6C3F2A70

Strings

$8Il, xrefs: 6C3F1CD3

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CloseHandle$CompletionCriticalDeleteErrorLastMultipleObjectsPostQueuedSectionStatusTerminateThreadWait
String ID: $8Il
API String ID: 1875059124-1104382562
Opcode ID: 67eadc5b4c2600ac9057001816eb025383bc4e441ebe67963f42f57872bcf99d
Instruction ID: a5fdda100327afa028ebb000bc665eb5acda7ecd3955ff1711c6d3ff70d1effc
Opcode Fuzzy Hash: 67eadc5b4c2600ac9057001816eb025383bc4e441ebe67963f42f57872bcf99d
Instruction Fuzzy Hash: 40117076200641DBCB21EF14D945BEAB7F5FF45618F51092AD49283EA0CB76B809CF51

Uniqueness

Uniqueness Score: -1.00%

Function 6C42B747 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C42B74E

Part of subcall function 6C42B627: __EH_prolog3_GS.LIBCMT ref: 6C42B631

Part of subcall function 6C41FE03: __EH_prolog3_GS.LIBCMT ref: 6C41FE0D

__EH_prolog3_GS.LIBCMT ref: 6C42B80F

Strings

DecodingLookupArray, xrefs: 6C42B75C
BaseN_Decoder, xrefs: 6C42B761, 6C42B778
Log2Base, xrefs: 6C42B773, 6C42B834

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: BaseN_Decoder$DecodingLookupArray$Log2Base
API String ID: 2427045233-2220300394
Opcode ID: c9e4f495d1b68d12f4a7ddcb794765da19bb4f5d9e23edf9f72cc54987eb9e60
Instruction ID: 16a7d47115ed313501268d9861ba749a81fced6aff62d5a9ffcef626cb36870b
Opcode Fuzzy Hash: c9e4f495d1b68d12f4a7ddcb794765da19bb4f5d9e23edf9f72cc54987eb9e60
Instruction Fuzzy Hash: 9401B5B2E150119BDB44CF14CC91FAA3396ABD8339F184609D85ACBF85D73DD8088B95

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EA1E6 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3EA1ED

Strings

SHA-1, xrefs: 6C3EA23B
RSA, xrefs: 6C3EA1F2
EMSA-PKCS1-v1_5, xrefs: 6C3EA215

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: EMSA-PKCS1-v1_5$RSA$SHA-1
API String ID: 431132790-2435663846
Opcode ID: c08010ae1b9c7349607bcacf8da9e70a0bcea508b32c490441318ed79ace4658
Instruction ID: 5bcc455b87159a6dc4b2a1fc8deee4cce2e7b8bf77d3326e322e9cec28097efe
Opcode Fuzzy Hash: c08010ae1b9c7349607bcacf8da9e70a0bcea508b32c490441318ed79ace4658
Instruction Fuzzy Hash: B1115E78804268BACB05E7A0CD54FCE7B7C5F2820CF508456A486B7A61EF756B4D8F62

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E8250 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3E8257

Part of subcall function 6C40C21A: __EH_prolog3_GS.LIBCMT ref: 6C40C224

Part of subcall function 6C3E34D1: __EH_prolog3.LIBCMT ref: 6C3E34D8

Part of subcall function 6C3EC046: __EH_prolog3.LIBCMT ref: 6C3EC04D

Part of subcall function 6C420F1C: __EH_prolog3_GS.LIBCMT ref: 6C420F23

Strings

InputBuffer, xrefs: 6C3E82C0
HMIl, xrefs: 6C3E82AA
(DIl, xrefs: 6C3E82B9

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: (DIl$HMIl$InputBuffer
API String ID: 4240126716-1608217456
Opcode ID: 4c79712a13af9b7006987d49e150ea9b5e1479bc90c87f00adba7af60105f6a8
Instruction ID: bddd45999083c09a272b7d6b0057f27727d9728680df5fa1d3ab1fc7935aab45
Opcode Fuzzy Hash: 4c79712a13af9b7006987d49e150ea9b5e1479bc90c87f00adba7af60105f6a8
Instruction Fuzzy Hash: 521182B1A01215AEDB11DFA4C812FEEFBB4AF58318F40454DD45567FD0CB74560ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EB78C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3EB793

Strings

SHA-1, xrefs: 6C3EB7CB
MGF1, xrefs: 6C3EB7A9
OAEP-, xrefs: 6C3EB798

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: MGF1$OAEP-$SHA-1
API String ID: 431132790-81113173
Opcode ID: 40d558a50d865d43ac405ce768d57e4e90dde64b1bb87ea2104d868b50103570
Instruction ID: 9c0377be72719e59a96758891a3f35afbf92e106ad7dedca38f198130c50b9b1
Opcode Fuzzy Hash: 40d558a50d865d43ac405ce768d57e4e90dde64b1bb87ea2104d868b50103570
Instruction Fuzzy Hash: 2B017C78800268BACB05D7A0CD50FDEBB7C5F2820CF104456A4467BA61EB756B0D8FA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C431FEE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C431FF5
QueryPerformanceCounter.KERNEL32(00000000,00000064,6C427D8E), ref: 6C432006
GetLastError.KERNEL32(0000000A), ref: 6C43201E

Strings

Timer: QueryPerformanceCounter failed with error , xrefs: 6C432036

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CounterErrorH_prolog3_LastPerformanceQuery
String ID: Timer: QueryPerformanceCounter failed with error
API String ID: 73482181-4075696077
Opcode ID: ac825f781b577e5d99586a9fb9bb31cc81c32f0b65269e5f48a9acf2014cb786
Instruction ID: 82175cee3b948da9f96c70e61ddf36d912b5699387c27f96d2f44f5cbc5ec3bf
Opcode Fuzzy Hash: ac825f781b577e5d99586a9fb9bb31cc81c32f0b65269e5f48a9acf2014cb786
Instruction Fuzzy Hash: E5013171D40318ABEF10EBE0CC49FDEB77CAF14309F504159A614AB642DB799149CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C40E9F4 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C40E9FB

Part of subcall function 6C40C21A: __EH_prolog3_GS.LIBCMT ref: 6C40C224

Part of subcall function 6C3E3524: __EH_prolog3.LIBCMT ref: 6C3E352B

Part of subcall function 6C3EC046: __EH_prolog3.LIBCMT ref: 6C3EC04D

Part of subcall function 6C420F1C: __EH_prolog3_GS.LIBCMT ref: 6C420F23

Strings

InputBuffer, xrefs: 6C40EA36
HMIl, xrefs: 6C40EA21
(DIl, xrefs: 6C40EA5B

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: (DIl$HMIl$InputBuffer
API String ID: 4240126716-1608217456
Opcode ID: 6f805a3db982bfb548caa9f525caa34afb15fedbbad2aa01975f4ce58227a73f
Instruction ID: 2ffd253fd48dd14e4562099d125cdbb91980555322edbbad7b22153d87b86cdb
Opcode Fuzzy Hash: 6f805a3db982bfb548caa9f525caa34afb15fedbbad2aa01975f4ce58227a73f
Instruction Fuzzy Hash: 2B018175901318AEDB11DFA4C842EEEFB78AF58268F00454DA49567B90CB759B088BA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E1D80 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3E1D87
std::_Lockit::_Lockit.LIBCPMT ref: 6C3E1D94
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6C3E1DD1

Part of subcall function 6C406A97: _Yarn.LIBCPMT ref: 6C406AB6
Part of subcall function 6C406A97: _Yarn.LIBCPMT ref: 6C406ADA

Strings

bad locale name, xrefs: 6C3E1DE2

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Yarnstd::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 482894088-1405518554
Opcode ID: 80d953112c5dd847b62097ce36402827db6654e4d8f29b76d1d5980b51f3d3e1
Instruction ID: b73f574de98e88b52650e5eb3850e4dbbeef2fa5370d67bb7bd42e28836bdd45
Opcode Fuzzy Hash: 80d953112c5dd847b62097ce36402827db6654e4d8f29b76d1d5980b51f3d3e1
Instruction Fuzzy Hash: FC0144719457549EC721CF6A848098AFBE07F19204750896FD48ED3F01D730E544CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 6C42E203 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C42E20A

Part of subcall function 6C3F053D: __EH_prolog3.LIBCMT ref: 6C3F0544

Part of subcall function 6C3F057F: __EH_prolog3_GS.LIBCMT ref: 6C3F0586

Part of subcall function 6C42B747: __EH_prolog3_GS.LIBCMT ref: 6C42B74E

Strings

DecodingLookupArray, xrefs: 6C42E228
Log2Base, xrefs: 6C42E240
VIl, xrefs: 6C42E25C, 6C42E263

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: DecodingLookupArray$Log2Base$VIl
API String ID: 3355343447-3285489691
Opcode ID: e41b5e62ba7ab1ff9e02727920c1a92464768c70085be91fb378f2e65f9ab14e
Instruction ID: 74889344893ba284ba5546d94bc06982e7fc49e03d05cd493ad928e85230a28e
Opcode Fuzzy Hash: e41b5e62ba7ab1ff9e02727920c1a92464768c70085be91fb378f2e65f9ab14e
Instruction Fuzzy Hash: B6016DB5D0126CAADF05CFA4C846FEEBBB4AB58314F000519D405B7B80DBB45A08CFB6

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E342A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3E3431

Part of subcall function 6C45E1AA: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,6C3E165C,00000000,6C3E2DF5,?,6C3E165C,00000008,6C4DC3E0,00000008), ref: 6C45E20A

__EH_prolog3.LIBCMT ref: 6C3E3469

Strings

PK_MessageAccumulator: TruncatedFinal() should not be called, xrefs: 6C3E346E
PK_MessageAccumulator: DigestSize() should not be called, xrefs: 6C3E3436

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3$DispatcherExceptionUser
String ID: PK_MessageAccumulator: DigestSize() should not be called$PK_MessageAccumulator: TruncatedFinal() should not be called
API String ID: 3933909293-1268710280
Opcode ID: b3bbcbcef03f3dfc76f76f7f73caa1888ddd95bc7c83b2d447243951ef0b7950
Instruction ID: 8c8643f608b9db8043619102c5ba843b1402b972e61af93e80f046ed8cf19ee8
Opcode Fuzzy Hash: b3bbcbcef03f3dfc76f76f7f73caa1888ddd95bc7c83b2d447243951ef0b7950
Instruction Fuzzy Hash: D6F01D71D1110CABDB00EBD0C954FEDB3B9AF18209F604496E211B7D90DB79AE0DCBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C4062E2 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(ntdll.dll,9634BA50,00000000,00000000,6C48B610,000000FF,?,6C3F7190), ref: 6C40630C
GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 6C406318

Strings

RtlGetVersion, xrefs: 6C406312
ntdll.dll, xrefs: 6C406307

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: RtlGetVersion$ntdll.dll
API String ID: 1646373207-1489217083
Opcode ID: 64d573094c25024f8ce80569e28a1376acc2ca1215fff5186f39288d02a37710
Instruction ID: dd589eb6d31cc910dd3a2434fb24cfceeb8a937369362b59c6c08bd058d4f653
Opcode Fuzzy Hash: 64d573094c25024f8ce80569e28a1376acc2ca1215fff5186f39288d02a37710
Instruction Fuzzy Hash: B0E09276604594BFCB10EF94CC0AF5A77BCF70A610F000A2AF912E3B40EB35A9008791

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F240F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18memoryCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3F2416
GetProcessHeap.KERNEL32(00000000,0000001E,0000000C,6C3F319A,00000044,0000000C,6C3F2720,00000044,6C40527F,00000010,6C405832,?), ref: 6C3F2420
HeapAlloc.KERNEL32(00000000), ref: 6C3F2427

Strings

))?l, xrefs: 6C3F2437

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Heap$AllocH_prolog3Process
String ID: ))?l
API String ID: 3174185902-3610789256
Opcode ID: 5aa3dabb180e0614baa04f9426b8c2c22f5597e408d16573029b61fc109e4b83
Instruction ID: f4c6f039f97d4d9bb823b892a9f05d4aaac2d4b97df65e47a7bc56247f401dd9
Opcode Fuzzy Hash: 5aa3dabb180e0614baa04f9426b8c2c22f5597e408d16573029b61fc109e4b83
Instruction Fuzzy Hash: 0CD082B1601224AAEF10EFA0880DF9C36386B6421AF400848A69886980CB22C4098A62

Uniqueness

Uniqueness Score: -1.00%

Function 6C408AED Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(KERNEL32.DLL,SetWaitableTimerEx,6C409320,00000000,?,00000000,00000000,00000000,00000000,00000020,?,1A85EC53), ref: 6C408B00
GetProcAddress.KERNEL32(00000000), ref: 6C408B07

Strings

SetWaitableTimerEx, xrefs: 6C408AF6
KERNEL32.DLL, xrefs: 6C408AFB

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: KERNEL32.DLL$SetWaitableTimerEx
API String ID: 1646373207-2877992516
Opcode ID: 8db9bfed26ecfff91ba4f63eb67641ad0c0269c4a94ae4ba222c7828486f6f90
Instruction ID: 12fab6869a7f5e0a4178e1834e1ccf10a31861114b33569b35e3c104b601ccc2
Opcode Fuzzy Hash: 8db9bfed26ecfff91ba4f63eb67641ad0c0269c4a94ae4ba222c7828486f6f90
Instruction Fuzzy Hash: BAD0C9B07011249B8F44EF7A881DF157BF8A64B6027114539B60AD2B02DB24D901CF01

Uniqueness

Uniqueness Score: -1.00%

Function 6C47B51D Relevance: 6.3, APIs: 4, Instructions: 320COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 6C47B5A7

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7bf2dfc772259a152305659183d048eb44d6cd1a624ac17f33ef4d8bd0a42ea9
Instruction ID: be4766d2c42bab18e96dc876c9a1f81dc3fa290b6e32acb45e5d23f04f43e8a8
Opcode Fuzzy Hash: 7bf2dfc772259a152305659183d048eb44d6cd1a624ac17f33ef4d8bd0a42ea9
Instruction Fuzzy Hash: 56B13871D052859FDB21CF28C880FEEBBF5EF45358F1541A9E844ABB41D6388906CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 6C44A6C8 Relevance: 6.2, APIs: 4, Instructions: 200networkCOMMON

Download Yara Rule

APIs

__WSAFDIsSet.WS2_32(000000FF,?), ref: 6C44A8B8
__WSAFDIsSet.WS2_32(000000FF,?), ref: 6C44A8F0
__WSAFDIsSet.WS2_32(000000FF,?), ref: 6C44A90E
WSASetLastError.WS2_32(00002726), ref: 6C44A962

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: af09c4b411efda71fdac451f34d1498b7b778a3edc158668b0920f3ba08ea30f
Instruction ID: 20dd83e8a82981f2001e96af090819a504a9750083cd06623c169905b9adf182
Opcode Fuzzy Hash: af09c4b411efda71fdac451f34d1498b7b778a3edc158668b0920f3ba08ea30f
Instruction Fuzzy Hash: 30715F3560A3458BF735CF198480EAAB2F9EF88715F30893DE895C2690E775C5428792

Uniqueness

Uniqueness Score: -1.00%

Function 6C4602EE Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 6C4603B5
___AdjustPointer.LIBCMT ref: 6C4603D8
___AdjustPointer.LIBCMT ref: 6C460474

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: db8ef44a9226cf6af09bc5c7bef159fcbcf337a8bd8e8357752cf57241e2e9d9
Instruction ID: d03e5f190baacb2ffc40520ceaabd3cf4015873984d8c01ab7472bcf69409935
Opcode Fuzzy Hash: db8ef44a9226cf6af09bc5c7bef159fcbcf337a8bd8e8357752cf57241e2e9d9
Instruction Fuzzy Hash: D351E4726057869FEB25CF16D880FAA73A4EF4431AF20452DDC1597F98D731E881CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6C45FAE5 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 6C45FB36
TypeidsEqual.LIBVCRUNTIME ref: 6C45FB5B
PMDtoOffset.LIBCMT ref: 6C45FB71
PMDtoOffset.LIBCMT ref: 6C45FBF2

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
Instruction ID: 5fe07260a397d9ed1c0e2cec38e6119e0d237fce58ba68ccc677e083e6761835
Opcode Fuzzy Hash: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
Instruction Fuzzy Hash: 7451CD359062098FEB06CF68C480EDEBBF5FF05399F5005A9DC50A7750D332AA15CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6C470690 Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8ea5557a13386dfa324cf61dd1a2820da5e42b6dd3871811d6631c79094b367
Instruction ID: 533465e8db8fc2b1c4145554a5f3d2b8d859e8bbe56e68851fba81aeebfc0976
Opcode Fuzzy Hash: c8ea5557a13386dfa324cf61dd1a2820da5e42b6dd3871811d6631c79094b367
Instruction Fuzzy Hash: 5941E9B5A01754AFD724DF78C841FDABBA9EB84714F10852EE005DBF80D376A5458BD0

Uniqueness

Uniqueness Score: -1.00%

Function 6C483BEA Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 6C483CBA
_free.LIBCMT ref: 6C483CE3
SetEndOfFile.KERNEL32(00000000,6C4783DA,00000000,?,?,?,?,?,?,?,?,6C4783DA,?,00000000), ref: 6C483D15
GetLastError.KERNEL32(?,?,?,?,?,?,?,6C4783DA,?,00000000), ref: 6C483D31

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: e3da0217abf27adf2543aaaaebb676b017e556db25c652bff40dab563fc1001c
Instruction ID: dd83a90b5dccb28d18882208ec4e0df1d141e9ddb09e6524d0d6cdac92239967
Opcode Fuzzy Hash: e3da0217abf27adf2543aaaaebb676b017e556db25c652bff40dab563fc1001c
Instruction Fuzzy Hash: 04410477A426009BDB11DFA98C41FCD3BB5EF45329F240519F924EBB90EB34C84947A1

Uniqueness

Uniqueness Score: -1.00%

Function 6C4825D8 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 6C46B7CE: _free.LIBCMT ref: 6C46B7DC

Part of subcall function 6C481F5F: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,6C47A6A9,0000FDE9,00000000,?,?,?,6C47A422,0000FDE9,00000000,?), ref: 6C48200B

GetLastError.KERNEL32 ref: 6C482640
__dosmaperr.LIBCMT ref: 6C482647
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6C482686
__dosmaperr.LIBCMT ref: 6C48268D

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 940c5b67d6b9746ab352fc4be7e9cac58715f8a2fe1a1c3acd89d1375da94b38
Instruction ID: 10591a76f2ab14b873cbb320107c6008ecb46a9216d9358a78677eac3a4cb91b
Opcode Fuzzy Hash: 940c5b67d6b9746ab352fc4be7e9cac58715f8a2fe1a1c3acd89d1375da94b38
Instruction Fuzzy Hash: 0021C4B1605616BF9721DF66C884D9AB7ACFF00369704461AE925A7F45EF30EC6087D0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F56E8 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

SysStringLen.OLEAUT32 ref: 6C3F571B
SysAllocStringLen.OLEAUT32(00000000), ref: 6C3F5767
SysStringLen.OLEAUT32 ref: 6C3F577C
SysFreeString.OLEAUT32 ref: 6C3F57C4

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: String$AllocFree
String ID:
API String ID: 344208780-0
Opcode ID: 0d8f5730de88aff3039b0231c6f3819392525569a696be458e7671d43b5935dd
Instruction ID: 29f31000950a545dc9af5ac026e144ff4b898dace6598161cfb32ec3f63e3145
Opcode Fuzzy Hash: 0d8f5730de88aff3039b0231c6f3819392525569a696be458e7671d43b5935dd
Instruction Fuzzy Hash: DE21E630605307CBD714DE68C84875A77A9FF44318F208E29F471D6AA4EB72D81E8F55

Uniqueness

Uniqueness Score: -1.00%

Function 6C471BD5 Relevance: 6.1, APIs: 4, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bb271aed9e7c7e92a8884ab18579bd4f98f4e55404ec86de4f470a882b3dd42
Instruction ID: 8502845a60926fffc8adc7e49dc9b980027b76cb124202a5d61f4f16c5f35b09
Opcode Fuzzy Hash: 9bb271aed9e7c7e92a8884ab18579bd4f98f4e55404ec86de4f470a882b3dd42
Instruction Fuzzy Hash: 7B21B0B1604219AF9720DFA68DA1DEA776CEF0136D7054619E92CE7A50EB30EC5087F0

Uniqueness

Uniqueness Score: -1.00%

Function 6C408E7F Relevance: 6.1, APIs: 4, Instructions: 76COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6C408E86
CloseHandle.KERNEL32(?), ref: 6C408EF1

Part of subcall function 6C409095: ResetEvent.KERNEL32(00000000,9634BA50,?,?,C15730E2,6C48AB06,000000FF,?,6C408EC4,?,C15730E2), ref: 6C4090F0

CloseHandle.KERNEL32(?), ref: 6C408F35
WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000), ref: 6C408F4D

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CloseHandle$EventH_prolog3_catch_ObjectResetSingleWait
String ID:
API String ID: 3878641272-0
Opcode ID: 7c8eb286ebaa5d614b38fac64b5e96e201536ccebdb1cefd0a682b2826376257
Instruction ID: 73a9591c3ae1a49e4ef10fd3014fa5971f2dc34184773c06b673cc7a91cabd9c
Opcode Fuzzy Hash: 7c8eb286ebaa5d614b38fac64b5e96e201536ccebdb1cefd0a682b2826376257
Instruction Fuzzy Hash: 96214F70E493189FDF10CFA5CA44E9DBBB9AF15325F20452EE428EBB81C7319945CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6C47B16C Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000006,00000000,0000000A,6C46898C,00000000,00000000,00000006,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B171
_free.LIBCMT ref: 6C47B1CE
_free.LIBCMT ref: 6C47B204
SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C47B20F

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 04e0d6163bca05d41d1b0fc217ad3a41a0def1a1e1643844a3a59b90ca8e9d54
Instruction ID: 54167d0c539ccb7ae45a1f4174160e5a275b295245762ab961bda2c2d58401b9
Opcode Fuzzy Hash: 04e0d6163bca05d41d1b0fc217ad3a41a0def1a1e1643844a3a59b90ca8e9d54
Instruction Fuzzy Hash: 3111C6727056457BDA31F9B94D84FDB227ADBC63BEB290228F12496FE4DF21C80941B0

Uniqueness

Uniqueness Score: -1.00%

Function 6C47B2C3 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(7FFFFFC4,7FFFFFC4,7FFFFFC6,6C46A39E,6C47AB40,7FFFFFC0,?,6C45D730,7FFFFFC6,7FFFFFC0,7FFFFFC0,?,?,6C3E1573,6C3E2DD3,7FFFFFC4), ref: 6C47B2C8
_free.LIBCMT ref: 6C47B325
_free.LIBCMT ref: 6C47B35B
SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6C45D730,7FFFFFC6,7FFFFFC0,7FFFFFC0,?,?,6C3E1573,6C3E2DD3,7FFFFFC4,6C3E2DD3,6C3E2DD3), ref: 6C47B366

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 0ff67059348b5a56ca3ca3e29d6d47211b8dd4fe5703e63b533331a61c082098
Instruction ID: 4a1b8c14e684ad6eb7655d3e349310cdf531385227bb9ab550a1dd9f04a5c54e
Opcode Fuzzy Hash: 0ff67059348b5a56ca3ca3e29d6d47211b8dd4fe5703e63b533331a61c082098
Instruction Fuzzy Hash: 5011A9723555006BDB31F9B94D88FDB227AABC67BEB290229F12492FE0DF21C80541B0

Uniqueness

Uniqueness Score: -1.00%

Function 6C47F27F Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00000000,?,00000000,6C47F37B,00000000,?,6C487C7A,00000000,00000000,6C47F37B,?,?,00000000,00000000,00000001), ref: 6C47F295
GetLastError.KERNEL32(?,6C487C7A,00000000,00000000,6C47F37B,?,?,00000000,00000000,00000001,00000000,00000000,?,6C47F37B,00000000,00000104), ref: 6C47F29F
__dosmaperr.LIBCMT ref: 6C47F2A6

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: e79ac5181d416ff40cb1ca63c915f6c267bbefab565c22c89d64cda188767b7b
Instruction ID: 7bc4cef1a3c9225e38d3760cbcbe76422e5ff9e7fc4d56971c7df6dba501f736
Opcode Fuzzy Hash: e79ac5181d416ff40cb1ca63c915f6c267bbefab565c22c89d64cda188767b7b
Instruction Fuzzy Hash: ECF06236601525BBAB20DFA6C808DCAFF79FF553653108515E529C7D10DB32D862C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6C47F216 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00000000,?,00000000,6C47F37B,00000000,?,6C487CEF,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 6C47F22C
GetLastError.KERNEL32(?,6C487CEF,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,6C47F37B,00000000,00000104,?), ref: 6C47F236
__dosmaperr.LIBCMT ref: 6C47F23D

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 2b91fef40f297653947e8204fee571953cd743a23ffcb74bf69e3a8c7b8af33e
Instruction ID: f9bcc54e5ccad860cf0eb55ce1e06f2a94188c679fdd4437e0566ba476bf14ca
Opcode Fuzzy Hash: 2b91fef40f297653947e8204fee571953cd743a23ffcb74bf69e3a8c7b8af33e
Instruction Fuzzy Hash: FAF0FF35605525BB9E209FA6C808C8ABF7DFF456653118515E518C7A20DB32D96287E0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F1A85 Relevance: 6.0, APIs: 4, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3F1A8C
SetEvent.KERNEL32(?,00000000), ref: 6C3F1A9E
SetEvent.KERNEL32(?), ref: 6C3F1AB7
SleepEx.KERNEL32(000000FF,00000001), ref: 6C3F1AC1

Strings

thread.entry_event, xrefs: 6C3F1A76
$8Il, xrefs: 6C3F194E, 6C3F1961, 6C3F19A0, 6C3F19B3, 6C3F1A23, 6C3F1A2D
thread.exit_event, xrefs: 6C3F19C1
thread, xrefs: 6C3F1A46

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Event$H_prolog3Sleep
String ID: $8Il$thread$thread.entry_event$thread.exit_event
API String ID: 1172963375-2471605969
Opcode ID: bb5b237e82f8870e393906b71534fd6ccc414f3213720f159491d7155c3b7ca8
Instruction ID: 733f7da8bb8dac04b516244ad885679d4f1bfa4cc6de871cc90e848c746ea919
Opcode Fuzzy Hash: bb5b237e82f8870e393906b71534fd6ccc414f3213720f159491d7155c3b7ca8
Instruction Fuzzy Hash: 36F0F835300220AFCF00EF60C89DF987B71AF5A315F0081A4AA099F291CB749844CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C42CFC7 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 316COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C42CFD1

Part of subcall function 6C42C58A: __EH_prolog3.LIBCMT ref: 6C42C591

Part of subcall function 6C42C52C: __EH_prolog3.LIBCMT ref: 6C42C533

Strings

@, xrefs: 6C42D0BF
@, xrefs: 6C42D062

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: @$@
API String ID: 431132790-149943524
Opcode ID: af4a2cb1a46d65168c189027d501912c390ca9f1456dc5150d44b855a45041b5
Instruction ID: 79630ff9d709d4d34461227577fd6f775619b8f1e6172d1ec63d4d0fd5da4e1b
Opcode Fuzzy Hash: af4a2cb1a46d65168c189027d501912c390ca9f1456dc5150d44b855a45041b5
Instruction Fuzzy Hash: 8BC13971A002199FDF04DFA8C881EEEBBB5BF48314F14455DE815A7781CB39AE05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C4499AE Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 286networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 6C449C1E
setsockopt.WS2_32(?,0000FFFF,00001001,?,00000004), ref: 6C449C3A

Strings

Failed to alloc scratch buffer!, xrefs: 6C449B2B

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Ioctlsetsockopt
String ID: Failed to alloc scratch buffer!
API String ID: 1903391676-1446904845
Opcode ID: 85626fefef2c15e92c73988f4b70795f4a86c42e2bcbf83687fb055bbbc0e5e1
Instruction ID: e58d438e9fcb870fdaf082e9cbceb778f5a1ef9f505ddc9f1f85aa76c05a771f
Opcode Fuzzy Hash: 85626fefef2c15e92c73988f4b70795f4a86c42e2bcbf83687fb055bbbc0e5e1
Instruction Fuzzy Hash: 02B1B1702097409FF710CF29C980F9777E9FF95319F28896DF8998A642D732E8059B62

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E5641 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 266COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3E564B

Part of subcall function 6C3F7471: __EH_prolog3_GS_align.LIBCMT ref: 6C3F747D

__EH_prolog3_GS_align.LIBCMT ref: 6C3E57E0

Part of subcall function 6C3E7DFC: __EH_prolog3.LIBCMT ref: 6C3E7E03

Part of subcall function 6C3E2153: __EH_prolog3.LIBCMT ref: 6C3E21C4
Part of subcall function 6C3E2153: std::locale::_Init.LIBCPMT ref: 6C3E220E

Part of subcall function 6C41F7A5: __EH_prolog3.LIBCMT ref: 6C41F7AC

Part of subcall function 6C3E3833: __EH_prolog3.LIBCMT ref: 6C3E383A

Strings

(DIl, xrefs: 6C3E599C

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3$H_prolog3_$S_align$Initstd::locale::_
String ID: (DIl
API String ID: 1548379353-1458480366
Opcode ID: 50cdc1f22c99d0cd2d3ca831506749e4cb688513aad4eb0e9f716d0ce0f3f003
Instruction ID: 9ba3a4fd9118b1f3fac3644a54163535612d1c7fc288a7a6cc90431ae6ba2f92
Opcode Fuzzy Hash: 50cdc1f22c99d0cd2d3ca831506749e4cb688513aad4eb0e9f716d0ce0f3f003
Instruction Fuzzy Hash: 16B17B71D002299FDB14DF64CC80FDDBB75AF18308F10819AE549A7791DB71AA89CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C3FED49 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 265COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3FED53

Part of subcall function 6C3F7471: __EH_prolog3_GS_align.LIBCMT ref: 6C3F747D

__EH_prolog3_GS_align.LIBCMT ref: 6C3FEEDF

Part of subcall function 6C3E7DFC: __EH_prolog3.LIBCMT ref: 6C3E7E03

Part of subcall function 6C3E2153: __EH_prolog3.LIBCMT ref: 6C3E21C4
Part of subcall function 6C3E2153: std::locale::_Init.LIBCPMT ref: 6C3E220E

Part of subcall function 6C4064DC: __EH_prolog3_GS.LIBCMT ref: 6C4064E6

Part of subcall function 6C41F7A5: __EH_prolog3.LIBCMT ref: 6C41F7AC

Part of subcall function 6C3E3833: __EH_prolog3.LIBCMT ref: 6C3E383A

Strings

(DIl, xrefs: 6C3FF0A0

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3H_prolog3_$S_align$Initstd::locale::_
String ID: (DIl
API String ID: 1891993107-1458480366
Opcode ID: 0561cbb1460523cb9e119dfff7b06cf1288806be438a1d450b32c0da57c3bed7
Instruction ID: 62859b5a6d32a6dfbc61eb584e88f5ae64a364ddd06320f84891dccb543ff7ba
Opcode Fuzzy Hash: 0561cbb1460523cb9e119dfff7b06cf1288806be438a1d450b32c0da57c3bed7
Instruction Fuzzy Hash: 63B18B71D002299FDB14CF64CC81FDDBBB5AF18308F10809AE549A7790DB71AA89CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6C43A498 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 234COMMON

Download Yara Rule

Strings

;sha256//, xrefs: 6C43A58B
sha256//, xrefs: 6C43A4CF, 6C43A5D2

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: ;sha256//$sha256//
API String ID: 0-1817496432
Opcode ID: 72b22f5d05f5eea5ab5358f13ae39442af2f524030d292152ad94b70b460501b
Instruction ID: 8d93847b2c6c8288ec762eab545f7f833650a77a313c5b8ae7b8e2f9b19de1b7
Opcode Fuzzy Hash: 72b22f5d05f5eea5ab5358f13ae39442af2f524030d292152ad94b70b460501b
Instruction Fuzzy Hash: 9761173264C3116FEB00EAA6CC88F5B77F8DFD9719F14052DF84892A42FB65D50486A2

Uniqueness

Uniqueness Score: -1.00%

Function 6C483280 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

Part of subcall function 6C482E1B: GetOEMCP.KERNEL32(00000000,6C48308C,?,00000000,r5Gl,6C473572,00000000,00000000,?), ref: 6C482E46

IsValidCodePage.KERNEL32(-00000030,00000000,?,00000000,?,r5Gl,6C4830D3,00000000,00000000,?,?,00000000,?,?,?,6C473572), ref: 6C4832DE
GetCPInfo.KERNEL32(00000000,6C4830D3,?,r5Gl,6C4830D3,00000000,00000000,?,?,00000000,?,?,?,6C473572,00000000,00000000), ref: 6C483320

Strings

r5Gl, xrefs: 6C483282

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CodeInfoPageValid
String ID: r5Gl
API String ID: 546120528-971924673
Opcode ID: 5b6320cd9a4c0d18861fbe3462dd632298a0f232e0ef6082c4d9328249c6bb10
Instruction ID: 3c26522753dc87311b491baa774c2ee5c5206f73230b00405c6e86393c991151
Opcode Fuzzy Hash: 5b6320cd9a4c0d18861fbe3462dd632298a0f232e0ef6082c4d9328249c6bb10
Instruction Fuzzy Hash: A1511270A066059FEB21CF3AC480FAABBF4EF41708F14446ED19687A51EB74E546CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6C44DA0D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 160COMMON

Download Yara Rule

Strings

select/poll on SSL/TLS socket, errno: %d, xrefs: 6C44DBD1
SSL/TLS connection timeout, xrefs: 6C44DBE3

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: SSL/TLS connection timeout$select/poll on SSL/TLS socket, errno: %d
API String ID: 0-3791222319
Opcode ID: 978ef80514239db9bdbf46430c178a3d3b151c3a13147fd792b5fb7d34dfd324
Instruction ID: 71c7c5350da75ede27f391c78f870b8a91836108a38ab291d0a9a549d558865a
Opcode Fuzzy Hash: 978ef80514239db9bdbf46430c178a3d3b151c3a13147fd792b5fb7d34dfd324
Instruction Fuzzy Hash: 3151DF71509382ABFB14CE25CC41F5BBBE4EB8671AF348A2DF89992B41D331E445C692

Uniqueness

Uniqueness Score: -1.00%

Function 6C43F6F7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C43F790
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C43F7C3

Strings

Connection time-out, xrefs: 6C43F726

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: Connection time-out
API String ID: 885266447-165637984
Opcode ID: 3f749215e536443036349f008360f993845297dc3075807b1bc9aa07038ad4e5
Instruction ID: f54c19e67fd90c9761aac71803cc1eb78afd3e4918e71a9b038f9586580d01c4
Opcode Fuzzy Hash: 3f749215e536443036349f008360f993845297dc3075807b1bc9aa07038ad4e5
Instruction Fuzzy Hash: 4F41FF70A09351AFE718CF5AC889E5B77E4EBC8714F20497EF8588B781E770D8058BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C44C166 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131COMMON

Download Yara Rule

APIs

__fprintf_l.LIBCMT ref: 6C44C208

Strings

:%d, xrefs: 6C44C1FD
Failed to send SOCKS5 connect request., xrefs: 6C44C336

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: __fprintf_l
String ID: :%d$Failed to send SOCKS5 connect request.
API String ID: 3906573944-3897769203
Opcode ID: 118bc095d804c882f10290b3bb8c4537cb3fb27e3f60420aa5507b0585ecd0cf
Instruction ID: daec9cbf33a25e220eda35f325ad83dff6fa022f3bcce036532aa65aeac69ef1
Opcode Fuzzy Hash: 118bc095d804c882f10290b3bb8c4537cb3fb27e3f60420aa5507b0585ecd0cf
Instruction Fuzzy Hash: 4341F731508340DFF709DF68C841EAABBE4FF85308F28C56DE5998B742DB65D1098762

Uniqueness

Uniqueness Score: -1.00%

Function 6C400513 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C3FE9BF: SHGetFolderPathW.SHELL32(00000000,00008023,00000000,00000000,00000000,9634BA50,00000000,00000000,00000000,?,?,?,?,0000009C,6C48D9EF,000000FF), ref: 6C3FEA04
Part of subcall function 6C3FE9BF: PathAppendW.SHLWAPI(00000000,DIBsection,?,?,?,?,0000009C,6C48D9EF,000000FF,?,6C3FFC77,9634BA50,00000000,00000000,00000000), ref: 6C3FEA1A
Part of subcall function 6C3FE9BF: PathAppendW.SHLWAPI(00000000,0000000F,?,?,?,?,0000009C,6C48D9EF,000000FF,?,6C3FFC77,9634BA50,00000000,00000000,00000000), ref: 6C3FEA23

DeleteFileW.KERNEL32(00000000,9634BA50,?,?,00000001), ref: 6C400562
SetFileAttributesW.KERNEL32(00000000,00000006,000000FF,?,?,?,?,?,00000001), ref: 6C400670

Strings

TAVFV1, xrefs: 6C4005C3

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Path$AppendFile$AttributesDeleteFolder
String ID: TAVFV1
API String ID: 641179217-1677771103
Opcode ID: d6b7ca94b69d0bc536faaf3826b2e71f997548e75003706abd8a0f5ff7a653c0
Instruction ID: ca17fddf30d35ff4a84fc4c18005044cf63eb50d3472b3daf0c3bf4d79d740a2
Opcode Fuzzy Hash: d6b7ca94b69d0bc536faaf3826b2e71f997548e75003706abd8a0f5ff7a653c0
Instruction Fuzzy Hash: DB41D271901265AEEB24DF24CC40FD9B775FF05318F0082AAE01963A80DF356A8DCFA6

Uniqueness

Uniqueness Score: -1.00%

Function 6C474D8A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe, xrefs: 6C474DCD, 6C474DD4, 6C474E0A

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe
API String ID: 0-3748090899
Opcode ID: 521cdbc97999093d8b5bae48303ec73f8a7453a75c94f7a99fba49e080e675d9
Instruction ID: 7527422bfe40e5c89c279c68f52a6cbd747a9521094488666eeb8041c8fa46e6
Opcode Fuzzy Hash: 521cdbc97999093d8b5bae48303ec73f8a7453a75c94f7a99fba49e080e675d9
Instruction Fuzzy Hash: E7418071E00214AFCB21DB9A8C84DEEBBF8EF89754F11416AE514D7B40D7708A45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C41D16D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C41D177

Strings

H;Nl, xrefs: 6C41D1E3
: Missing required parameter ', xrefs: 6C41D1F6

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: : Missing required parameter '$H;Nl
API String ID: 2427045233-10712448
Opcode ID: 9d6dac94702ba33b098a2f465334f67fa72640951a21dc0206a5f351fddee5ad
Instruction ID: 855e6dead8e4ef8a420f714c8e71d7d3254a36a3fafa4e7f4134498a1a80cf8c
Opcode Fuzzy Hash: 9d6dac94702ba33b098a2f465334f67fa72640951a21dc0206a5f351fddee5ad
Instruction Fuzzy Hash: 6341F770604354ABCF11CF60C894FEA7B76AF4530CF044559E8965BF41DB31EA48CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6C450DC6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

_strspn.LIBCMT ref: 6C450E1A
_strcspn.LIBCMT ref: 6C450EF2

Strings

0123456789abcdefABCDEF:., xrefs: 6C450E14

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _strcspn_strspn
String ID: 0123456789abcdefABCDEF:.
API String ID: 2394370008-446397347
Opcode ID: 7e205608bbee36aeaf611b4df14032b85861a7878e6f33e06c8f4fae858e5879
Instruction ID: 96620d8b4ccb911ba69b6c4bf7e1fb6ad44ecb14e73aec27fa46767f779979f5
Opcode Fuzzy Hash: 7e205608bbee36aeaf611b4df14032b85861a7878e6f33e06c8f4fae858e5879
Instruction Fuzzy Hash: D0314739A0C7D05EE731CE299880F9ABFE49F4770DFB4094EE89197E41E721941987A2

Uniqueness

Uniqueness Score: -1.00%

Function 6C483071 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 6C482E1B: GetOEMCP.KERNEL32(00000000,6C48308C,?,00000000,r5Gl,6C473572,00000000,00000000,?), ref: 6C482E46

_free.LIBCMT ref: 6C4830E9

Strings

r5Gl, xrefs: 6C483079

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: _free
String ID: r5Gl
API String ID: 269201875-971924673
Opcode ID: 9c642df7e64c70d6c942db043019aeeed75a1cf1f441f7247aeae4a20f149188
Instruction ID: 0b0f26be8bd1c954fe3a1f69cc9478b2a78784760addd902f3e8b10880504a0a
Opcode Fuzzy Hash: 9c642df7e64c70d6c942db043019aeeed75a1cf1f441f7247aeae4a20f149188
Instruction Fuzzy Hash: D331DE72905209AFCB01DFA8D880FCE77F4EF45319F15416AE8119B7A0EB32D955CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F0E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6C3F0E62
DeleteFileW.KERNEL32(00000000,000000C4,6C3E5438,00000000,?,00000000,000000FF,?,?,00000000), ref: 6C3F0E85

Strings

TAAFV1, xrefs: 6C3F0ED6

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: DeleteFileH_prolog3_catch_
String ID: TAAFV1
API String ID: 1778024026-2848894585
Opcode ID: 80e9677c5c8b1058ddc1455183e3cf93298bf10a943e6fa09c3a6ba92c7b8e48
Instruction ID: f920867fcbeb650bd8cec73c3d09416f0aa8d12f945a7b7232505a1039948087
Opcode Fuzzy Hash: 80e9677c5c8b1058ddc1455183e3cf93298bf10a943e6fa09c3a6ba92c7b8e48
Instruction Fuzzy Hash: 5231A671801215EBEB35DF14DD40FDAB7B1AF14208F104A9DE4AE23A90DB32AA4DDF61

Uniqueness

Uniqueness Score: -1.00%

Function 6C44C1B7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON

Download Yara Rule

APIs

__fprintf_l.LIBCMT ref: 6C44C208

Strings

:%d, xrefs: 6C44C1FD
Failed to send SOCKS5 connect request., xrefs: 6C44C336

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: __fprintf_l
String ID: :%d$Failed to send SOCKS5 connect request.
API String ID: 3906573944-3897769203
Opcode ID: 8c5cf09d3c3b3487bd04c5d5764d2c4c4fef9792038bf6ea30488a5a1a4572fa
Instruction ID: ab9948050477603cefb167899818978dd0cccd5dc4a0639cf8b11964fd807bb9
Opcode Fuzzy Hash: 8c5cf09d3c3b3487bd04c5d5764d2c4c4fef9792038bf6ea30488a5a1a4572fa
Instruction Fuzzy Hash: E7312231508340EFE705EFA8C881E6ABFA8FF46308F28C85DE4958B792D765D409C762

Uniqueness

Uniqueness Score: -1.00%

Function 6C46261C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

Replicator::operator[].LIBVCRUNTIME ref: 6C462688
DName::operator=.LIBVCRUNTIME ref: 6C46271D

Strings

j;NlQ;Nl, xrefs: 6C462632, 6C46265B, 6C46267B, 6C4626AE, 6C4626DB, 6C4626F0

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Name::operator=Replicator::operator[]
String ID: j;NlQ;Nl
API String ID: 3211817929-2525777580
Opcode ID: 0098044e5c66d60b5892b6acc7226e044631c341dcde07c65ae50cc3b75d3e07
Instruction ID: 3d5d5d57887ec6d41b55f3087d159a3109a35238eac6f5e790804184752f9b2b
Opcode Fuzzy Hash: 0098044e5c66d60b5892b6acc7226e044631c341dcde07c65ae50cc3b75d3e07
Instruction Fuzzy Hash: B2310571B01244AFDF21DAAAC458FAA77BAEB4631BF14041ED19287F8ACF70D845C791

Uniqueness

Uniqueness Score: -1.00%

Function 6C46304C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMONLIBRARYCODE

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 6C4630F5
DName::DName.LIBVCRUNTIME ref: 6C46311F

Strings

j;NlQ;Nl, xrefs: 6C46304F, 6C463068

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: NameName::shared_ptr
String ID: j;NlQ;Nl
API String ID: 2125921051-2525777580
Opcode ID: 522641e5eb1824592fed509570bf6c9f81bc2778d90686f8588d0a46cdf58348
Instruction ID: aacb032cadbdb40901c50dc702307cdce8d4726884b6fefa8764f247f32204e5
Opcode Fuzzy Hash: 522641e5eb1824592fed509570bf6c9f81bc2778d90686f8588d0a46cdf58348
Instruction Fuzzy Hash: 9621E471745A869BDB08EE3EC4A5FAC3BB4AB4170AF35C14DA1935BFCCD672864C8601

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F121D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6C3F1227

Strings

TAPFV1, xrefs: 6C3F12AC
File header is incorrect., xrefs: 6C3F1362

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_catch_
String ID: File header is incorrect.$TAPFV1
API String ID: 1329019490-502112909
Opcode ID: acdde0ed96b67fca784e553dd05030357292116d76910e829b06c04912e1046e
Instruction ID: 20d55a3d508cca9f0410430633fb4b18e294a16930c49757191fe902eaab968e
Opcode Fuzzy Hash: acdde0ed96b67fca784e553dd05030357292116d76910e829b06c04912e1046e
Instruction Fuzzy Hash: 363171B1800214ABDB24DB94D990FEDB7B8AF14208F5048DBD16967E50EB71EA4FCF61

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F10B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6C3F10C0
DeleteFileW.KERNEL32(00000000,00000174,6C3EFB95,?,?,?,?,?,00000022,0000000C,6C403897,00000000,?,00000000), ref: 6C3F10ED

Strings

TAPFV1, xrefs: 6C3F1149

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: DeleteFileH_prolog3_catch_
String ID: TAPFV1
API String ID: 1778024026-1097571971
Opcode ID: 1f80dbe06bcd025d40966f66d8ece9b950498d2cfe228256d9dccc42b63aa59b
Instruction ID: d87727e689626c479271ae67872fbab443bf34e9f6c7fdd93d8b116b92a51406
Opcode Fuzzy Hash: 1f80dbe06bcd025d40966f66d8ece9b950498d2cfe228256d9dccc42b63aa59b
Instruction Fuzzy Hash: 0C31D171844121AFDB58DF24D888FD9B774AF19318F90429EE01D67B81DF329A8ACF91

Uniqueness

Uniqueness Score: -1.00%

Function 6C428506 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C42850D
_memcpy_s.LIBCMT ref: 6C4285CA

Strings

CFB_Mode: invalid feedback size, xrefs: 6C42852C

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3__memcpy_s
String ID: CFB_Mode: invalid feedback size
API String ID: 1837224285-1731783136
Opcode ID: 219d0cef40fb8d9c9ed234d902c8478e911ccdbd0591d5c1d0732bc9588dfdd4
Instruction ID: af1bf2ad9eb36995f716d6152ae278feeec15f77f962d6300e9d07eed4c48441
Opcode Fuzzy Hash: 219d0cef40fb8d9c9ed234d902c8478e911ccdbd0591d5c1d0732bc9588dfdd4
Instruction Fuzzy Hash: 9021AF726002009BEB21DFA9CC41EAEB7B5AF88318F04091EE54197F14DB75E8488BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C407DC6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32(?,?,?,?,$8Il,?), ref: 6C407E73

Part of subcall function 6C45E1AA: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,6C3E165C,00000000,6C3E2DF5,?,6C3E165C,00000008,6C4DC3E0,00000008), ref: 6C45E20A

Part of subcall function 6C47129A: IsProcessorFeaturePresent.KERNEL32(00000017,6C47B228,?,6C473572,00000000,00000000,?,00000000,00000006), ref: 6C4712B6

Strings

csm, xrefs: 6C407E02
$8Il, xrefs: 6C407DDA

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Exception$DispatcherFeaturePresentProcessorRaiseUser
String ID: $8Il$csm
API String ID: 3584082860-1695330492
Opcode ID: 709a3bd8ef45e9465138950a370fcf5ef5788ffd9f0f4c3cfed8068f7c61b50e
Instruction ID: 77ffe3f6659fe200c9f92c07d80b333e7819abd8d609349f68541da2d6f7ed6d
Opcode Fuzzy Hash: 709a3bd8ef45e9465138950a370fcf5ef5788ffd9f0f4c3cfed8068f7c61b50e
Instruction Fuzzy Hash: C021A132E462189BCF24DF95D840EEDB3B4EF04719F544429D919ABB50DB30AD49CBC2

Uniqueness

Uniqueness Score: -1.00%

Function 6C405CD2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C405CD9

Part of subcall function 6C405C3E: __EH_prolog3.LIBCMT ref: 6C405C45

Part of subcall function 6C405BB7: __EH_prolog3.LIBCMT ref: 6C405BBE

Part of subcall function 6C41F7A5: __EH_prolog3.LIBCMT ref: 6C41F7AC

Part of subcall function 6C406218: __EH_prolog3_GS.LIBCMT ref: 6C40621F

Part of subcall function 6C3F057F: __EH_prolog3_GS.LIBCMT ref: 6C3F0586

Part of subcall function 6C42E282: __EH_prolog3.LIBCMT ref: 6C42E289

Strings

InsertLineBreaks, xrefs: 6C405D59
MaxLineLength, xrefs: 6C405D84

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: InsertLineBreaks$MaxLineLength
API String ID: 4240126716-2623338751
Opcode ID: 5521b30547bd40dba92ae9ea4d4b99a2955d71ec8f0d40944fe0082f50418d8f
Instruction ID: 521e222af5f36ec5c2bb57cb2e7b854cf7b39cb8e8bfcdd1aa252ee878658b10
Opcode Fuzzy Hash: 5521b30547bd40dba92ae9ea4d4b99a2955d71ec8f0d40944fe0082f50418d8f
Instruction Fuzzy Hash: AE21FCB1A05218AEE704DBA49846FFEBAB89F48318F10405DE109B77C1DBB45A098BF5

Uniqueness

Uniqueness Score: -1.00%

Function 6C4637ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6C46129E: pDNameNode::pDNameNode.LIBCMT ref: 6C4612C4

DName::DName.LIBVCRUNTIME ref: 6C4638AC
DName::operator+.LIBCMT ref: 6C4638BA

Strings

j;NlQ;Nl, xrefs: 6C4637FE, 6C46382F, 6C46386D

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Name$Name::Name::operator+NodeNode::p
String ID: j;NlQ;Nl
API String ID: 3257498322-2525777580
Opcode ID: 8bc6552ad393c9c8e2fff803d46b36c8d017c67cb765108038977e096a0923ca
Instruction ID: aef1fb0252706a9174518079e03cf292b8318f51841e8e3e5dc01dfb0e10b64c
Opcode Fuzzy Hash: 8bc6552ad393c9c8e2fff803d46b36c8d017c67cb765108038977e096a0923ca
Instruction Fuzzy Hash: 8A214AB5900249AFDF04DF96C851FEE7BB8FB05304F00815EE912A7B59EB709649CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6C45233B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 6C452362

Strings

0123456789abcdefABCDEF:., xrefs: 6C45233B
0123456789, xrefs: 6C452359, 6C452378

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: 0123456789$0123456789abcdefABCDEF:.
API String ID: 601868998-2196528912
Opcode ID: 21c5e3e49d33a1ac7485dab3b38d9080e647b0eb64405cd159378473384451cb
Instruction ID: 624eea1eff14a840969e5954ec24fd73239e010bbe3b26fbaa46837344539a01
Opcode Fuzzy Hash: 21c5e3e49d33a1ac7485dab3b38d9080e647b0eb64405cd159378473384451cb
Instruction Fuzzy Hash: EC11382220D3926AE729CD7984C4E5BBBD8EF9215AF54053FE8D5CBB01CF60C4688241

Uniqueness

Uniqueness Score: -1.00%

Function 6C466B09 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 6C466B1E
DName::operator+.LIBCMT ref: 6C466B3B

Strings

j;NlQ;Nl, xrefs: 6C466B0C, 6C466B40, 6C466B8A, 6C466B99

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: NameName::Name::operator+
String ID: j;NlQ;Nl
API String ID: 2649573449-2525777580
Opcode ID: 4822f6e6e44e2ca13c503ff6b3a8ae525371fd035f61026a4f4ed0592a1290e4
Instruction ID: 8812a3301b3781622b9045dca3fa4101eb0a47cccbbce90aef95e27e7ed68e36
Opcode Fuzzy Hash: 4822f6e6e44e2ca13c503ff6b3a8ae525371fd035f61026a4f4ed0592a1290e4
Instruction Fuzzy Hash: B1219DB1A04258AFDB04DBA9D844EED7FB9AF49708F05008DE5059BB85DB70AA48CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F0842 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

PathAppendW.SHLWAPI(00000000,?,?,?,?,?), ref: 6C3F0886

Strings

.pkey, xrefs: 6C3F08B3, 6C3F08CE
.act, xrefs: 6C3F08C5

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: AppendPath
String ID: .act$.pkey
API String ID: 3286331749-1130863088
Opcode ID: 60a826304ed35d8a7255883d3ef7c1561fa63ad80a71e20d9a647198a39cbb2a
Instruction ID: c127ddb31d93f47fefa3734c51be0a785567091a5d385e68404667c2856d9b3f
Opcode Fuzzy Hash: 60a826304ed35d8a7255883d3ef7c1561fa63ad80a71e20d9a647198a39cbb2a
Instruction Fuzzy Hash: 58112B366000046BD7189B5DCC85DBBB7A9DB95308B99896DEA1587A05FB23DC07CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6C43F0EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,00000000), ref: 6C43F14F
WSAGetLastError.WS2_32 ref: 6C43F15F

Strings

Send failure: %s, xrefs: 6C43F18A

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLastsend
String ID: Send failure: %s
API String ID: 1802528911-857917747
Opcode ID: 2020efc79521475c4f1fdcc064c28bc44da1d7aff3bce333deb1939a8e7d7cf2
Instruction ID: b709b16f654ee5046e19ddc72f35221b5ae9fb02b0a4f8612a72689fd3247b89
Opcode Fuzzy Hash: 2020efc79521475c4f1fdcc064c28bc44da1d7aff3bce333deb1939a8e7d7cf2
Instruction Fuzzy Hash: 251193715052109FE730EF29DC45FEAB3ECABCD324F04065DE99C87681DB7498548BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C462842 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 6C462857
DName::operator+.LIBCMT ref: 6C462873

Strings

j;NlQ;Nl, xrefs: 6C462845, 6C46289B, 6C4628A6, 6C4628BA

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: NameName::Name::operator+
String ID: j;NlQ;Nl
API String ID: 2649573449-2525777580
Opcode ID: 6760bdc79cb19749aba6069b829df6b91c273972905e3257ec83b5563b052126
Instruction ID: 7753663cf91db7e6af4ed84a43439221d0e0de131186cfe69a84d6a99c3c5998
Opcode Fuzzy Hash: 6760bdc79cb19749aba6069b829df6b91c273972905e3257ec83b5563b052126
Instruction Fuzzy Hash: D111E271A04208AFDF04DFA9C849FEC3BB1BB45308F054189E0069BBC6DB74EA48CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6C42B597 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C42B5A1
__EH_prolog3_GS.LIBCMT ref: 6C42B631

Strings

: missing required parameter ', xrefs: 6C42B5D4

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: : missing required parameter '
API String ID: 2427045233-3853945970
Opcode ID: 80d2acffaacc02107a6f5635eba7c25d6b357b8bfb0759e50a4fcf82e302ecb6
Instruction ID: dee82175dcea029c67578532ddf10a923e1e12bf656b7e3c056a7ed5ae8e0a27
Opcode Fuzzy Hash: 80d2acffaacc02107a6f5635eba7c25d6b357b8bfb0759e50a4fcf82e302ecb6
Instruction Fuzzy Hash: C8115175501258ABDF01DFA0CC44FDEBB68AF5921CF108545F8496BB01CB35EA498BA5

Uniqueness

Uniqueness Score: -1.00%

Function 6C43F01A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,00000000), ref: 6C43F07E
WSAGetLastError.WS2_32 ref: 6C43F08E

Strings

Recv failure: %s, xrefs: 6C43F0B7

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ErrorLastrecv
String ID: Recv failure: %s
API String ID: 2514157807-4276829032
Opcode ID: 29bb412314aa09ba5a2b5da503ae49325cfaa8ec3bf605326decf0852474b780
Instruction ID: ec8798bfe6baf0eab68ae9f584334ea62b8ae969133429ecfb6dd4152e0bea68
Opcode Fuzzy Hash: 29bb412314aa09ba5a2b5da503ae49325cfaa8ec3bf605326decf0852474b780
Instruction Fuzzy Hash: FB118E75604350ABE730EF29C845FDA77F8EBCE324F40095DEA8887681EB7564548B92

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EEFC7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6C3EF021
__floor_pentium4.LIBCMT ref: 6C3EF04B

Strings

d>l, xrefs: 6C3EEFE0

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: __floor_pentium4
String ID: d>l
API String ID: 4168288129-3412665808
Opcode ID: b4b2e4f675f4f3ed9eebd40a9e30dae91c41571e58e59b514b3ddd6141032537
Instruction ID: 140726c658ba42d68b42dab7c738c90c98022de3e496fae866edb66e806e1f63
Opcode Fuzzy Hash: b4b2e4f675f4f3ed9eebd40a9e30dae91c41571e58e59b514b3ddd6141032537
Instruction Fuzzy Hash: 08117532D04E1CD5CB07FE74A4215DAA77CBF1E394B108787D88636851EF7286828754

Uniqueness

Uniqueness Score: -1.00%

Function 6C3ED938 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3ED93F

Strings

false, xrefs: 6C3ED993
true, xrefs: 6C3ED9A6

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: false$true
API String ID: 431132790-2658103896
Opcode ID: 6c36a240f3eb70e5374833e60d5384b0aafb40982072821677e078838d7dcae3
Instruction ID: 62f07f49ad41d7b5bec74bcddfe138b9534bb113b8c9aefb82ef303f2e4a1c9f
Opcode Fuzzy Hash: 6c36a240f3eb70e5374833e60d5384b0aafb40982072821677e078838d7dcae3
Instruction Fuzzy Hash: 52118EB5905754AED711DFB4C840F9ABBF46B09204F00891BE5A98BB51EB30E508CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C3FE7FD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3FE804

Part of subcall function 6C3E8250: __EH_prolog3.LIBCMT ref: 6C3E8257

Strings

InputBuffer, xrefs: 6C3FE866
(DIl, xrefs: 6C3FE863, 6C3FE86B

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: (DIl$InputBuffer
API String ID: 431132790-1101714749
Opcode ID: 17423b6a3fa8575d335e44bf704771097b5444ab03afa9f142573bfb839cc442
Instruction ID: 7b96f44cfa77f0d00219b5e1f76197f9d182c3a01a0ceed2ac34301522501131
Opcode Fuzzy Hash: 17423b6a3fa8575d335e44bf704771097b5444ab03afa9f142573bfb839cc442
Instruction Fuzzy Hash: FF214D70E01218AFDB05CFA8C845EEEBBB4AF58314F00855AE055A77A1D7719A45CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6C43FEB9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

getsockopt.WS2_32(00004020,0000FFFF,00001001,00000000,00000004), ref: 6C43FF1C
setsockopt.WS2_32(00004020,0000FFFF,00001001,00004020,00000004), ref: 6C43FF39

Strings

@, xrefs: 6C43FEC8

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: getsockoptsetsockopt
String ID: @
API String ID: 194641219-2726393805
Opcode ID: 737ed0bb3933fede2a6fae276dc869f55fc7a7979b9d5bba84144556cd19c943
Instruction ID: 5b334085f644ca539c34278a7b6346c5227790c8201f6b334514623280e3b0c4
Opcode Fuzzy Hash: 737ed0bb3933fede2a6fae276dc869f55fc7a7979b9d5bba84144556cd19c943
Instruction Fuzzy Hash: 2B0196B1A05129BBFB10DE56CC49FDE7B7CEB0A359F1040A2FD09E6285D3709A04CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6C420F1C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C420F23

Part of subcall function 6C3E34D1: __EH_prolog3.LIBCMT ref: 6C3E34D8

Strings

InputBuffer, xrefs: 6C420F44
StringStore: missing InputBuffer argument, xrefs: 6C420F81

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3H_prolog3_
String ID: InputBuffer$StringStore: missing InputBuffer argument
API String ID: 3355343447-2380213735
Opcode ID: 39b75185a80a2f030717944b2e9b8fc34e876563f9b18e604dfe3e5a521dc23b
Instruction ID: e6e079ebba7535cd576bbfaeb1e099153fde50c249fe561e25338a368f9b96fb
Opcode Fuzzy Hash: 39b75185a80a2f030717944b2e9b8fc34e876563f9b18e604dfe3e5a521dc23b
Instruction Fuzzy Hash: A5113D70A002589FCF04DFA0C894EDDBBB8BF48304F104569E449ABB50DB70A908CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EF970 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C3EF977

Part of subcall function 6C3F053D: __EH_prolog3.LIBCMT ref: 6C3F0544

Part of subcall function 6C3F057F: __EH_prolog3_GS.LIBCMT ref: 6C3F0586

Part of subcall function 6C42B747: __EH_prolog3_GS.LIBCMT ref: 6C42B74E

Strings

DecodingLookupArray, xrefs: 6C3EF9D3
Log2Base, xrefs: 6C3EF9F0

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_$H_prolog3
String ID: DecodingLookupArray$Log2Base
API String ID: 3952504126-3088352070
Opcode ID: ee5580bd3e719240c579649a32c44c4f7ab3182ce78bd5b36d2dac7445a8aa04
Instruction ID: 855373d2f92ec061908c54ebf275b84e666173ab595f7287baf143a8b75f8d83
Opcode Fuzzy Hash: ee5580bd3e719240c579649a32c44c4f7ab3182ce78bd5b36d2dac7445a8aa04
Instruction Fuzzy Hash: 2B112EB1901249AECB00DFA9C581EEEFBB5BF58214B54415EE05897B40C7719A25CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C41F5D5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C41F5DC

Strings

FilterWithBufferedInput: invalid buffer size, xrefs: 6C41F652
WIl, xrefs: 6C41F60B

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: FilterWithBufferedInput: invalid buffer size$WIl
API String ID: 2427045233-3565543178
Opcode ID: 4b1ffd8a20f82f26e71768e25d4dd52fc0cba7ce4d4bb6d1904717234540c7b1
Instruction ID: 8d2a1711c9aabf23356188e26872ac677549ef92067e1d38dfc39b470464823e
Opcode Fuzzy Hash: 4b1ffd8a20f82f26e71768e25d4dd52fc0cba7ce4d4bb6d1904717234540c7b1
Instruction Fuzzy Hash: 291138708017588FCB20DFA4C400E99BBF0AF08324B10865EE0996BBA0D731A54ACF54

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E3833 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3E383A

Part of subcall function 6C3E8250: __EH_prolog3.LIBCMT ref: 6C3E8257

Part of subcall function 6C3E3524: __EH_prolog3.LIBCMT ref: 6C3E352B

Part of subcall function 6C3EC046: __EH_prolog3.LIBCMT ref: 6C3EC04D

Strings

InputBuffer, xrefs: 6C3E3877
(DIl, xrefs: 6C3E3870

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: (DIl$InputBuffer
API String ID: 431132790-1101714749
Opcode ID: e7c81f03a64cf6071ffba0af2865df093e08b110e9c174bce9cce3e3e477af4c
Instruction ID: 03f3c09944a75e60b600c3209b829630470e4b2011d12b263148e3589f434a39
Opcode Fuzzy Hash: e7c81f03a64cf6071ffba0af2865df093e08b110e9c174bce9cce3e3e477af4c
Instruction Fuzzy Hash: 6F015275A01219EBDB11DF94C806FEEBBB4AF58318F00444AE48567791CB759644CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C45BB92 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

__fprintf_l.LIBCMT ref: 6C45BBCE

Strings

%02x:, xrefs: 6C45BBC6
TUUU, xrefs: 6C45BBA0

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: __fprintf_l
String ID: %02x:$TUUU
API String ID: 3906573944-534085559
Opcode ID: 3602648356ca701ca84e6b1f62839557d89cbcd6ef5155c19f12fdbf13cc6206
Instruction ID: a39132472d121aa086295b2d41e7e2131b0e2f7e69b07049689ebb592694df21
Opcode Fuzzy Hash: 3602648356ca701ca84e6b1f62839557d89cbcd6ef5155c19f12fdbf13cc6206
Instruction Fuzzy Hash: F2F02722A082121BE611D96D9C80D1BFFE8EBC4164F750816F8A4E7A04D560D8410662

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E3598 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3E359F

Part of subcall function 6C3E2E5F: __EH_prolog3.LIBCMT ref: 6C3E2E66

Strings

AlgorithmParametersBase: parameter ", xrefs: 6C3E35A9
" not used, xrefs: 6C3E35C7

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: " not used$AlgorithmParametersBase: parameter "
API String ID: 431132790-612349224
Opcode ID: fa1834e0a55415c3b8dc1aeb1155861b9a562c836e7ffcb4f54c94f75f1537c9
Instruction ID: f62f557750591ee5106a4e3b292c356b2e8c99d27be36ae9b1c61dc64f506bb1
Opcode Fuzzy Hash: fa1834e0a55415c3b8dc1aeb1155861b9a562c836e7ffcb4f54c94f75f1537c9
Instruction Fuzzy Hash: 2AF0A475900278AACF05DBA0CC00FDDBB786F18318F00005AE041BBA91DBB55A4E8FA6

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EEA88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3EEA8F

Strings

9Il, xrefs: 6C3EEADF
X8Il, xrefs: 6C3EEAAD

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: 9Il$X8Il
API String ID: 431132790-635494990
Opcode ID: a267189ec91d845feca073dad67530a37d5bb14fca21582bee58200804db9cf9
Instruction ID: 18e1036d45544e5f5d6743bee83c4861c447b590787cc04e25a48e858ca6d995
Opcode Fuzzy Hash: a267189ec91d845feca073dad67530a37d5bb14fca21582bee58200804db9cf9
Instruction Fuzzy Hash: 6E01E275600728DBCB10CF55C506FAABBF0BB49328F10864EE4895BB61DB71EA46CF84

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EE7F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3EE7F7

Strings

X8Il, xrefs: 6C3EE815
9Il, xrefs: 6C3EE847

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: 9Il$X8Il
API String ID: 431132790-635494990
Opcode ID: bdfc43981925f120d04f4b8e64f2ffd096b608c4bb08cbbe58469853617c0656
Instruction ID: f4f8455a1f0f5f024217dab8f9483d40602111fd28dd47f315614f2b9069b848
Opcode Fuzzy Hash: bdfc43981925f120d04f4b8e64f2ffd096b608c4bb08cbbe58469853617c0656
Instruction Fuzzy Hash: 08010475A007289BCB10CF55C506FAABBF0BF49328F10854EE4895BB61DB71EA46CF84

Uniqueness

Uniqueness Score: -1.00%

Function 6C420105 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C42010C

Strings

OutputBuffer, xrefs: 6C420129
ArraySink: missing OutputBuffer argument, xrefs: 6C420149

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
API String ID: 2427045233-3781944848
Opcode ID: ac5be14b310e50226804d3c1319840e2a2ddc368c177ad4726adf23f15795d72
Instruction ID: 0eb23182810ee55e4d3c888b671bd706029ffb312a23cc817a309fcacbbf4cfd
Opcode Fuzzy Hash: ac5be14b310e50226804d3c1319840e2a2ddc368c177ad4726adf23f15795d72
Instruction Fuzzy Hash: 80013C719002989FCB10DFE4C844FEDBBB4AF5831AF104959A049AFA44DB79A90CCB90

Uniqueness

Uniqueness Score: -1.00%

Function 6C406BB1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6C406BBC
std::_Lockit::~_Lockit.LIBCPMT ref: 6C406BFA

Strings

2X@l, xrefs: 6C406BC1

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID: 2X@l
API String ID: 593203224-2914316872
Opcode ID: 0b77829f5ae1b902cd39cae9ffec55de2f39a7d175c6d183d509a66f3b4be8a7
Instruction ID: de83424878c3a4ab186ba3019f72a8d68c551a6ef56c044c73356d0744364357
Opcode Fuzzy Hash: 0b77829f5ae1b902cd39cae9ffec55de2f39a7d175c6d183d509a66f3b4be8a7
Instruction Fuzzy Hash: 1AF0BEB2B001149ACB40DB19C440EDD7EF5EB8A769B2645B8890BDB301E631A982C3C0

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EBF43 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON

Download Yara Rule

Strings

2X@l, xrefs: 6C3EBF7A, 6C3EBF86
string too long, xrefs: 6C3E1744

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: 2X@l$string too long
API String ID: 0-3090796701
Opcode ID: fb1fbaf51b30744bae2ec43f221f47f0700f685d153b4349c4422b1191a70155
Instruction ID: 85b5cc37da33396ac77ce022e5de590d716e33d72f597d7e134b1d281f8ec2f2
Opcode Fuzzy Hash: fb1fbaf51b30744bae2ec43f221f47f0700f685d153b4349c4422b1191a70155
Instruction Fuzzy Hash: 6CF0BE3420020AAF8B09CF5CC840CEA7777FB89318710869DF8258FA51C732E981CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6C40CFD9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C40CFE0

Strings

$iNl, xrefs: 6C40CFEB
(iNl, xrefs: 6C40D00E

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: $iNl$(iNl
API String ID: 431132790-2710375638
Opcode ID: 5df19accfc045c371fdb77ed26e4c75e0fd0c8d746d787a831343ccbf0634004
Instruction ID: cc3ef0ce683de99b004c6062761654d7c39199caa919389285198fab1652e354
Opcode Fuzzy Hash: 5df19accfc045c371fdb77ed26e4c75e0fd0c8d746d787a831343ccbf0634004
Instruction Fuzzy Hash: 22F02431742024DBCA10EB54D441F983BB1AB8E73EF16105CD1088BFC2CF35980A8685

Uniqueness

Uniqueness Score: -1.00%

Function 6C465DE9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 6C465DFB

Strings

j;NlQ;Nl, xrefs: 6C465DEC
??_C, xrefs: 6C465E07

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: NameName::
String ID: ??_C$j;NlQ;Nl
API String ID: 1333004437-4223140038
Opcode ID: 8ca1ba34ccb9855a570839ab2a395775648b44c11d1fd0a56562cf12cd571177
Instruction ID: 4afb60db2df6007469a9b65044b43a0a8e3a556cfec5c759a585feac579de3ca
Opcode Fuzzy Hash: 8ca1ba34ccb9855a570839ab2a395775648b44c11d1fd0a56562cf12cd571177
Instruction Fuzzy Hash: 62F058B1A08244AFEB11DF59D805F953BB9AB01329F468054F9084FA87D7B2D954CAD2

Uniqueness

Uniqueness Score: -1.00%

Function 6C482E1B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

GetOEMCP.KERNEL32(00000000,6C48308C,?,00000000,r5Gl,6C473572,00000000,00000000,?), ref: 6C482E46
GetACP.KERNEL32(00000000,6C48308C,?,00000000,r5Gl,6C473572,00000000,00000000,?), ref: 6C482E5D

Strings

r5Gl, xrefs: 6C482E1D

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID:
String ID: r5Gl
API String ID: 0-971924673
Opcode ID: 1735ad205ee391530ad3b6dfcb8c6fddf15111443ba874360654b66699ac7be8
Instruction ID: 15fe609bf86c78c31775f7fdf627ba8bcc2aa1b019882972693fdb65bc79c8a6
Opcode Fuzzy Hash: 1735ad205ee391530ad3b6dfcb8c6fddf15111443ba874360654b66699ac7be8
Instruction Fuzzy Hash: 77F04F30A06504DFDB60EF69C94CF697770EB06339F540346E1248AAD2CBB19585CB55

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EE500 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 6C3EE543

Strings

P8Il, xrefs: 6C3EE525
$Il, xrefs: 6C3EE53B

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: P8Il$$Il
API String ID: 4194217158-1727800565
Opcode ID: 24dad85ea4ac44a7b199ee7e5b34d0f37ca21ecd828501d73f261e219dc00922
Instruction ID: e7500a26ff9199306a7a665f3ab8421729541db3296c89c6ecf11334b7a7a771
Opcode Fuzzy Hash: 24dad85ea4ac44a7b199ee7e5b34d0f37ca21ecd828501d73f261e219dc00922
Instruction Fuzzy Hash: 56F030B29046549FC724DF14D942F85BBF8EB05724F10495E945693E90DB74A504CA80

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EF4D9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 6C3EF51C

Strings

P8Il, xrefs: 6C3EF4FE
$Il, xrefs: 6C3EF514

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: P8Il$$Il
API String ID: 4194217158-1727800565
Opcode ID: 9b69ea836d597a47044cb41780fff562b92e2f4590c961325664ddfaa70ce6e1
Instruction ID: 73bf5f20876b6ada71cab09c77f1e8639631c881307586ced9b43231f116cb0d
Opcode Fuzzy Hash: 9b69ea836d597a47044cb41780fff562b92e2f4590c961325664ddfaa70ce6e1
Instruction Fuzzy Hash: DDF030B29046549FC724DF14D942F85BBF8EB05B24F004A5E945693E90DB74A504CA50

Uniqueness

Uniqueness Score: -1.00%

Function 6C3E838B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3E8392

Strings

StringSink: OutputStringPointer not specified, xrefs: 6C3E83BB
OutputStringPointer, xrefs: 6C3E83A3

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
API String ID: 431132790-1331214609
Opcode ID: 67aadce017d9efa1af74065915072850c714af91bbcff0186f7acdb61da73a71
Instruction ID: 496b5eb43f05a1d15381de82d3152d30b440d20275b7295609a0fb7f3d82678f
Opcode Fuzzy Hash: 67aadce017d9efa1af74065915072850c714af91bbcff0186f7acdb61da73a71
Instruction Fuzzy Hash: 64F08C75A00168ABCF00DF90C850FEDB379AF5821CF50449AA215BBA90CF35FE09CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6C40953B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6C409542

Strings

boost unique_lock has no mutex, xrefs: 6C40957C
boost unique_lock owns already the mutex, xrefs: 6C409555

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3_
String ID: boost unique_lock has no mutex$boost unique_lock owns already the mutex
API String ID: 2427045233-3352860666
Opcode ID: cb7afee7496c55e79074873e51d1b28df6dbff502c77aa2791d1c83d95a063aa
Instruction ID: f42ba2bc133cec34b7e95f5ba5fe56b9947a502108507795b7f3bd77627f82d3
Opcode Fuzzy Hash: cb7afee7496c55e79074873e51d1b28df6dbff502c77aa2791d1c83d95a063aa
Instruction Fuzzy Hash: F2F05530B8225096EB10CBA0CC08FEDBA602F5070DF50482DA9592BFC0CBB6894DCB81

Uniqueness

Uniqueness Score: -1.00%

Function 6C3FC838 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3FC83F

Strings

AES, xrefs: 6C3FC844
CFB, xrefs: 6C3FC867

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: AES$CFB
API String ID: 431132790-1011567800
Opcode ID: 24792499c367fa0842b36e9be05a2c09f4b23ae7b4a10b6645c1d8851443e2fa
Instruction ID: 666310d01ec09035d8434cdf4be959b05365a69fadb007dffb2876b652547a1b
Opcode Fuzzy Hash: 24792499c367fa0842b36e9be05a2c09f4b23ae7b4a10b6645c1d8851443e2fa
Instruction Fuzzy Hash: E2F0A035900228BACB05EF90CD50EDD77785F28208F404066E04176A61DB72AF1ECFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C3EE492 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3EE499

Strings

9Il, xrefs: 6C3EE4E3
X8Il, xrefs: 6C3EE4B4

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: 9Il$X8Il
API String ID: 431132790-635494990
Opcode ID: 691bdc5a712654ba459e325d0098d3a466b733c9017741c5390f5be8f3899361
Instruction ID: 27ee1c8093f59efafbfb1fee92be744c9a091718e399297c08585c6ddc676d82
Opcode Fuzzy Hash: 691bdc5a712654ba459e325d0098d3a466b733c9017741c5390f5be8f3899361
Instruction Fuzzy Hash: 4CF014756007249BCB20CF54C102FAABBF0BB09319F00864CE0895BB61C775EA08CF85

Uniqueness

Uniqueness Score: -1.00%

Function 6C3F0098 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3F009F

Strings

AES, xrefs: 6C3F00A4
CBC, xrefs: 6C3F00C7

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: AES$CBC
API String ID: 431132790-790673706
Opcode ID: 4182b033dac9eec17e17b2ae2e8f11d8e30538f8bb0a913a94d330fce39a6a40
Instruction ID: 86110f270e74956c35e5de35643e90e95d4dc2db25f30a9f6ecad1370de90c10
Opcode Fuzzy Hash: 4182b033dac9eec17e17b2ae2e8f11d8e30538f8bb0a913a94d330fce39a6a40
Instruction Fuzzy Hash: 74F08C35900228BACB05EF90C990EDD77785F28208F404066A04176A61DB72AB1ACFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6C40B14C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6C3E1749

Strings

string too long, xrefs: 6C3E1744
2X@l, xrefs: 6C40B173, 6C40B17F

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: 2X@l$string too long
API String ID: 909987262-3090796701
Opcode ID: 8f525ac05557dc5c0f53f75356c846d9ff3cf6b71472a14cbf155389dead965d
Instruction ID: b3e89bc3784d410d3e5affafdc1aca289dfe797f4ad3b84de581e2be89dc04eb
Opcode Fuzzy Hash: 8f525ac05557dc5c0f53f75356c846d9ff3cf6b71472a14cbf155389dead965d
Instruction Fuzzy Hash: 40E0ED34210208EFDB08CF99D850DE6376AEB48754B00055DB92A4B5A1D771E954CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6C3ED29F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6C3ED2A6

Part of subcall function 6C3ECFD7: __EH_prolog3.LIBCMT ref: 6C3ECFDE

Strings

P8Il, xrefs: 6C3ED2CC
x8Il, xrefs: 6C3ED2E2

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: H_prolog3
String ID: P8Il$x8Il
API String ID: 431132790-3118173755
Opcode ID: a2be2c9d0c3a39082f4be451824b5b2e67798105cabb5fa8973e1774ec501b7d
Instruction ID: bd76646fad3fe53536a96a0a2403e9e80d79f068946fb9ddb3cebb498d3bde38
Opcode Fuzzy Hash: a2be2c9d0c3a39082f4be451824b5b2e67798105cabb5fa8973e1774ec501b7d
Instruction Fuzzy Hash: EAF0DAF1901622AFC300DF5A8582F88FFA0BF55314790512E911D9BE60C770E525CF80

Uniqueness

Uniqueness Score: -1.00%

Function 6C45D2A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 6C3F5622: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,?,8007000E,?,6C4DCD94,8007000E,?,6C3F5677,8007000E), ref: 6C3F5628
Part of subcall function 6C3F5622: GetLastError.KERNEL32(?,00000000,00000000,?,8007000E,?,6C4DCD94,8007000E,?,6C3F5677,8007000E), ref: 6C3F5632

IsDebuggerPresent.KERNEL32(?,?,?,6C3E13E1), ref: 6C45D2DA
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,6C3E13E1), ref: 6C45D2E9

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6C45D2E4

Memory Dump Source

Source File: 0000000F.00000002.2048682677.000000006C3E1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 6C3E0000, based on PE: true

Associated: 0000000F.00000002.2048663537.000000006C3E0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048752619.000000006C492000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048799662.000000006C4DF000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048824759.000000006C4E0000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048845431.000000006C4E3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048866658.000000006C4E4000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E6000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048887132.000000006C4E8000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000F.00000002.2048928389.000000006C4E9000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6c3e0000_SoundBoosterTaskHost.jbxd

Similarity

API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 3511171328-631824599
Opcode ID: 61f73b044c9be41563ab06d3c7be7992037883fdbe124e7c09e161fe994e8271
Instruction ID: 1a15cffb1316e3f1481cda93553619418befc0108b27be0701035d718c15a439
Opcode Fuzzy Hash: 61f73b044c9be41563ab06d3c7be7992037883fdbe124e7c09e161fe994e8271
Instruction Fuzzy Hash: C3E092702043618BD720EF68D204F427BF0AF05719F008D1EE4A6C2B00EB74D548CFA2

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. The Regsvr32.exe binary may also be signed by Microsoft.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Module: Module Load, Network Traffic: Network Connection Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Letasoft Sound Booster\ApoControl.dll (copy)

C:\Program Files (x86)\Letasoft Sound Booster\Filters\gain.dll (copy)

C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-1AQ6S.tmp

C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-VDV7H.tmp

C:\Program Files (x86)\Letasoft Sound Booster\Filters\limit.dll (copy)

C:\Program Files (x86)\Letasoft Sound Booster\Lang\SoundBoosterBR.dll (copy)

C:\Program Files (x86)\Letasoft Sound Booster\Lang\SoundBoosterRU.dll (copy)

C:\Program Files (x86)\Letasoft Sound Booster\Lang\TurboActivate.xml (copy)

C:\Program Files (x86)\Letasoft Sound Booster\Lang\TurboActivateBR.xml (copy)

C:\Program Files (x86)\Letasoft Sound Booster\Lang\TurboActivateRU.xml (copy)

C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-0B8RS.tmp

C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-3TFGO.tmp

C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-A00SO.tmp

C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-HCK3C.tmp

C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-Q7VFD.tmp

C:\Program Files (x86)\Letasoft Sound Booster\Logger32.dll (copy)

C:\Program Files (x86)\Letasoft Sound Booster\Logger64.dll (copy)

C:\Program Files (x86)\Letasoft Sound Booster\SBH.dll (copy)

C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll (copy)

C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll (copy)

Windows Analysis Report
SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre