Play interactive tour

Edit tour

Analysis Report JUST1F1.tar

Overview

General Information

Sample Name:	JUST1F1.tar
Analysis ID:	338154
MD5:	68bfcb37e51bc06b0f9b776ad69c9575
SHA1:	11f8c44f9c1d466def73c75149a661aa2cf71dfd
SHA256:	d23f969ae26972088e1ec2c404edfb95add9b3a67be616fedd1ee0fef7cba287
Most interesting Screenshot:

Detection

AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Yara detected AgentTesla

Yara detected AntiVM_3

.NET source code contains very large array initializations

Binary contains a suspicious time stamp

C2 URLs / IPs found in malware configuration

Found evasive API chain (trying to detect sleep duration tampering with parallel thread)

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file access)

Antivirus or Machine Learning detection for unpacked file

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses SMTP (mail sending)

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Startup

System is w10x64

unarchiver.exe (PID: 5780 cmdline: 'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\Desktop\JUST1F1.tar' MD5: 8B435F8731563566F3F49203BA277865)

7za.exe (PID: 6104 cmdline: 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg' 'C:\Users\user\Desktop\JUST1F1.tar' MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)

conhost.exe (PID: 5576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 2856 cmdline: 'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

JUST1F1.exe (PID: 6840 cmdline: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe MD5: 1B05FB33C53270DB133E7E7830CDA935)

JUST1F1.exe (PID: 6516 cmdline: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe MD5: 1B05FB33C53270DB133E7E7830CDA935)

cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "uhV8VNpzP", "URL: ": "http://RmfrFmh6Ec0Y1.com", "To: ": "", "ByHost: ": "smtp.1and1.es:587", "Password: ": "Cxvu3Va", "From: ": ""}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000005.00000002.675383386.0000000004481000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000006.00000002.989247161.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000005.00000002.674621864.0000000003481000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: JUST1F1.exe PID: 6840	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: JUST1F1.exe PID: 6840	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: JUST1F1.exe PID: 6516	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: JUST1F1.exe PID: 6516	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 4 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
6.2.JUST1F1.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: JUST1F1.exe.6516.6.memstr

Malware Configuration Extractor: Agenttesla {"Username: ": "uhV8VNpzP", "URL: ": "http://RmfrFmh6Ec0Y1.com", "To: ": "", "ByHost: ": "smtp.1and1.es:587", "Password: ": "Cxvu3Va", "From: ": ""}

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

Joe Sandbox ML: detected

Source: 6.2.JUST1F1.exe.400000.0.unpack

Avira: Label: TR/Spy.Gen8

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source:

Binary string: mscorrc.pdb source: JUST1F1.exe, 00000005.00000002.676091893.0000000005710000.00000002.00000001.sdmp, JUST1F1.exe, 00000006.00000002.989933486.0000000001500000.00000002.00000001.sdmp

Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 4x nop then jmp 0181097Fh	0_2_018102A8
Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 4x nop then jmp 0181097Eh	0_2_018102A8
Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 4x nop then jmp 0181097Eh	0_2_01810014
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	5_2_02FAD060
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	5_2_02FAD051

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: http://RmfrFmh6Ec0Y1.com

Source: global traffic

TCP traffic: 192.168.2.4:49774 -> 212.227.15.142:587

Source: Joe Sandbox View

IP Address: 212.227.15.142 212.227.15.142

Source: global traffic

TCP traffic: 192.168.2.4:49774 -> 212.227.15.142:587

Source: unknown

DNS traffic detected: queries for: smtp.1and1.es

Source: JUST1F1.exe, 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: JUST1F1.exe, 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp	String found in binary or memory: http://DynDns.comDynDNS
Source: JUST1F1.exe, 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp	String found in binary or memory: http://RmfrFmh6Ec0Y1.com
Source: JUST1F1.exe, 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp	String found in binary or memory: http://RmfrFmh6Ec0Y1.comLE
Source: JUST1F1.exe, 00000006.00000002.990692781.000000000345C000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt0
Source: JUST1F1.exe, 00000006.00000002.990692781.000000000345C000.00000004.00000001.sdmp	String found in binary or memory: http://cdp.geotrust.com/GeoTrustRSACA2018.crl0L
Source: JUST1F1.exe, 00000006.00000002.990692781.000000000345C000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: JUST1F1.exe, 00000006.00000002.990692781.000000000345C000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0B
Source: JUST1F1.exe, 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp	String found in binary or memory: http://qphjuU.com
Source: JUST1F1.exe, 00000006.00000002.990692781.000000000345C000.00000004.00000001.sdmp	String found in binary or memory: http://status.geotrust.com0=
Source: JUST1F1.exe, 00000006.00000002.990692781.000000000345C000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: JUST1F1.exe, 00000005.00000002.675383386.0000000004481000.00000004.00000001.sdmp, JUST1F1.exe, 00000006.00000002.989247161.0000000000402000.00000040.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
Source: JUST1F1.exe, 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

Source: unarchiver.exe, 00000000.00000002.677946184.0000000001400000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

.NET source code contains very large array initializations

Show sources

Source: 6.2.JUST1F1.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007b1A82A344u002d7631u002d4D01u002dB6C2u002d4D7CCC0A813Cu007d/u0032382CB16u002d27B1u002d493Au002dA31Cu002d9967CBD8A2C7.cs

Large array initialization: .cctor: array initializer size 11927

Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 0_2_018102A8	0_2_018102A8
Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 0_2_01810299	0_2_01810299
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_013228A4	5_2_013228A4
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_01336484	5_2_01336484
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_02FA1074	5_2_02FA1074
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_02FAA608	5_2_02FAA608
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_02FA5BF2	5_2_02FA5BF2
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_02FA17B0	5_2_02FA17B0
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_02FA17A0	5_2_02FA17A0
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_02FA1478	5_2_02FA1478
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_02FA1468	5_2_02FA1468
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_02FA4C50	5_2_02FA4C50
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_02FA844B	5_2_02FA844B
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_02FA4C40	5_2_02FA4C40
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_015D1D00	6_2_015D1D00
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_0543E138	6_2_0543E138
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_0543D9E0	6_2_0543D9E0
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_0543B7A0	6_2_0543B7A0
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_05438C40	6_2_05438C40
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_05430A98	6_2_05430A98
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_05438BE0	6_2_05438BE0
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_05DDE9C8	6_2_05DDE9C8
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_05DD91B0	6_2_05DD91B0
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_05DDCDA4	6_2_05DDCDA4
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_05DDE570	6_2_05DDE570
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_05DD3F11	6_2_05DD3F11
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_05DD5A10	6_2_05DD5A10

Source: JUST1F1.tar

Binary or memory string: OriginalFilenameUIPermissionClipboard.exe* vs JUST1F1.tar

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

Section loaded: security.dll

Jump to behavior

Source: 6.2.JUST1F1.exe.400000.0.unpack, A/b2.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 6.2.JUST1F1.exe.400000.0.unpack, A/b2.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winTAR@11/4@1/1

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\JUST1F1.exe.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5576:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:864:120:WilError_01

Source: C:\Windows\SysWOW64\unarchiver.exe

File created: C:\Users\user\AppData\Local\Temp\4uifd5lh.jpu

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\SysWOW64\unarchiver.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\unarchiver.exe 'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\Desktop\JUST1F1.tar'
Source: unknown	Process created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg' 'C:\Users\user\Desktop\JUST1F1.tar'
Source: unknown	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe 'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe'
Source: unknown	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg' 'C:\Users\user\Desktop\JUST1F1.tar'	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process created: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source:

Binary string: mscorrc.pdb source: JUST1F1.exe, 00000005.00000002.676091893.0000000005710000.00000002.00000001.sdmp, JUST1F1.exe, 00000006.00000002.989933486.0000000001500000.00000002.00000001.sdmp

Data Obfuscation:

Binary contains a suspicious time stamp

Show sources

Source: initial sample

Static PE information: 0xC023C5A7 [Wed Feb 24 20:03:51 2072 UTC]

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_0133840C push ecx; ret	5_2_01338439
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_02FA9E64 push 02FAh; iretd	5_2_02FA9E68
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_0543BB38 pushfd ; ret	6_2_0543BB39
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 6_2_0543CCF8 push esp; iretd	6_2_0543CCFD

Source: initial sample

Static PE information: section name: .text entropy: 7.38023666029

Source: C:\Windows\SysWOW64\7za.exe

File created: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Yara detected AntiVM_3

Show sources

Source: Yara match	File source: 00000005.00000002.674621864.0000000003481000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: JUST1F1.exe PID: 6840, type: MEMORY

Found evasive API chain (trying to detect sleep duration tampering with parallel thread)

Show sources

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

Function Chain: memAlloc,systemQueried,systemQueried,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,threadDelayed,threadDelayed,threadDelayed,threadDelayed,systemQueried,threadDelayed,threadDelayed,threadDelayed,systemQueried,memAlloc,threadDelayed,threadDelayed,threadDelayed,systemQueried,threadDelayed

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Show sources

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: JUST1F1.exe, 00000005.00000002.674621864.0000000003481000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL
Source: JUST1F1.exe, 00000005.00000002.674621864.0000000003481000.00000004.00000001.sdmp	Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME

Source: C:\Windows\SysWOW64\unarchiver.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

Window / User API: threadDelayed 877

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe TID: 5704	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe TID: 6364	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe TID: 6824	Thread sleep time: -50650s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe TID: 6388	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe TID: 7000	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe TID: 7000	Thread sleep count: 877 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe TID: 7000	Thread sleep time: -26310000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe TID: 7000	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe TID: 7000	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\unarchiver.exe

Code function: 0_2_013DB042 GetSystemInfo,

0_2_013DB042

Source: JUST1F1.exe, 00000006.00000002.989813861.0000000001248000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllSUY6
Source: JUST1F1.exe, 00000005.00000002.674621864.0000000003481000.00000004.00000001.sdmp	Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: JUST1F1.exe, 00000006.00000002.992224555.0000000005640000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: JUST1F1.exe, 00000005.00000002.674621864.0000000003481000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: JUST1F1.exe, 00000006.00000002.992224555.0000000005640000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: JUST1F1.exe, 00000006.00000002.992224555.0000000005640000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: JUST1F1.exe, 00000005.00000002.674621864.0000000003481000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: JUST1F1.exe, 00000006.00000002.989795749.0000000001225000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW"
Source: JUST1F1.exe, 00000005.00000002.674029983.000000000140B000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: JUST1F1.exe, 00000005.00000002.674621864.0000000003481000.00000004.00000001.sdmp	Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
Source: JUST1F1.exe, 00000006.00000002.992224555.0000000005640000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

Code function: 6_2_0543BD08 LdrInitializeThunk,

6_2_0543BD08

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

Memory written: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg' 'C:\Users\user\Desktop\JUST1F1.tar'	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Process created: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Jump to behavior

Source: JUST1F1.exe, 00000006.00000002.990020762.0000000001990000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: JUST1F1.exe, 00000006.00000002.990020762.0000000001990000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: JUST1F1.exe, 00000006.00000002.990020762.0000000001990000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: JUST1F1.exe, 00000006.00000002.990020762.0000000001990000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.675383386.0000000004481000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.989247161.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: JUST1F1.exe PID: 6840, type: MEMORY
Source: Yara match	File source: Process Memory Space: JUST1F1.exe PID: 6516, type: MEMORY
Source: Yara match	File source: 6.2.JUST1F1.exe.400000.0.unpack, type: UNPACKEDPE

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\			Jump to behavior

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior

Source: Yara match	File source: 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: JUST1F1.exe PID: 6516, type: MEMORY

Remote Access Functionality:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.675383386.0000000004481000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.989247161.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: JUST1F1.exe PID: 6840, type: MEMORY
Source: Yara match	File source: Process Memory Space: JUST1F1.exe PID: 6516, type: MEMORY
Source: Yara match	File source: 6.2.JUST1F1.exe.400000.0.unpack, type: UNPACKEDPE

Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_03020A8E listen,	5_2_03020A8E
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_03020E9E bind,	5_2_03020E9E
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_03020A50 CreateMutexW,listen,	5_2_03020A50
Source: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	Code function: 5_2_03020E6B bind,	5_2_03020E6B

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation211	DLL Side-Loading1	DLL Side-Loading1	Disable or Modify Tools11	OS Credential Dumping2	System Information Discovery115	Remote Services	Archive Collected Data11	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API1	Boot or Logon Initialization Scripts	Process Injection112	Deobfuscate/Decode Files or Information1	Input Capture1	Query Registry1	Remote Desktop Protocol	Data from Local System2	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information3	Credentials in Registry1	Security Software Discovery211	SMB/Windows Admin Shares	Email Collection1	Automated Exfiltration	Non-Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Software Packing2	NTDS	Virtualization/Sandbox Evasion13	Distributed Component Object Model	Input Capture1	Scheduled Transfer	Application Layer Protocol111	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Timestomp1	LSA Secrets	Process Discovery2	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	DLL Side-Loading1	Cached Domain Credentials	Application Window Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Masquerading1	DCSync	Remote System Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Virtualization/Sandbox Evasion13	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Process Injection112	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe	100%	Joe Sandbox ML

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
6.2.JUST1F1.exe.400000.0.unpack	100%	Avira	TR/Spy.Gen8		Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://127.0.0.1:HTTP/1.1	0%	Avira URL Cloud	safe
http://DynDns.comDynDNS	0%	URL Reputation	safe
http://DynDns.comDynDNS	0%	URL Reputation	safe
http://DynDns.comDynDNS	0%	URL Reputation	safe
http://DynDns.comDynDNS	0%	URL Reputation	safe
http://qphjuU.com	0%	Avira URL Cloud	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	URL Reputation	safe
http://RmfrFmh6Ec0Y1.com	0%	Avira URL Cloud	safe
http://RmfrFmh6Ec0Y1.comLE	0%	Avira URL Cloud	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
smtp.1and1.es	212.227.15.142	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://RmfrFmh6Ec0Y1.com	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:HTTP/1.1	JUST1F1.exe, 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://DynDns.comDynDNS	JUST1F1.exe, 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://qphjuU.com	JUST1F1.exe, 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	JUST1F1.exe, 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://RmfrFmh6Ec0Y1.comLE	JUST1F1.exe, 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	JUST1F1.exe, 00000005.00000002.675383386.0000000004481000.00000004.00000001.sdmp, JUST1F1.exe, 00000006.00000002.989247161.0000000000402000.00000040.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
212.227.15.142	unknown	Germany		8560	ONEANDONE-ASBrauerstrasse48DE	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	338154
Start date:	11.01.2021
Start time:	18:19:09
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	JUST1F1.tar
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winTAR@11/4@1/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 0.1% (good quality ratio 0%) Quality average: 0% Quality standard deviation: 0%
HCA Information:	Successful, ratio: 100% Number of executed functions: 321 Number of non-executed functions: 1
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .tar
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 40.88.32.150, 104.43.139.144, 51.104.139.180, 92.122.213.247, 92.122.213.194, 52.155.217.156, 20.54.26.129, 67.27.157.126, 67.26.83.254, 67.26.73.254, 8.248.117.254, 8.248.115.254 Excluded domains from analysis (whitelisted): displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, arc.msn.com.nsatc.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, ris.api.iris.microsoft.com, skypedataprdcoleus15.cloudapp.net, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, auto.au.download.windowsupdate.com.c.footprint.net, au-bg-shim.trafficmanager.net Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
18:20:07	API Interceptor	1234x Sleep call for process: JUST1F1.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
212.227.15.142	Fizetesi felszolitas.tar	Get hash	malicious	Browse
	Orden de pago BBVA.exe	Get hash	malicious	Browse
	PAP001.exe	Get hash	malicious	Browse
	Paketdetails.exe	Get hash	malicious	Browse
	PAG0.exe	Get hash	malicious	Browse
	b6Sq4e2cn7.exe	Get hash	malicious	Browse
	h41lD1yljY.exe	Get hash	malicious	Browse
	CHBhXBQny7.exe	Get hash	malicious	Browse
	V796UGDxjs.exe	Get hash	malicious	Browse
	http://www.mediafire.com/file/f28ppsxzjuy1xsb/UPSRO+2809203321.7z/file	Get hash	malicious	Browse
	https://www.mediafire.com/file/que9zdctac0t9w8/Cerere_de_achizitie.7z/file	Get hash	malicious	Browse
	Eyl#U00fcl Al#U0131m#U0131.exe	Get hash	malicious	Browse
	Urun Detaylari.exe	Get hash	malicious	Browse
	Olaganustu odeme.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
smtp.1and1.es	Fizetesi felszolitas.exe	Get hash	malicious	Browse	212.227.15.158
	Fizetesi felszolitas.tar	Get hash	malicious	Browse	212.227.15.142
	Orden de pago BBVA.exe	Get hash	malicious	Browse	212.227.15.142
	P0.exe	Get hash	malicious	Browse	212.227.15.158
	RtjTx7D1TN.exe	Get hash	malicious	Browse	212.227.15.158
	Odeme talimati.exe	Get hash	malicious	Browse	212.227.15.158
	PAP001.exe	Get hash	malicious	Browse	212.227.15.142
	Paketdetails.exe	Get hash	malicious	Browse	212.227.15.142
	71220 33922.tar	Get hash	malicious	Browse	212.227.15.158
	71220 33922.exe	Get hash	malicious	Browse	212.227.15.158
	71220 33922.exe	Get hash	malicious	Browse	212.227.15.158
	PAG0.exe	Get hash	malicious	Browse	212.227.15.142
	bTe4j4LGwM.exe	Get hash	malicious	Browse	212.227.15.158
	25BWkjzJzs.exe	Get hash	malicious	Browse	212.227.15.142
	b6Sq4e2cn7.exe	Get hash	malicious	Browse	212.227.15.142
	TRANS11.exe	Get hash	malicious	Browse	212.227.15.158
	h41lD1yljY.exe	Get hash	malicious	Browse	212.227.15.142
	tHI1XuJZbs.exe	Get hash	malicious	Browse	212.227.15.158
	CHBhXBQny7.exe	Get hash	malicious	Browse	212.227.15.142
	ERteds4p1u.exe	Get hash	malicious	Browse	212.227.15.158

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ONEANDONE-ASBrauerstrasse48DE	Fizetesi felszolitas.exe	Get hash	malicious	Browse	212.227.15.158
	Fizetesi felszolitas.tar	Get hash	malicious	Browse	212.227.15.142
	Orden de pago BBVA.exe	Get hash	malicious	Browse	212.227.15.142
	details.html	Get hash	malicious	Browse	195.20.250.196
	Scan_23748991000.exe	Get hash	malicious	Browse	74.208.5.15
	rtgs_pdf.exe	Get hash	malicious	Browse	217.160.0.163
	details.html	Get hash	malicious	Browse	195.20.250.196
	Nuevo pedido.exe	Get hash	malicious	Browse	217.160.0.168
	https://veringer.com/wp-includes/wwii11/GXQb6HLGz4AV965RfN9795cyETWfmdzBUarzFg4YkqaJnfdTD/	Get hash	malicious	Browse	217.76.132.244
	r8a97.exe	Get hash	malicious	Browse	82.165.152.127
	Nuevo pedido.exe	Get hash	malicious	Browse	217.160.0.168
	KI2011-2982..exe	Get hash	malicious	Browse	74.208.5.15
	Documentation__EG382U8V.doc	Get hash	malicious	Browse	217.160.0.215
	Documentation__EG382U8V.doc	Get hash	malicious	Browse	217.160.0.215
	Documentation__EG382U8V.doc	Get hash	malicious	Browse	217.160.0.215
	https://j.mp/3rJBANn	Get hash	malicious	Browse	74.208.236.92
	http://murari.es/wp-content/h	Get hash	malicious	Browse	217.76.142.236
	rib.exe	Get hash	malicious	Browse	74.208.236.219
	xLH4kwOjXR.exe	Get hash	malicious	Browse	82.165.103.72
	order FTH2004-005.exe	Get hash	malicious	Browse	217.160.0.163

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\JUST1F1.exe.log Download File
Process:	C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	916
Entropy (8bit):	5.282390836641403
Encrypted:	false
SSDEEP:	24:MLF20NaL3z2p29hJ5g522rW2xAi3AP26K95rKoO2+g2+:MwLLD2Y9h3go2rxxAcAO6ox+g2+
MD5:	5AD8E7ABEADADAC4CE06FF693476581A
SHA1:	81E42A97BBE3D7DE8B1E8B54C2B03C48594D761E
SHA-256:	BAA1A28262BA27D51C3A1FA7FB0811AD1128297ABB2EDCCC785DC52667D2A6FD
SHA-512:	7793E78E84AD36CE65B5B1C015364E340FB9110FAF199BC0234108CE9BCB1AEDACBD25C6A012AC99740E08BEA5E5C373A88E553E47016304D8AE6AEEAB58EBFF
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\de460308a9099237864d2ec2328fc958\System.Configuration.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\527c933194f3a99a816d83c619a3e1d3\System.Xml.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log Download File
Process:	C:\Windows\SysWOW64\unarchiver.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	388
Entropy (8bit):	5.2529463157768355
Encrypted:	false
SSDEEP:	12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk7v:MLF20NaL329hJ5g522r0
MD5:	FF3B761A021930205BEC9D7664AE9258
SHA1:	1039D595C6333358D5F7EE5619FE6794E6F5FDB1
SHA-256:	A3517BC4B1E6470905F9A38466318B302186496E8706F1976F1ED76F3E87AF0F
SHA-512:	1E77D09CF965575EF9800B1EE8947A02D98F88DBFA267300330860757A0C7350AF857A2CB7001C49AFF1F5BD1E0AE6E90F643B27054522CADC730DD14BC3DE11
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Local\Temp\4uifd5lh.jpu\unarchiver.log Download File
Process:	C:\Windows\SysWOW64\unarchiver.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1560
Entropy (8bit):	5.059587217820517
Encrypted:	false
SSDEEP:	48:LNlxgGcGbcGcGpqG37GcGpvmGbmGqmG0G7GrG7GcGBGcGrGPghW:LNlE5Qap
MD5:	824CDF1B4684C4CF1BEC917679BAF98A
SHA1:	D184864005E8304628B5949F990A1F3DD5AA369F
SHA-256:	4481B92210DAE130EE619D13A22481114F0068197A59FE1C3D1846ED6935CA69
SHA-512:	4EC38C0F96032E36712777FF4AC161BFF7492FA5B02109436EBF845FED48F5D1BBFEB32C1B1260DD3B76144CC5218CADDE7AD37946AD43EFB381594CE4851DC6
Malicious:	false
Reputation:	low
Preview:	01/11/2021 6:19 PM: Unpack: C:\Users\user\Desktop\JUST1F1.tar..01/11/2021 6:19 PM: Tmp dir: C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg..01/11/2021 6:19 PM: Received from standard out: ..01/11/2021 6:19 PM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..01/11/2021 6:19 PM: Received from standard out: ..01/11/2021 6:19 PM: Received from standard out: Scanning the drive for archives:..01/11/2021 6:19 PM: Received from standard out: 1 file, 911872 bytes (891 KiB)..01/11/2021 6:19 PM: Received from standard out: ..01/11/2021 6:19 PM: Received from standard out: Extracting archive: C:\Users\user\Desktop\JUST1F1.tar..01/11/2021 6:19 PM: Received from standard out: --..01/11/2021 6:19 PM: Received from standard out: Path = C:\Users\user\Desktop\JUST1F1.tar..01/11/2021 6:19 PM: Received from standard out: Type = tar..01/11/2021 6:19 PM: Received from standard out: Physical Size = 911872..01/11/2021 6:19 PM: Received from standard out: He

C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe Download File
Process:	C:\Windows\SysWOW64\7za.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	910336
Entropy (8bit):	7.409563180880888
Encrypted:	false
SSDEEP:	12288:dG9cmhhfemqz0BNY+bbYYa40blz56HRkVHsxiqqcCoPN/NOAJcEAKImNdY:w9cUQSml9SRkOxi7cCmXcExNO
MD5:	1B05FB33C53270DB133E7E7830CDA935
SHA1:	87DA85A3BA7369E684C4120F2329F09BB86CDAC2
SHA-256:	4339850F60524D4FC4E157D7CDF156400DB803219CAC6D9768CED6BE90925089
SHA-512:	CD25D29E9D27F627E28C75260D0834331D24B63DF70AC8CF48455B25D164D111FB7590CCE5D1ECEE334C65EDE80159F5077A433E59867D368D85C199CD1D554D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....#...............P..F...........e... ........@.. .......................@............@..................................e..O.......p.................... ......de............................................... ............... ..H............text....E... ...F.................. ..`.rsrc...p............H..............@..@.reloc....... ......................@..B.................e......H........W...............q...............................................0............(....(..........(.....o .........................(!......("......(#......($......(%....N..(....o....(&....&..('.....s(........s)........s........s+........s,............0...........~....o-....+...0...........~....o.....+...0...........~....o/....+...0...........~....o0....+...0...........~....o1....+..&..(2.......0..<........~.....(3.....,!r...p.....(4...o5...s6............~.....

Static File Info

General
File type:	tar archive
Entropy (8bit):	7.403765894301429
TrID:
File name:	JUST1F1.tar
File size:	911872
MD5:	68bfcb37e51bc06b0f9b776ad69c9575
SHA1:	11f8c44f9c1d466def73c75149a661aa2cf71dfd
SHA256:	d23f969ae26972088e1ec2c404edfb95add9b3a67be616fedd1ee0fef7cba287
SHA512:	56f42eff4ccbf2ff98115b4f550330c869f60c29b3a875b77d46b839b210ec5d458b8872c908a1fc2497ccffa646f31c2f62ae193f8e64b34e4c98be479bc6dc
SSDEEP:	12288:hG9cmhhfemqz0BNY+bbYYa40blz56HRkVHsxiqqcCoPN/NOAJcEAKImNdY:E9cUQSml9SRkOxi7cCmXcExNO
File Content Preview:	JUST1F1.exe.........................................................................................0000755.0000000.0000000.00003362000.13776772021.0006350.0..................................................................................................

File Icon


Icon Hash:	00828e8e8686b000

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2021 18:21:41.031100988 CET	49774	587	192.168.2.4	212.227.15.142
Jan 11, 2021 18:21:41.077652931 CET	587	49774	212.227.15.142	192.168.2.4
Jan 11, 2021 18:21:41.077934980 CET	49774	587	192.168.2.4	212.227.15.142
Jan 11, 2021 18:21:41.126873970 CET	587	49774	212.227.15.142	192.168.2.4
Jan 11, 2021 18:21:41.127340078 CET	49774	587	192.168.2.4	212.227.15.142
Jan 11, 2021 18:21:41.173743963 CET	587	49774	212.227.15.142	192.168.2.4
Jan 11, 2021 18:21:41.173787117 CET	587	49774	212.227.15.142	192.168.2.4
Jan 11, 2021 18:21:41.174185991 CET	49774	587	192.168.2.4	212.227.15.142
Jan 11, 2021 18:21:41.221072912 CET	587	49774	212.227.15.142	192.168.2.4
Jan 11, 2021 18:21:41.273782015 CET	49774	587	192.168.2.4	212.227.15.142
Jan 11, 2021 18:21:41.283530951 CET	49774	587	192.168.2.4	212.227.15.142
Jan 11, 2021 18:21:41.332076073 CET	587	49774	212.227.15.142	192.168.2.4
Jan 11, 2021 18:21:41.332127094 CET	587	49774	212.227.15.142	192.168.2.4
Jan 11, 2021 18:21:41.332159996 CET	587	49774	212.227.15.142	192.168.2.4
Jan 11, 2021 18:21:41.332247019 CET	49774	587	192.168.2.4	212.227.15.142
Jan 11, 2021 18:21:41.336798906 CET	49774	587	192.168.2.4	212.227.15.142
Jan 11, 2021 18:21:41.338429928 CET	49774	587	192.168.2.4	212.227.15.142
Jan 11, 2021 18:21:41.383433104 CET	587	49774	212.227.15.142	192.168.2.4
Jan 11, 2021 18:21:41.383656979 CET	49774	587	192.168.2.4	212.227.15.142
Jan 11, 2021 18:21:41.384968042 CET	587	49774	212.227.15.142	192.168.2.4
Jan 11, 2021 18:21:41.385193110 CET	49774	587	192.168.2.4	212.227.15.142

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2021 18:19:53.576391935 CET	49910	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:19:53.624532938 CET	53	49910	8.8.8.8	192.168.2.4
Jan 11, 2021 18:19:54.360508919 CET	55854	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:19:54.408507109 CET	53	55854	8.8.8.8	192.168.2.4
Jan 11, 2021 18:19:55.196389914 CET	64549	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:19:55.244462013 CET	53	64549	8.8.8.8	192.168.2.4
Jan 11, 2021 18:19:56.216443062 CET	63153	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:19:56.264246941 CET	53	63153	8.8.8.8	192.168.2.4
Jan 11, 2021 18:19:57.198611021 CET	52991	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:19:57.246454000 CET	53	52991	8.8.8.8	192.168.2.4
Jan 11, 2021 18:19:58.011183023 CET	53700	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:19:58.067666054 CET	53	53700	8.8.8.8	192.168.2.4
Jan 11, 2021 18:19:58.818234921 CET	51726	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:19:58.874752045 CET	53	51726	8.8.8.8	192.168.2.4
Jan 11, 2021 18:19:59.698775053 CET	56794	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:19:59.746836901 CET	53	56794	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:00.689452887 CET	56534	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:00.737524986 CET	53	56534	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:01.667010069 CET	56627	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:01.718202114 CET	53	56627	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:02.429788113 CET	56621	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:02.480901957 CET	53	56621	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:03.408637047 CET	63116	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:03.457479000 CET	53	63116	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:18.306932926 CET	64078	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:18.357745886 CET	53	64078	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:21.521223068 CET	64801	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:21.596088886 CET	53	64801	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:35.791552067 CET	61721	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:35.868052006 CET	53	61721	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:36.415021896 CET	51255	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:36.465821981 CET	53	51255	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:37.034991980 CET	61522	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:37.096507072 CET	53	61522	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:37.500098944 CET	52337	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:37.628593922 CET	53	52337	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:37.673626900 CET	55046	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:37.745455980 CET	53	55046	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:38.076317072 CET	49612	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:38.132837057 CET	53	49612	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:38.651369095 CET	49285	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:38.707897902 CET	53	49285	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:39.245394945 CET	50601	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:39.296252012 CET	53	50601	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:40.020983934 CET	60875	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:40.080224991 CET	53	60875	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:40.840991974 CET	56448	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:40.889153004 CET	53	56448	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:41.338118076 CET	59172	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:41.397372961 CET	53	59172	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:43.018860102 CET	62420	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:43.066968918 CET	53	62420	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:53.537053108 CET	60579	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:53.585367918 CET	53	60579	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:53.592798948 CET	50183	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:53.649717093 CET	53	50183	8.8.8.8	192.168.2.4
Jan 11, 2021 18:20:56.472029924 CET	61531	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:20:56.532886982 CET	53	61531	8.8.8.8	192.168.2.4
Jan 11, 2021 18:21:27.536237001 CET	49228	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:21:27.587044954 CET	53	49228	8.8.8.8	192.168.2.4
Jan 11, 2021 18:21:29.377300024 CET	59794	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:21:29.441731930 CET	53	59794	8.8.8.8	192.168.2.4
Jan 11, 2021 18:21:40.953511953 CET	55916	53	192.168.2.4	8.8.8.8
Jan 11, 2021 18:21:41.011940956 CET	53	55916	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 11, 2021 18:21:40.953511953 CET	192.168.2.4	8.8.8.8	0x2d38	Standard query (0)	smtp.1and1.es	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 11, 2021 18:21:41.011940956 CET	8.8.8.8	192.168.2.4	0x2d38	No error (0)	smtp.1and1.es		212.227.15.142	A (IP address)	IN (0x0001)
Jan 11, 2021 18:21:41.011940956 CET	8.8.8.8	192.168.2.4	0x2d38	No error (0)	smtp.1and1.es		212.227.15.158	A (IP address)	IN (0x0001)

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Jan 11, 2021 18:21:41.126873970 CET	587	49774	212.227.15.142	192.168.2.4	220 kundenserver.de (mreue011) Nemesis ESMTP Service ready
Jan 11, 2021 18:21:41.127340078 CET	49774	587	192.168.2.4	212.227.15.142	EHLO 910646
Jan 11, 2021 18:21:41.173787117 CET	587	49774	212.227.15.142	192.168.2.4	250-kundenserver.de Hello 910646 [84.17.52.74] 250-8BITMIME 250-AUTH LOGIN PLAIN 250-SIZE 140000000 250 STARTTLS
Jan 11, 2021 18:21:41.174185991 CET	49774	587	192.168.2.4	212.227.15.142	STARTTLS
Jan 11, 2021 18:21:41.221072912 CET	587	49774	212.227.15.142	192.168.2.4	220 OK

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: unarchiver.exe PID: 5780 Parent PID: 5952

General

Start time:	18:19:57
Start date:	11/01/2021
Path:	C:\Windows\SysWOW64\unarchiver.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\Desktop\JUST1F1.tar'
Imagebase:	0xe00000
File size:	10240 bytes
MD5 hash:	8B435F8731563566F3F49203BA277865
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	moderate

Chronological Activities

Analysis Process: 7za.exe PID: 6104 Parent PID: 5780

General

Start time:	18:19:57
Start date:	11/01/2021
Path:	C:\Windows\SysWOW64\7za.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg' 'C:\Users\user\Desktop\JUST1F1.tar'
Imagebase:	0x50000
File size:	289792 bytes
MD5 hash:	77E556CDFDC5C592F5C46DB4127C6F4C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 5576 Parent PID: 6104

General

Start time:	18:19:58
Start date:	11/01/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 2856 Parent PID: 5780

General

Start time:	18:19:58
Start date:	11/01/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe'
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 864 Parent PID: 2856

General

Start time:	18:19:59
Start date:	11/01/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: JUST1F1.exe PID: 6840 Parent PID: 2856

General

Start time:	18:19:59
Start date:	11/01/2021
Path:	C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe
Imagebase:	0xc50000
File size:	910336 bytes
MD5 hash:	1B05FB33C53270DB133E7E7830CDA935
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.675383386.0000000004481000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000005.00000002.674621864.0000000003481000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Chronological Activities

Analysis Process: JUST1F1.exe PID: 6516 Parent PID: 6840

General

Start time:	18:20:08
Start date:	11/01/2021
Path:	C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\jwzcmshk.kmg\JUST1F1.exe
Imagebase:	0xa50000
File size:	910336 bytes
MD5 hash:	1B05FB33C53270DB133E7E7830CDA935
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.990481761.0000000003331000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.989247161.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: unarchiver.exe PID: 5780 Parent PID: 5952 unarchiver.exeCOMMON

Execution Graph

Execution Coverage:	20%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	67
Total number of Limit Nodes:	4

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 018102A8, Relevance: 3.0, Strings: 2, Instructions: 475
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

u]p^, xrefs: 01810345, 0181034A
:@fq, xrefs: 01810612

Memory Dump Source

Source File: 00000000.00000002.678350957.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1810000_unarchiver.jbxd

Similarity

API ID:
String ID: :@fq$u]p^
API String ID: 0-2298872955
Opcode ID: 6239982905cfb916ab3c31b72dfb31c4b47af26a7090434ab053eec4b1045a1c
Instruction ID: ecc7069167431393007df7c19a11af51eb0ad89992b68d494888f619c3d5b1fd
Opcode Fuzzy Hash: 6239982905cfb916ab3c31b72dfb31c4b47af26a7090434ab053eec4b1045a1c
Instruction Fuzzy Hash: 7B22E478D10228CFDB24CFA5D844B9DBBF2FB89345F1091A9E80AAB255DB345E85DF10

Uniqueness

Uniqueness Score: -1.00%

Function 013DB042, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 013DB074

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 5e35109aed8870c1eefcf29bc0d2764d04fa24829bca7448f7eee412d3377b9b
Instruction ID: 9f45deab88d46aedf83fce73cbbc462652350e13bd2c81545e26910018bcd67f
Opcode Fuzzy Hash: 5e35109aed8870c1eefcf29bc0d2764d04fa24829bca7448f7eee412d3377b9b
Instruction Fuzzy Hash: 4B01A275900344DFDB20CF19E985755FB94EF05324F08C4AADD488F65AD379A408CA62

Uniqueness

Uniqueness Score: -1.00%

Function 01810014, Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

:@fq, xrefs: 01810096

Memory Dump Source

Source File: 00000000.00000002.678350957.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1810000_unarchiver.jbxd

Similarity

API ID:
String ID: :@fq
API String ID: 0-3673016210
Opcode ID: d2b7f2e576cb90dbc4f612162b14dffe1750c4529d1bb8fea82c0ea7c8ca055a
Instruction ID: 70381792331d941359c31230b1b9bd4864d8ed2d906c54773ae2f67c0c25a12e
Opcode Fuzzy Hash: d2b7f2e576cb90dbc4f612162b14dffe1750c4529d1bb8fea82c0ea7c8ca055a
Instruction Fuzzy Hash: CEA17138904218DFDB15CFA4D850B9DBBF2FF89314F2040A9E8096739AD7389E45EB11

Uniqueness

Uniqueness Score: -1.00%

Function 013DB0B2, Relevance: 1.6, APIs: 1, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 013DB15F

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7f10311662d1a29572e75df0601b71c3c512fa818bb6e23a99050a8ff07fc1d1
Instruction ID: 4cd14a283c09cbc482f0fa0d1a1f86cd80fee5b6970d92621143b5fce169b3b3
Opcode Fuzzy Hash: 7f10311662d1a29572e75df0601b71c3c512fa818bb6e23a99050a8ff07fc1d1
Instruction Fuzzy Hash: 4C31C6B2504344AFE7238F25DC44F66BFBCEF06320F0484AAE985DB152D224E919CB71

Uniqueness

Uniqueness Score: -1.00%

Function 013DAB70, Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 013DAC13

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: dfd6fafba1e5a951edd9b3d7051b465793dcd9e9d8245f153b7bb7688efe39df
Instruction ID: 89c258bfc48108466ed5c60ef817e9085c233022d5b7dfdea75d548e5613065e
Opcode Fuzzy Hash: dfd6fafba1e5a951edd9b3d7051b465793dcd9e9d8245f153b7bb7688efe39df
Instruction Fuzzy Hash: F231C4B2504344AFEB228F65DC44F67BFACEF05320F0888AAF985DB152D264E519CB71

Uniqueness

Uniqueness Score: -1.00%

Function 013DA504, Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 013DA5A9

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 1958b0d7ad0f0486efd27ac47bd953cc54705843a7a9f65c6901e59e47ec0065
Instruction ID: 4ddbe2befcee0f899202e2e432d64edd3ebaab54613ea9087943b8b5f6ed99a7
Opcode Fuzzy Hash: 1958b0d7ad0f0486efd27ac47bd953cc54705843a7a9f65c6901e59e47ec0065
Instruction Fuzzy Hash: 56316FB1504780AFE722CF25DD44B66BFE8EF05214F0885AEE9858B252D375E909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 013DA9E2, Relevance: 1.6, APIs: 1, Instructions: 90
pipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreatePipe.KERNELBASE(?,00000E2C,?,?), ref: 013DAAA2

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: CreatePipe
String ID:
API String ID: 2719314638-0
Opcode ID: 3a524d20e308d12f62e589d290ca9c1d2150741ae53dfec7cfacae60433ca198
Instruction ID: 209f01d7d07f3cb506df0fe5d36e73c98f37ec84ba46ce58f40825d673ac0d09
Opcode Fuzzy Hash: 3a524d20e308d12f62e589d290ca9c1d2150741ae53dfec7cfacae60433ca198
Instruction Fuzzy Hash: 97316D7240E7C06FD3138B758C65A51BFB4AF47610F1E84DBD8C4CB1A3D2686919CB62

Uniqueness

Uniqueness Score: -1.00%

Function 013DA120, Relevance: 1.6, APIs: 1, Instructions: 82
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindNextFileW.KERNELBASE(?,00000E2C,?,?), ref: 013DA1C2

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: e19cd4d967b7009ab5b9e006d92ecc37127fc89fe209030496c5080930721ecb
Instruction ID: 5c82f0f54f7469dc3f180ab3aeb4bc3d1eeb9ee3b8d8bc840e4175ca94449e6e
Opcode Fuzzy Hash: e19cd4d967b7009ab5b9e006d92ecc37127fc89fe209030496c5080930721ecb
Instruction Fuzzy Hash: 0421BC7140D3C06FD7128B258C51BA6BFB4EF47620F0981DBD8848F293D225A91AC7A2

Uniqueness

Uniqueness Score: -1.00%

Function 013DAB96, Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 013DAC13

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: bcd8754c378181688c7e9b54e23ff724b075a86197c0dc31b1ca7d1fea126b52
Instruction ID: b31e9cd518cd31800004144c0649f6002b0b90066cc4b818029d2a2f3bb1f811
Opcode Fuzzy Hash: bcd8754c378181688c7e9b54e23ff724b075a86197c0dc31b1ca7d1fea126b52
Instruction Fuzzy Hash: 3521C472500304AFEB21CF69DD84F6AFBACEF04320F04886AED45DB551D274E5148BB1

Uniqueness

Uniqueness Score: -1.00%

Function 013DB0E2, Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E2C), ref: 013DB15F

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: eda8d41460d0779779475a10088dd67df2e9151a200d3615292d3a26efe9e5d0
Instruction ID: 56bd46d76909cc5537e03d0e5201ff529bd5f276e77508515691953c77a72004
Opcode Fuzzy Hash: eda8d41460d0779779475a10088dd67df2e9151a200d3615292d3a26efe9e5d0
Instruction Fuzzy Hash: 7521B072500304AFEB22CF69DC84F6AFBACEF04320F04886AED45DB655D274E4098B71

Uniqueness

Uniqueness Score: -1.00%

Function 013DA77C, Relevance: 1.6, APIs: 1, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointer.KERNELBASE(?,00000E2C,39DA44C6,00000000,00000000,00000000,00000000), ref: 013DA80A

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 2aefd6e3c3b241eb1a3479d594990335f0b997044423f2f5342516921f895dcf
Instruction ID: 24e234c3553c33169080738a869adb79fa031588d5c573f094420a49629926af
Opcode Fuzzy Hash: 2aefd6e3c3b241eb1a3479d594990335f0b997044423f2f5342516921f895dcf
Instruction Fuzzy Hash: 002192B1408380AFE7238F25DD45F66BFA8EF46714F0884EAED849F153C264A809CB71

Uniqueness

Uniqueness Score: -1.00%

Function 013DA85F, Relevance: 1.6, APIs: 1, Instructions: 77
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNELBASE(?,00000E2C,39DA44C6,00000000,00000000,00000000,00000000), ref: 013DA8ED

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: c1a266f376798b42ae077b721f4ce72f12e97399bd7e494fbf2b0518d7b8c03c
Instruction ID: 2891305fe51794ddffb1354d02baf4d9c793830edb02d182b5da53a72e1deee9
Opcode Fuzzy Hash: c1a266f376798b42ae077b721f4ce72f12e97399bd7e494fbf2b0518d7b8c03c
Instruction Fuzzy Hash: 00218E72409384AFEB228F65DD45F96BFB8EF06310F0884DAE9849F153C275A408CB62

Uniqueness

Uniqueness Score: -1.00%

Function 013DA52A, Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 013DA5A9

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 0794348295c8255d645156a2e5ac2d9862d7038319555dd10e4d2d12cf72c135
Instruction ID: b74bc406cbe2eb2cbe261abcd9f25664600f80a52924f9776541629c152df066
Opcode Fuzzy Hash: 0794348295c8255d645156a2e5ac2d9862d7038319555dd10e4d2d12cf72c135
Instruction Fuzzy Hash: 85218EB2600744EFEB21CF69DD85B66FBE8EF08314F08846AE9858B652D775E404CB71

Uniqueness

Uniqueness Score: -1.00%

Function 013DA6BB, Relevance: 1.6, APIs: 1, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,00000E2C,39DA44C6,00000000,00000000,00000000,00000000), ref: 013DA741

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: fde7f61cc2f8e3cd5a0b1f82f42fd195fc70588dd461dce92363ab4a41f2379b
Instruction ID: c212856ffc3de4b7ef2bcc7dc510b0df1e5ad510f5ea15ce25a19f32b8ce5a39
Opcode Fuzzy Hash: fde7f61cc2f8e3cd5a0b1f82f42fd195fc70588dd461dce92363ab4a41f2379b
Instruction Fuzzy Hash: E221D5B64083806FE7138B25DD41BA6BFB8DF46724F0980DBE9849F153D264A909C771

Uniqueness

Uniqueness Score: -1.00%

Function 013DA600, Relevance: 1.6, APIs: 1, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 013DA674

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 9e3e1078281b255a0ad4a2aeb43ecfb9fec409bcf16c4faae3ad6f333919d857
Instruction ID: 2d319dfbaa9d3feed46a3a789ea8f4e86953387e999a06aa3a2b609711b75118
Opcode Fuzzy Hash: 9e3e1078281b255a0ad4a2aeb43ecfb9fec409bcf16c4faae3ad6f333919d857
Instruction Fuzzy Hash: AC21CFB68093C09FD7138B29DC94792BFB4EF42224F0984DBDC858F663D2649908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 013DA448, Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 013DA4AF

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 65e8c7a96e89ae6488d7f3af779d0474b0c65f98617d0d55a3756097f9f3f2d1
Instruction ID: 38dcf4c0f793b559ae0d063e7f091e274b7fda109cc26160daa733a03ba7aef6
Opcode Fuzzy Hash: 65e8c7a96e89ae6488d7f3af779d0474b0c65f98617d0d55a3756097f9f3f2d1
Instruction Fuzzy Hash: 2D1184725093809FD711CF29DD85B56BFE8EF06220F0984AEED45DF252D274E904CB61

Uniqueness

Uniqueness Score: -1.00%

Function 013DA88E, Relevance: 1.6, APIs: 1, Instructions: 60
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNELBASE(?,00000E2C,39DA44C6,00000000,00000000,00000000,00000000), ref: 013DA8ED

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: edf742b54f0b423226bdb123731ee1facfa7bfb7c24c491c7cec07e11a6b69a1
Instruction ID: 331e0a83053986861cd370b82455a0e12e248098dd56b8e2c927af209b62f403
Opcode Fuzzy Hash: edf742b54f0b423226bdb123731ee1facfa7bfb7c24c491c7cec07e11a6b69a1
Instruction Fuzzy Hash: 9211C172500304AFEB22CF69ED45F66FBA8EF04320F04846AED459B656D274E408CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 013DA7AE, Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(?,00000E2C,39DA44C6,00000000,00000000,00000000,00000000), ref: 013DA80A

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 1414977bbd2a556b333021ea694509f0bd2fc5a803b5d93d33af0dbe6f275336
Instruction ID: a8d31779d76ce026fd346b50a6c9284f1b032675cb3747d307d2b2aad0e8345d
Opcode Fuzzy Hash: 1414977bbd2a556b333021ea694509f0bd2fc5a803b5d93d33af0dbe6f275336
Instruction Fuzzy Hash: 51119172500304AFEB21CF69DD85F66FFA8EF44720F14C46AED459B646D274A409CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 013DB020, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 013DB074

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 902ddd8e7cc9d7646bae34465a3f62128e41b17278c5b6a485e2da0cd9fcc581
Instruction ID: 06e70060199eacea2509707e56a79bb2b1d57ed8558500a571af61676563a92e
Opcode Fuzzy Hash: 902ddd8e7cc9d7646bae34465a3f62128e41b17278c5b6a485e2da0cd9fcc581
Instruction Fuzzy Hash: 011170714093809FDB12CF15DD84B56FFA4EF46224F0984EBED848F253D275A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 013DADF7, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 013DAE50

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: c03ad5c3e7bb84967d3d7843e49750730553e662ec32e1b803e07aa97c0b0022
Instruction ID: b160dc43a0235f603f5c87ca446b139a8bf17235ee7c8dc8f0a171382767056d
Opcode Fuzzy Hash: c03ad5c3e7bb84967d3d7843e49750730553e662ec32e1b803e07aa97c0b0022
Instruction Fuzzy Hash: FD1151755093809FD7128B29DD45A52BFB4EF46220F0984DAED858B663C274A858CB61

Uniqueness

Uniqueness Score: -1.00%

Function 013DA6EE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,39DA44C6,00000000,00000000,00000000,00000000), ref: 013DA741

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 2270aa949e80bc25643ccae4a5370e2d19846f75fdabcedf5e0da59b7809718b
Instruction ID: 88174f97f77278ab7ae40d6c5d299585afa649ed5d406d51e60c2fd1581b2869
Opcode Fuzzy Hash: 2270aa949e80bc25643ccae4a5370e2d19846f75fdabcedf5e0da59b7809718b
Instruction Fuzzy Hash: 2001F572500304AFE721CF59DD85F66FBACDF44720F58C09AED459B646D278E408CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 013DA46A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 013DA4AF

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 7725bc89713e9780ff292a4593fafefe3f448ad9d6375205ea5f8fe5c82cceed
Instruction ID: c8937c3f920780c4e6f92848ca5183ca767412a500af6c65f2b88572db23d01a
Opcode Fuzzy Hash: 7725bc89713e9780ff292a4593fafefe3f448ad9d6375205ea5f8fe5c82cceed
Instruction Fuzzy Hash: 871165726042048FEB60CF59E989756FBE8EF04224F08C4AADD49DB746E674E514CB61

Uniqueness

Uniqueness Score: -1.00%

Function 013DA23C, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 013DA290

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: e517e557e931ad8294319f853f482dee3b78a4448000c1455906a69bf377d127
Instruction ID: 8cbed59284189a2243818ca85400741f86389a2053f6ff09786fd7d51dab5667
Opcode Fuzzy Hash: e517e557e931ad8294319f853f482dee3b78a4448000c1455906a69bf377d127
Instruction Fuzzy Hash: 33116171409384AFD7228B15DD84B62FFB4DF46624F0880DAED858F657D275A908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 013DA172, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E2C,?,?), ref: 013DA1C2

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: f66606816f356de849d14b0d31fd53d56ee738d91858f4b2af8b78f5e5da53f6
Instruction ID: 12fd5c059dcbcdfe8d935fa36a104d6a40c5f32a7755fe7c47477f23a763d5fa
Opcode Fuzzy Hash: f66606816f356de849d14b0d31fd53d56ee738d91858f4b2af8b78f5e5da53f6
Instruction Fuzzy Hash: 3701B171900600ABD710DF1ADC86B26FBA8EB88B20F14816AED088B641D271B915CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 013DAA52, Relevance: 1.5, APIs: 1, Instructions: 47pipeCOMMON

Download Yara Rule

APIs

CreatePipe.KERNELBASE(?,00000E2C,?,?), ref: 013DAAA2

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: CreatePipe
String ID:
API String ID: 2719314638-0
Opcode ID: b34ada522c6374f3fc0dd964b1a8e741445583b9ffca11e18320b67ff065fa22
Instruction ID: f98cc9c1d762189c4e0ca8bed1b34c5773b801149dcbd468d66c98f7b24ec2d4
Opcode Fuzzy Hash: b34ada522c6374f3fc0dd964b1a8e741445583b9ffca11e18320b67ff065fa22
Instruction Fuzzy Hash: DB01B171900600ABD310DF1ADC86B26FBA8FB88B20F14816AED088B641D271B915CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 013DA642, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 013DA674

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: fd07eb2a9741f1a820b732d8f1f074bccfb9d19d9a03ed0d55bc23fced6b7cc6
Instruction ID: 567786db1ed8815d527ea1513b36ada3c206f14e2b7cf6e27d1abadcf7e4fa02
Opcode Fuzzy Hash: fd07eb2a9741f1a820b732d8f1f074bccfb9d19d9a03ed0d55bc23fced6b7cc6
Instruction Fuzzy Hash: FB01D472900300CFDB11CF19E984755FB94EF40230F08C4AADC098F646D278D404CE61

Uniqueness

Uniqueness Score: -1.00%

Function 013DAE1E, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 013DAE50

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 194f95ff549469a7493a217865ba311a93281ecd8403c03cc4088c102f79a815
Instruction ID: 03e294eadfaace111fed076c7937f40a174a73222323309181489cc137c3b6c1
Opcode Fuzzy Hash: 194f95ff549469a7493a217865ba311a93281ecd8403c03cc4088c102f79a815
Instruction Fuzzy Hash: 7101A4766003449FDB208F1AE985765FB98DF44724F08C0AADD498BB56D3B9E448CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 013DA25E, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 013DA290

Memory Dump Source

Source File: 00000000.00000002.677888634.00000000013DA000.00000040.00000001.sdmp, Offset: 013DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13da000_unarchiver.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 05614645bb21d85062057d548b9c1594a8a9e4c2bc49b494877f9d89ad9ff75c
Instruction ID: 70453a981f35f81a0defb73a63e1cd51c4d7d1569d6ab4f34374a8f6434a0239
Opcode Fuzzy Hash: 05614645bb21d85062057d548b9c1594a8a9e4c2bc49b494877f9d89ad9ff75c
Instruction Fuzzy Hash: D0F0F4319043048FD721CF0AE984721FB94DF04324F08C09ADD080BB16D2B9A408CEB2

Uniqueness

Uniqueness Score: -1.00%

Function 01810C18, Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

3NB, xrefs: 01810D8A, 01810D8F

Memory Dump Source

Source File: 00000000.00000002.678350957.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1810000_unarchiver.jbxd

Similarity

API ID:
String ID: 3NB
API String ID: 0-4216985736
Opcode ID: 97a78ba7784c339455d803cfee42d37c7017155e1e7a8d7b0b1a42da185748f3
Instruction ID: 08ec41cf4fbec127e771f89c18123b4a3a74a0125b7e6e97c0151c9dc3c903c9
Opcode Fuzzy Hash: 97a78ba7784c339455d803cfee42d37c7017155e1e7a8d7b0b1a42da185748f3
Instruction Fuzzy Hash: 0351D475E02219DFCB18DFB9D8809EEBBB2BF8A304F24942DE405A7254DB359941CB54

Uniqueness

Uniqueness Score: -1.00%

Function 017C0870, Relevance: 1.0, Instructions: 993COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.678330522.00000000017C0000.00000040.00000040.sdmp, Offset: 017C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17c0000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f624544714c6ce74a9714853de4bb9d1bbb07ed2f6f07967eac821f355ef628
Instruction ID: 3a10da6e1ddda49a58c6db5df92a22b52f25d50d8ea3a2c5dfafba77d0714a80
Opcode Fuzzy Hash: 9f624544714c6ce74a9714853de4bb9d1bbb07ed2f6f07967eac821f355ef628
Instruction Fuzzy Hash: 81213BA384D2809FE31287246C664A8BFF0DD5323572D85EFD8448B693E11A554BC7E3

Uniqueness

Uniqueness Score: -1.00%

Function 01810AAF, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.678350957.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1810000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d31a2f6ee8898da246fbca506a4e59bdf9739ecaaee31008812f98c5bf1b2af2
Instruction ID: 6781f11f271714a31f46c9a51ee8e04c56950d8cdc6da5ed369a33428ccb95e0
Opcode Fuzzy Hash: d31a2f6ee8898da246fbca506a4e59bdf9739ecaaee31008812f98c5bf1b2af2
Instruction Fuzzy Hash: 86216979D01209CFCB15CFA5D8446EEBBB6FB89308F10916AE800B7254DB745E4ACF50

Uniqueness

Uniqueness Score: -1.00%

Function 01810AC0, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.678350957.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1810000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cebbd2334b1285b70285d3827e99b15ad4c0fa6eb67f60f40092d7ca9c5cced5
Instruction ID: f5c3c1cef9af66da7b5be0878c3a79b5b5ea1b4c5d0a4e54ae06060a356124fd
Opcode Fuzzy Hash: cebbd2334b1285b70285d3827e99b15ad4c0fa6eb67f60f40092d7ca9c5cced5
Instruction Fuzzy Hash: EE214F79D01218CFCB14DFA5D4456EEBBB6FB89304F10952AE500B7254DB746E45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 017C0800, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.678330522.00000000017C0000.00000040.00000040.sdmp, Offset: 017C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17c0000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30861f39deaa66f6501fe350736f99c8f5d6c23fc189e1a21d58aeadb3a25714
Instruction ID: c61b36923044f429b666db01b6526e2950fb9824550206dba1b4e2042986cccd
Opcode Fuzzy Hash: 30861f39deaa66f6501fe350736f99c8f5d6c23fc189e1a21d58aeadb3a25714
Instruction Fuzzy Hash: 1F01A2B24096406FD311CF19EC41C57FBECDF86620B09C56BEC488B202E265B9188BA2

Uniqueness

Uniqueness Score: -1.00%

Function 017C05D0, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.678330522.00000000017C0000.00000040.00000040.sdmp, Offset: 017C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17c0000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e5573c9ac9c3990b323fe25971ec1673addf6ec4b16fb2033df16c3a4d82e4c
Instruction ID: 44424104dacb4f27e50e2541995017194b5b3e63c1eb97bab50b8826b025f23a
Opcode Fuzzy Hash: 4e5573c9ac9c3990b323fe25971ec1673addf6ec4b16fb2033df16c3a4d82e4c
Instruction Fuzzy Hash: 570186B65097806FD712CF16DC41862FFB8EB86620749C49FEC49CB612D265A908CB76

Uniqueness

Uniqueness Score: -1.00%

Function 01810E20, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.678350957.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1810000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd29835f93bc8b581340c141cf3a19bd66c9d8b1d45441e5d8e59b61de1ef629
Instruction ID: ea58333a02f0714669ae9576ac15b88977d9a570923f5949791417aaa304a10b
Opcode Fuzzy Hash: dd29835f93bc8b581340c141cf3a19bd66c9d8b1d45441e5d8e59b61de1ef629
Instruction Fuzzy Hash: D30108B1C0120ADFCB14DFA8C8457AEBBB5BF45305F2099ADD405A7281C7784A84CF81

Uniqueness

Uniqueness Score: -1.00%

Function 01810E30, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.678350957.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1810000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1d26cb4021396a1f784efea9a1f000ca0db0af5ddff0fba6f64798814bea286
Instruction ID: ad46400ccbba205441b6a042c46984285873f2a179793cad8214421e61637224
Opcode Fuzzy Hash: e1d26cb4021396a1f784efea9a1f000ca0db0af5ddff0fba6f64798814bea286
Instruction Fuzzy Hash: 8501E4B1C0121ADFCB14EFA8C8457AEBBB5BB45305F2099ADD405A7280D7749A84CB95

Uniqueness

Uniqueness Score: -1.00%

Function 01810BA7, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.678350957.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1810000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 609fd2a15c920834f6778aba6147c42dc47f8b63a5553891219aa9c41b892d9c
Instruction ID: 9501655ce025ea3b058b5fcce55bc96224f3952cf89dea701b58573280d801aa
Opcode Fuzzy Hash: 609fd2a15c920834f6778aba6147c42dc47f8b63a5553891219aa9c41b892d9c
Instruction Fuzzy Hash: 4401F2B4D0530ADBCB14EFA8C9446EEFFF5BF85300F2085AAC409A7255DA345A45CF91

Uniqueness

Uniqueness Score: -1.00%

Function 017C081E, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.678330522.00000000017C0000.00000040.00000040.sdmp, Offset: 017C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17c0000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e81a097736cb12b5a87ba9eca23f27c18bf351426b62e347cd2fa0f4f2959dd2
Instruction ID: a63305dab4186e690b042b9b1aae97651efcf176e9f2317c337f3517a3908050
Opcode Fuzzy Hash: e81a097736cb12b5a87ba9eca23f27c18bf351426b62e347cd2fa0f4f2959dd2
Instruction Fuzzy Hash: 86F082B28056046BD200DF09ED41856F7ECDF84621B18C56FEC088B701E276A9154AE2

Uniqueness

Uniqueness Score: -1.00%

Function 017C05F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.678330522.00000000017C0000.00000040.00000040.sdmp, Offset: 017C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_17c0000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb6a3585570e3644e080232ac46be821992c3c8fd96c430f91210e62812af9a
Instruction ID: 535f4f97cd43015079c2cfa81bb27d77bd9962ff206921eb77314d9b89d81e29
Opcode Fuzzy Hash: fdb6a3585570e3644e080232ac46be821992c3c8fd96c430f91210e62812af9a
Instruction Fuzzy Hash: E4E092B6A006009BD650CF0AEC41452FBD8EB84630718C07FDC0D8B710E575F508CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 013D23F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.677874220.00000000013D2000.00000040.00000001.sdmp, Offset: 013D2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13d2000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a3d1a0540a4d662847bdbc77c27bc6b580464eb691ab942c3803e0621ed6fa8
Instruction ID: 2339e7847e13ea77fc55bc25cb3991e9677ed6c920a441c244561303efbbcb44
Opcode Fuzzy Hash: 5a3d1a0540a4d662847bdbc77c27bc6b580464eb691ab942c3803e0621ed6fa8
Instruction Fuzzy Hash: D3D05E7A205A914FE3278A1CD1A8B963FF4AB51B08F4644F9EC008B667C369D685D200

Uniqueness

Uniqueness Score: -1.00%

Function 013D23BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.677874220.00000000013D2000.00000040.00000001.sdmp, Offset: 013D2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13d2000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff39416781d60d0bf657d644fdd0c617905421d7ecb1a6ca7d34e5c8d9c2499f
Instruction ID: 559f807a632f874c30ff725ad360b32333b448b5dea8d9e6845ea146f212b2f7
Opcode Fuzzy Hash: ff39416781d60d0bf657d644fdd0c617905421d7ecb1a6ca7d34e5c8d9c2499f
Instruction Fuzzy Hash: 82D05E352002814BD715DB0CD194F5A3BD4AB81B04F0644E8AD008B266CBA4D881C600

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 01810299, Relevance: 1.4, Strings: 1, Instructions: 196COMMON

Download Yara Rule

Strings

u]p^, xrefs: 01810345, 0181034A

Memory Dump Source

Source File: 00000000.00000002.678350957.0000000001810000.00000040.00000001.sdmp, Offset: 01810000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1810000_unarchiver.jbxd

Similarity

API ID:
String ID: u]p^
API String ID: 0-1894936721
Opcode ID: cfa87d79fda557b102bc9e19d1e9251d1720a18e918c8219b6f504ecf958bc4f
Instruction ID: 4a2f0333112bf9f388ee70d830fded21110b1d80723227ea728b330f7b808fdb
Opcode Fuzzy Hash: cfa87d79fda557b102bc9e19d1e9251d1720a18e918c8219b6f504ecf958bc4f
Instruction Fuzzy Hash: 4A81A579D10218DFDB28CFA5E844A99BBF2FB89345F1081A9F80EAB254DB345D49DF10

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: JUST1F1.exe PID: 6840 Parent PID: 2856 JUST1F1.exeCOMMON

Execution Graph

Execution Coverage:	15.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	8.7%
Total number of Nodes:	92
Total number of Limit Nodes:	7

Executed Functions

Function 03020A50, Relevance: 3.1, APIs: 2, Instructions: 113
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 030209F9
listen.WS2_32(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 03020AE4

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: CreateMutexlisten
String ID:
API String ID: 2713436074-0
Opcode ID: 9e000f6c15cc57cd3ed7030ba357e2cee71ad619a92de073216d009ffb8daf70
Instruction ID: 9d4cda238ec576d311b1aae46e616552b2b73d2f1936a50c2f812477dd2aff8b
Opcode Fuzzy Hash: 9e000f6c15cc57cd3ed7030ba357e2cee71ad619a92de073216d009ffb8daf70
Instruction Fuzzy Hash: 6E41B2B15053849FE712CF15DC85BA6BFE8EF46324F0884EAE9488F253D275A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 03020E6B, Relevance: 1.6, APIs: 1, Instructions: 81networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 03020EFF

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: ab667e805235126cfe4aa340edbcf3ffa29c9a845d223f4c1a9a9f8224dc0d80
Instruction ID: c9cb87c3b0ab70d9c85de0dba03a67f5a86038331a8f6c3a7d39580bbade4461
Opcode Fuzzy Hash: ab667e805235126cfe4aa340edbcf3ffa29c9a845d223f4c1a9a9f8224dc0d80
Instruction Fuzzy Hash: EB217EB15093846FD752CF65CC84B96BFA8EF06320F0884EAE9448F152D224A849CB71

Uniqueness

Uniqueness Score: -1.00%

Function 03020E9E, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 03020EFF

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: d09317fd1b6d12212559851d166c4a0d27bbbd86f3067d3f2bb407671ec2a41d
Instruction ID: 9ebdf948b200502bce53ffa2977c35d427651f5a06e55d1c485483511f955222
Opcode Fuzzy Hash: d09317fd1b6d12212559851d166c4a0d27bbbd86f3067d3f2bb407671ec2a41d
Instruction Fuzzy Hash: 981190B1501304AFEB61CF55DC84B9AFBECEF04320F0888AAED499B646D674E444CB71

Uniqueness

Uniqueness Score: -1.00%

Function 03020A8E, Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

listen.WS2_32(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 03020AE4

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: listen
String ID:
API String ID: 3257165821-0
Opcode ID: 13aa070994759f3d715b49c5e7ccf17e43085a2ecc2d81678149eb9b9f9aeedc
Instruction ID: 0b5de7f16775440737d8b8e632df8d3a689f59df486998da61cb971ce1fb224a
Opcode Fuzzy Hash: 13aa070994759f3d715b49c5e7ccf17e43085a2ecc2d81678149eb9b9f9aeedc
Instruction Fuzzy Hash: 9911C271501304AFEB22CF65DC84B6AFF98EF04324F1888AAED449B246D274A408CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 02FAA608, Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67fefae67b0b631a01f3d25afa0cfd21a97a81f0a9abacf8fa57bfbc7a64c8ce
Instruction ID: 7c005bc07dd73cba9df3926e288ee242709d417ec517f35d0461e70ee633d96d
Opcode Fuzzy Hash: 67fefae67b0b631a01f3d25afa0cfd21a97a81f0a9abacf8fa57bfbc7a64c8ce
Instruction Fuzzy Hash: C2B1FFB4E01218CFCB14DFA9D9A4AADBBF2BF48355F248169D519AB344DB309D46CF20

Uniqueness

Uniqueness Score: -1.00%

Function 02FA1074, Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c26d3f536b96f412b2e51fd58859735676f2fecdd0d8fa67bd5873b516475287
Instruction ID: c6a17cbf8e27cd56353d1f616bda5b4d45d1f93cc7b245d11a4911d95556fae3
Opcode Fuzzy Hash: c26d3f536b96f412b2e51fd58859735676f2fecdd0d8fa67bd5873b516475287
Instruction Fuzzy Hash: D39129B4E00258CFDB44DFA9D8946AEBBB2FF89344F21C06AE909AB354DB345945CF14

Uniqueness

Uniqueness Score: -1.00%

Function 02FABDBA, Relevance: 3.8, Strings: 3, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

', xrefs: 02FAC1E3
6, xrefs: 02FAC112
2, xrefs: 02FAC229

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID: '$2$6
API String ID: 0-2200861089
Opcode ID: 1e6e8bae2c9c81dacbac112f35b14d3f592be2fda23a121ab719f9ed822a0793
Instruction ID: 86b6b40279fae708cc651969a22a86cf61a20279b6bc1ca72eb99399a5c70b2c
Opcode Fuzzy Hash: 1e6e8bae2c9c81dacbac112f35b14d3f592be2fda23a121ab719f9ed822a0793
Instruction Fuzzy Hash: 2441BAB4D002298FDB60DF65C898BECBBB1BB19348F2085EAD549A7250D7789EC5CF40

Uniqueness

Uniqueness Score: -1.00%

Function 02FAC0B2, Relevance: 3.8, Strings: 3, Instructions: 88
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

', xrefs: 02FAC1E3
6, xrefs: 02FAC112
2, xrefs: 02FAC229

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID: '$2$6
API String ID: 0-2200861089
Opcode ID: 0a5a29f764e7071ed24216286b1ed2ae9b7d5b78d66a4bb3d6a09708eb281350
Instruction ID: 4b780ae7c3091af5614879a6d7de68194da787c97a2f4fb9dd79c27db10968fe
Opcode Fuzzy Hash: 0a5a29f764e7071ed24216286b1ed2ae9b7d5b78d66a4bb3d6a09708eb281350
Instruction Fuzzy Hash: 4341ACB0D002298FCB60DF65C998BECBBB2BB59345F1085EAD449A7250DB745EC5CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02FAC5A1, Relevance: 2.6, Strings: 2, Instructions: 53
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

&, xrefs: 02FAC5E9
/, xrefs: 02FAC651

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID: &$/
API String ID: 0-2578988991
Opcode ID: 143103f461e2a76c24f996cad08bef837f6ea1339876b9f6db28fdf14d02f9d3
Instruction ID: 8f15b55838c6465c92ec64f252baaa7de97652d2e7eeeb4a15ba5a8f852e0e1c
Opcode Fuzzy Hash: 143103f461e2a76c24f996cad08bef837f6ea1339876b9f6db28fdf14d02f9d3
Instruction Fuzzy Hash: 6B21FFB1D002288FCB20DF64C894BEDBBB1BB19345F5084EAD549AB280C7789EC4CF41

Uniqueness

Uniqueness Score: -1.00%

Function 02FABD3B, Relevance: 2.5, Strings: 2, Instructions: 31
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

!, xrefs: 02FABD95
(, xrefs: 02FAC4D2

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID: !$(
API String ID: 0-43236505
Opcode ID: d92f48f40a8ba887fc7c12340eeeb8c2aab11c7d46bddf1630e74226893f8d5b
Instruction ID: f9eede4765b5d9a28c127baf507293f0d533156576bd8293787c92136aaf3a3f
Opcode Fuzzy Hash: d92f48f40a8ba887fc7c12340eeeb8c2aab11c7d46bddf1630e74226893f8d5b
Instruction Fuzzy Hash: 3501A8B0D412188BDB258F54C9A5BDCBBB1BB19344F2095DAD649A7281C7768E81CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0132B729, Relevance: 1.6, APIs: 1, Instructions: 148
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 0132B802

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: ab18c9d76341566ce8c8992b6649f440bb429a819b9778746d8718204b43be35
Instruction ID: 1ff1103ac227c9c544298915049fe1fbc250eff02a2bfa5335f42df2915b7e07
Opcode Fuzzy Hash: ab18c9d76341566ce8c8992b6649f440bb429a819b9778746d8718204b43be35
Instruction Fuzzy Hash: 66518C7140A3C09FD3139B299C55B61BFB4EF47224F0E85DBD8848F2A3D2296909C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 0132BBF3, Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0132BCA9

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5046b96f615e9e1c95cfe11c7dc551e749a5215744444099016a8b975848638a
Instruction ID: 1e96a8e26cd785eeb2c70332f061e0a6a3ce3cd59cc05a7538866395e0b2234a
Opcode Fuzzy Hash: 5046b96f615e9e1c95cfe11c7dc551e749a5215744444099016a8b975848638a
Instruction Fuzzy Hash: F3317EB1505780AFEB22CF25DD44B62FFE8EF06314F08849EE9858B252D675E909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0132AB26, Relevance: 1.6, APIs: 1, Instructions: 92
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0132ABD5

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: dd1903ede166058af7f4a3147a2b80416652f3b87a2d07264fea8af4bbc1c36a
Instruction ID: bc963e8f9aaf9d5e6a487794b30aea8a2395b6a497ecfd791579a8831d1da605
Opcode Fuzzy Hash: dd1903ede166058af7f4a3147a2b80416652f3b87a2d07264fea8af4bbc1c36a
Instruction Fuzzy Hash: E23191B25443846FE7228B25CC45FA6BFACEF06710F0888AAED809B153D264E549CB71

Uniqueness

Uniqueness Score: -1.00%

Function 03021109, Relevance: 1.6, APIs: 1, Instructions: 90
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

accept.WS2_32(?,?), ref: 030211AD

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: accept
String ID:
API String ID: 3005279540-0
Opcode ID: bddb3b4343ce85f7d27a8db8ae38d8e5da27155689d3dcb077e1aa7add67d4ac
Instruction ID: ee1f98070707a2f5c53ec58fccf379df60e788f5f3c212ea4d2afbfba8b8217e
Opcode Fuzzy Hash: bddb3b4343ce85f7d27a8db8ae38d8e5da27155689d3dcb077e1aa7add67d4ac
Instruction Fuzzy Hash: 95318FB1509780AFE722CB25DC44B56FFF8EF06314F0884DAE9848B253D375A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0132AC1D, Relevance: 1.6, APIs: 1, Instructions: 89
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 0132ACD8

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: a33fbba54bf04f5f90cb3bf0cd11fc49ff977aa1a0756ac3410e85431d09bd63
Instruction ID: 59139b833409716f96ca455b7aa667af25d8b46292d29495a4c6c22c0a7d6d67
Opcode Fuzzy Hash: a33fbba54bf04f5f90cb3bf0cd11fc49ff977aa1a0756ac3410e85431d09bd63
Instruction Fuzzy Hash: 793191711097846FEB22CF25CC44FA2BFF8EF06324F08849AE985CB553D264E549CB61

Uniqueness

Uniqueness Score: -1.00%

Function 03020C18, Relevance: 1.6, APIs: 1, Instructions: 89
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessTimes.KERNELBASE(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 03020CB5

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 2000917e73fd25f4a1c445fdc7f77359fa25f95e908b7ed5d17b8a4241d75084
Instruction ID: c26172cde0ea97c0adf5ab062ab86ed20480a99a25a5b5d5a22df7cdd147011b
Opcode Fuzzy Hash: 2000917e73fd25f4a1c445fdc7f77359fa25f95e908b7ed5d17b8a4241d75084
Instruction Fuzzy Hash: 7B31A5B25093806FE7228F25DD45F96BFB8EF06310F0884EBE985DB153D225E909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 030205CC, Relevance: 1.6, APIs: 1, Instructions: 87
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MapViewOfFile.KERNELBASE ref: 0302067E

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 352b50077b128bcc3841c8135138910b643c26eec50b6c4fa3506071b3bfa610
Instruction ID: 89dcc1718ca11bc2c5559809063494c1430361d1d12538c52f98722fdf9acef5
Opcode Fuzzy Hash: 352b50077b128bcc3841c8135138910b643c26eec50b6c4fa3506071b3bfa610
Instruction Fuzzy Hash: 5C31B3B2405780AFE722CF65DC45F56FFF8EF06320F08859AE9848B153D365A509CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0132AFCF, Relevance: 1.6, APIs: 1, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 0132B06C

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 32e6f4c1bc8e4060086800326ceedf0af2ff9c4d892270faca9d8b9f9b3c87ef
Instruction ID: 13477b0cdfffbd448790494456959e887a258f2fa6b7d1fc362d9eea94f14507
Opcode Fuzzy Hash: 32e6f4c1bc8e4060086800326ceedf0af2ff9c4d892270faca9d8b9f9b3c87ef
Instruction Fuzzy Hash: 673180B11093846FD7238B259C45F96BFA8EF06214F0884ABE9859B153D224A948C772

Uniqueness

Uniqueness Score: -1.00%

Function 0132B2F3, Relevance: 1.6, APIs: 1, Instructions: 85
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 0132B38F

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: bfb0740775ab3204e9cc4a095d89aecf96466e026667517a25d4d591bde67198
Instruction ID: 37135b69d89af1c8065e0aed99ec137fcef8264c59299749ca380b51a5fb66d9
Opcode Fuzzy Hash: bfb0740775ab3204e9cc4a095d89aecf96466e026667517a25d4d591bde67198
Instruction Fuzzy Hash: E3217172504344AFE721DF69DC85F6AFFB8EF05310F08889AED849B152D274A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 03020959, Relevance: 1.6, APIs: 1, Instructions: 85
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 030209F9

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 983f9687ed43e3d056907fd3fa6bee9718e89a99f31cc9683a7a25e8ad27ff1c
Instruction ID: 53f097a8b8b3e52e06f0c445300a2380ab0ca126f5e34b08ff2a61d8f2982b98
Opcode Fuzzy Hash: 983f9687ed43e3d056907fd3fa6bee9718e89a99f31cc9683a7a25e8ad27ff1c
Instruction Fuzzy Hash: D23184B1509780AFE722CF65CC45B56FFF8EF05310F08849AE9859B292D375E908CB65

Uniqueness

Uniqueness Score: -1.00%

Function 030213C1, Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNELBASE(?,00000E2C,?,?), ref: 0302146E

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: eb9fdd7b6d4864710147507d6298ee877be0efa292dfe3d3e8934efc2b135e58
Instruction ID: 873d1d6f8cfa2d9125290aa65b54d3f8e7b3ec61100082ab23d9302c824e697d
Opcode Fuzzy Hash: eb9fdd7b6d4864710147507d6298ee877be0efa292dfe3d3e8934efc2b135e58
Instruction Fuzzy Hash: EF318F715097C16FD3138B25DC51F62BFB8EF47620F0A81DBE8848F593D224A909C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 0132A120, Relevance: 1.6, APIs: 1, Instructions: 82networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(?,00000E2C,?,?), ref: 0132A1BD

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: bf143bac73aeb4e4143bca38b9a864fa48f40928a1e3f441082152701fa257d5
Instruction ID: d3b9272393730ef506214220353939e5e9e7f68fb59c5395b6909dcd2ad2fdbd
Opcode Fuzzy Hash: bf143bac73aeb4e4143bca38b9a864fa48f40928a1e3f441082152701fa257d5
Instruction Fuzzy Hash: 8A21BF7140D3C06FD7138B758C51BA6BFB4EF47620F0A85DBD8848F193D225A90ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0302121B, Relevance: 1.6, APIs: 1, Instructions: 79networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 030212AA

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 07d349825f71842d4dfb6c040e93b3a0ffa2e7d1b41c43a4f3f3853483b49a01
Instruction ID: 453d34a197a7b5af4ec26cd81d6938314326c3927cfff3ee1d543315a5a6c2f0
Opcode Fuzzy Hash: 07d349825f71842d4dfb6c040e93b3a0ffa2e7d1b41c43a4f3f3853483b49a01
Instruction Fuzzy Hash: EA2151B25093846FD722CB65DD44F96BFBCEF46210F1884EBE984DB153D224A508CB75

Uniqueness

Uniqueness Score: -1.00%

Function 030204EA, Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 03020575

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: d742f98946fa5e032c392ef011e9d120719378b110c7cb41edb73ad64980b814
Instruction ID: d3c1f0518d2eaafedacbf8dde5d39d081a6ecb4ffbc0a79b75a51971b537beff
Opcode Fuzzy Hash: d742f98946fa5e032c392ef011e9d120719378b110c7cb41edb73ad64980b814
Instruction Fuzzy Hash: 532183B1505380AFE721CF65DC45F66FFE8EF05210F08849EE9858B252D375E948C761

Uniqueness

Uniqueness Score: -1.00%

Function 0132B82E, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 0132B8BA

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 4cc6ba567de76e6a60acd3c69bef3728278825d387b4a77aa2f8b3cdbe8018d3
Instruction ID: d5c1d25ce59c9e5b3f46006c3595a8d410a1995eda0e4a1af78309a8149a11f1
Opcode Fuzzy Hash: 4cc6ba567de76e6a60acd3c69bef3728278825d387b4a77aa2f8b3cdbe8018d3
Instruction Fuzzy Hash: 31218B71509784AFE722CF65DC44F56FFB8EF09310F08899EE9858B652D375A808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0132BD00, Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 0132BD95

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 14bd6dcba25cdc288e5ab552926eca662fe31a14f38e061d65e99d479ca99574
Instruction ID: d75763f5c98410c594734d066f05082a0ca41506e52c5ae35a1e686e8ff85cac
Opcode Fuzzy Hash: 14bd6dcba25cdc288e5ab552926eca662fe31a14f38e061d65e99d479ca99574
Instruction Fuzzy Hash: 7E21F5B65087846FE713CF25DC40BA2BFB8EF46720F1884DAE9849B157D224A909C7B1

Uniqueness

Uniqueness Score: -1.00%

Function 0132BC2A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0132BCA9

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: b466aa4ed6bd34af7b02a29466bbabc404c20a18320c0e19fb6302988a5e8fff
Instruction ID: 296cb353d282db891bb26f5389ea7479b97938b280eeb331bfb547f9f70a335a
Opcode Fuzzy Hash: b466aa4ed6bd34af7b02a29466bbabc404c20a18320c0e19fb6302988a5e8fff
Instruction Fuzzy Hash: CA219C71600710AFEB21DF6ACD84B66FBE8EF08310F04846AEA858B646D775E404CB71

Uniqueness

Uniqueness Score: -1.00%

Function 03020006, Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 03020091

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 8e9ebcb38be7e80c201fae91a6b1a553b8de664931fa55c618ff9c1697c0ba5f
Instruction ID: a281dcdb7ca1c3a97b1c2838dd01e17451be957797e44a2e9862caa8dea3b6d5
Opcode Fuzzy Hash: 8e9ebcb38be7e80c201fae91a6b1a553b8de664931fa55c618ff9c1697c0ba5f
Instruction Fuzzy Hash: 36215371409384AFE7228F65DD84F56BFB8EF46320F0884DBE9859B153D265A809CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0302024E, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 030202E0

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b29b61de8a676f9befcdea1aa175e6b562f6d3f993f621689b7bfc3d6ec258f4
Instruction ID: 7abbe4d875fd16a69970ed697732a906b3c3c3ce451bd88d200f3f07e321f317
Opcode Fuzzy Hash: b29b61de8a676f9befcdea1aa175e6b562f6d3f993f621689b7bfc3d6ec258f4
Instruction Fuzzy Hash: 88216AB2505384AFE722CF65CC44F57FFFCEF09620F08859AE9859B252D264E948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0132AB56, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0132ABD5

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: f7d295824cee2d05d3fc591aee721edfc77932613678e49ef8981777cf663c68
Instruction ID: 849d8f835aaae54cf92d54ff9e3905a0471abf72f0f13e430586bb1547a97c19
Opcode Fuzzy Hash: f7d295824cee2d05d3fc591aee721edfc77932613678e49ef8981777cf663c68
Instruction Fuzzy Hash: 16219272500704AFE7219F69CC44F6AFBECEF08720F04885AED419B642D624E549CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 03020F5D, Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

getsockname.WS2_32(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 03020FE3

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: getsockname
String ID:
API String ID: 3358416759-0
Opcode ID: 6ac174dd7650d8c8ceaf57f7b4200242fec0ec70d7067369f9c11611279cc6df
Instruction ID: 02f3323a30491d2a74f3e6807db29c613c672641fbc23d9ae427c69f5e6b7530
Opcode Fuzzy Hash: 6ac174dd7650d8c8ceaf57f7b4200242fec0ec70d7067369f9c11611279cc6df
Instruction Fuzzy Hash: 4D2171B15093846FE722CF65DC84F96BFA8EF45310F0884ABE9449B152D274E508CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0132B31E, Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 0132B38F

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: 0a262912f8c4246995df476960091bea521969c1b8889bc6bd08fafea192576c
Instruction ID: 4b97513a6cfa335b7016ba3bf2386ac68ccdca2b0bf036c4674133f23224f149
Opcode Fuzzy Hash: 0a262912f8c4246995df476960091bea521969c1b8889bc6bd08fafea192576c
Instruction Fuzzy Hash: 28219071500304AFE721DF69DC85F6AFBACEF04720F14886AEE45DB646D274E5098B71

Uniqueness

Uniqueness Score: -1.00%

Function 03020986, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 030209F9

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 3cfdb8c26d03f050f546f9e3420cfd12fd8cc0f85a6afb7400b7c19094e40fde
Instruction ID: 34d4b511abc8ae688003212a520a139470a461583a76cada910f8577879bc4fa
Opcode Fuzzy Hash: 3cfdb8c26d03f050f546f9e3420cfd12fd8cc0f85a6afb7400b7c19094e40fde
Instruction Fuzzy Hash: 02217F716013409FE760DF6AC885B6AFFE8EF04310F08846AE9499B642D675E809CB65

Uniqueness

Uniqueness Score: -1.00%

Function 03021041, Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 030210BF

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: aceaed57012fcaac29b78351447c87a27c8d8971ffb73d1ebf1f202cb4a28ec0
Instruction ID: de5c2b1810e2300b52cb46440f2f750a7229204185263953e84cb6e9e5646189
Opcode Fuzzy Hash: aceaed57012fcaac29b78351447c87a27c8d8971ffb73d1ebf1f202cb4a28ec0
Instruction Fuzzy Hash: 422181B15093846FEB22CF65DC85F56BFB8EF46310F0884ABE9849F152C274A508CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0132B002, Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 0132B06C

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 6ea8091382e9aa743c5432bcffb9cc3ec4205a2d7cba06daf0e6e70291070d10
Instruction ID: c009f97b1b83f01a015acbde8d62ba4e65e6aa59dd5c8c249d86b3854f36d463
Opcode Fuzzy Hash: 6ea8091382e9aa743c5432bcffb9cc3ec4205a2d7cba06daf0e6e70291070d10
Instruction Fuzzy Hash: 1B1190B1500304AFEB22DF69DC84FAAFBACEF04324F04846AED459B656D674E548CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0132AC5E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 0132ACD8

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: d0f086663b18341b65bf28419085873b48c4952c1f3d25815d5a7569be37f4ca
Instruction ID: d40f2e388d5c33b3792e64899329d94c72d520a66b584e1876a283c449a39d3b
Opcode Fuzzy Hash: d0f086663b18341b65bf28419085873b48c4952c1f3d25815d5a7569be37f4ca
Instruction Fuzzy Hash: 52219071600714AFEB21DF29CC84F66FBECEF04724F04846AE945DBA52D764E408CA71

Uniqueness

Uniqueness Score: -1.00%

Function 0302050A, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 03020575

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 4cd650186ddbd1bafe870270c85e43189f2ca342ea32807553d954a74c36a42d
Instruction ID: de605f5f174989af410edca7d1a5f6e1d5d8486d5520341f57e54c9761388142
Opcode Fuzzy Hash: 4cd650186ddbd1bafe870270c85e43189f2ca342ea32807553d954a74c36a42d
Instruction Fuzzy Hash: 3A21AEB1601340AFE721DF69CC85B66FFE8EF04320F08846AED458B246D275E404CB71

Uniqueness

Uniqueness Score: -1.00%

Function 03021142, Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON

Download Yara Rule

APIs

accept.WS2_32(?,?), ref: 030211AD

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: accept
String ID:
API String ID: 3005279540-0
Opcode ID: 047e9a58bb287fc3fbf0b428591192ec6f42fd450f9c5ae492d59f35ce8dd652
Instruction ID: 82aeadb34e1c45fd6c600bf2a4e38b2f0800303051582ffdd9687f7497cbc33d
Opcode Fuzzy Hash: 047e9a58bb287fc3fbf0b428591192ec6f42fd450f9c5ae492d59f35ce8dd652
Instruction Fuzzy Hash: 7B219FB1501344AFE721CF69DD44B66FFE8EF04310F18846AED448B642D775A404CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0132B913, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 0132B990

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 47a983408189d89c58ea9f6036611735127128138f5eb0a47cee659b0dd89331
Instruction ID: e7ae2375755326bfbd6bc9dd9e92c4f2035b14882e9af3de367f08f2d89fb877
Opcode Fuzzy Hash: 47a983408189d89c58ea9f6036611735127128138f5eb0a47cee659b0dd89331
Instruction Fuzzy Hash: 952159724093809FDB128F65D944A96FFB4EF0B320F0985DAE9848F163C225A859CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0132B84E, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 0132B8BA

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 8b39cd285c9dc7d1b9276622d4d44918e2a4c61c73e336221b596efe46c064ef
Instruction ID: 4dac4d963cd5581bcba4e1854e5020413f68481c3f968c3f6af1a772414398ca
Opcode Fuzzy Hash: 8b39cd285c9dc7d1b9276622d4d44918e2a4c61c73e336221b596efe46c064ef
Instruction Fuzzy Hash: 2A21CD71504344AFEB21DF69DC44B66FFA8EF08320F08886EEA858B646D375A408CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0302060A, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 0302067E

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 6cf3388014f11c784094430083a4261e926beecb7029ed00a44e2464cba7f229
Instruction ID: 91a1d0228ac0719722b1a468fc18eaba08eaa7b4147fb1951befc5a9068de426
Opcode Fuzzy Hash: 6cf3388014f11c784094430083a4261e926beecb7029ed00a44e2464cba7f229
Instruction Fuzzy Hash: 82219D71501344AFE721CF69DD88F6AFFE8EF08320F04845EE9859B652D275A509CB61

Uniqueness

Uniqueness Score: -1.00%

Function 03021815, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 03021891

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 97891661893e2f03f395b873ff08e83218eb77011f24529cabc468e08402fb60
Instruction ID: abeac52a646ac4da9d0ac3e635536f6ad5ca1c4884e27f4af6e58cd9cb5ba2c2
Opcode Fuzzy Hash: 97891661893e2f03f395b873ff08e83218eb77011f24529cabc468e08402fb60
Instruction Fuzzy Hash: 842193755093846FD762CA15DC84B52FFE8EF06214F0C808AED84CB253D265E908C761

Uniqueness

Uniqueness Score: -1.00%

Function 0302026E, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 030202E0

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: dd3787367b73dce7d23edf5bc2048acfe831f467ab45d36244806311811d98fe
Instruction ID: 8607453a76e0ead4a3b233e49095b5762c43081f192be399b4bb2d952a72f3a5
Opcode Fuzzy Hash: dd3787367b73dce7d23edf5bc2048acfe831f467ab45d36244806311811d98fe
Instruction Fuzzy Hash: 1B117C72601304AFEB61CE56CC85F6AFBECEF08720F08846AE9459B652D764E408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 03020C56, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 03020CB5

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: c84efea4940d4d291c0b269c2ecf7de74caa7928d0c8a6aaf91ecc7a97f289a9
Instruction ID: a5fffdc950213bb9204016894d1b6365cc64b55e0098da35a137fc5efa705f32
Opcode Fuzzy Hash: c84efea4940d4d291c0b269c2ecf7de74caa7928d0c8a6aaf91ecc7a97f289a9
Instruction Fuzzy Hash: D311B6B1601304AFEB21CF65DC45F6AFFA8EF04320F14886AED459B656D674E404CB71

Uniqueness

Uniqueness Score: -1.00%

Function 03021246, Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 030212AA

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 7de46d2527d2e6a31a21d80b87190c9ce5b2b50c8b1b5146d7a6e6795c5e4016
Instruction ID: d18c08a628f7b678943b6e460d1d674a87866e9fe505720e631b602d98c326a4
Opcode Fuzzy Hash: 7de46d2527d2e6a31a21d80b87190c9ce5b2b50c8b1b5146d7a6e6795c5e4016
Instruction Fuzzy Hash: FF115EB1501344AFE721CF65DD84F9ABBACEF04320F18886AE945DB246D674E508CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 03020F82, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

getsockname.WS2_32(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 03020FE3

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: getsockname
String ID:
API String ID: 3358416759-0
Opcode ID: d09317fd1b6d12212559851d166c4a0d27bbbd86f3067d3f2bb407671ec2a41d
Instruction ID: 95d415332e9730e03366eff85f9c2ebd1f9436f71e2d9914b0edbf6d59c50daa
Opcode Fuzzy Hash: d09317fd1b6d12212559851d166c4a0d27bbbd86f3067d3f2bb407671ec2a41d
Instruction Fuzzy Hash: 8C1190B1501304AFE761CF55DC84B9AFBE8EF04320F0884AAED459B646D674E408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 03021CB1, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 03021D25

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 52bb6719a89d6e718fea1dd245e53a6aaac658211fb74bdb243fac96d3140e82
Instruction ID: 7657d5962d58d16b68e4997ae0de91cf6c28a3dc76973ddb2d8d95f10a8d1f28
Opcode Fuzzy Hash: 52bb6719a89d6e718fea1dd245e53a6aaac658211fb74bdb243fac96d3140e82
Instruction Fuzzy Hash: 94218C7140A3C09FDB238B25CC54A52BFB4EF07210F0D84DAE9848F563D225A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0132A5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0132A61A

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d7f2adbc28f2e877da0215160aff806bac8a3ce80db4d68eb9989ba110c6cdf4
Instruction ID: eeb47a72662d3ea78b02df6b298887b2db5089e0584a80636723fe8e12db91e9
Opcode Fuzzy Hash: d7f2adbc28f2e877da0215160aff806bac8a3ce80db4d68eb9989ba110c6cdf4
Instruction Fuzzy Hash: FC117F72409380AFDB228F55DC44A62FFF4EF4A224F0888DAED858B563C375A418DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0132A65A, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0132A6CC

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 953db49ca5721466cd2f902752cd05b87a90b707da36f00ca5c2fddd402e450e
Instruction ID: 5deb0235477a5ecb6407e1cff368247b4539e9344229f66ba42ec1f217fff320
Opcode Fuzzy Hash: 953db49ca5721466cd2f902752cd05b87a90b707da36f00ca5c2fddd402e450e
Instruction Fuzzy Hash: 5E1159714093C45FD7138B25DD94A62BFB4DF47624F0980DBED848F263D2656908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 03020032, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 03020091

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: fd97965385a79575aaa005ff695133c5a7f66909844b502ec3cb71adb3d17f8c
Instruction ID: 73fa13e80dafae8b4bc8a3fde4346ebf1a15c1e9277cccf8f66634e75bb04360
Opcode Fuzzy Hash: fd97965385a79575aaa005ff695133c5a7f66909844b502ec3cb71adb3d17f8c
Instruction Fuzzy Hash: 5B11C471501304AFEB21CF55DD84F5AFFA8EF04320F04886AED459B546D274E408CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 030201AA, Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 03020226

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 3693f8c65bf2c45dbf1e940e9b127d047072143531a53520857e5713ca848d03
Instruction ID: 2597113f2e4256a07421addde011afcad55f3f388d8ce24dedf0938fdaeef551
Opcode Fuzzy Hash: 3693f8c65bf2c45dbf1e940e9b127d047072143531a53520857e5713ca848d03
Instruction Fuzzy Hash: AF11E6715093806FD3218B25CC45F26FFB4EF86720F09818FEC448B682D225B809CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 03021066, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 030210BF

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 56c1ffdc658ecf1942ae418701186703a35d87932035ff45cc2b22b0f37f9a36
Instruction ID: 4f37cc413f3b8d962ab106209fe18a20b47a5c6214bed9e95ffacaced482fc8f
Opcode Fuzzy Hash: 56c1ffdc658ecf1942ae418701186703a35d87932035ff45cc2b22b0f37f9a36
Instruction Fuzzy Hash: 4311A3B1505344AFEB21CF5ADC85B6AFFA8EF04320F1888AAED459B646D674A404CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0132A2D6, Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0132A32C

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 0b1c1b84c95edef75359acc796139a4a306ead9c51f8baabf5fadd913916bf69
Instruction ID: 7f8059b4d938368f14befbd3287b983e0ae58a7bb190e67cb30ade6c59925dcc
Opcode Fuzzy Hash: 0b1c1b84c95edef75359acc796139a4a306ead9c51f8baabf5fadd913916bf69
Instruction Fuzzy Hash: A511C6715093809FD712CF29DC84B56BFA8EF02620F0884ABED858F653D274A808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0132A87F, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 0132A8E0

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 370a7e433fbf3c4484f363f62dac234b0d2d836b6a183f39ffe2c98ffd82b2d8
Instruction ID: 629fdb07d0874c513ea37494f06f804862bdbd8b39d70e8f32ccd6ba9f843870
Opcode Fuzzy Hash: 370a7e433fbf3c4484f363f62dac234b0d2d836b6a183f39ffe2c98ffd82b2d8
Instruction Fuzzy Hash: 02118F715493849FDB128F15DC84B52BFB4EF06224F1884DBED858F653D275A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 030214A4, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 03021504

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 53761dadd9654fb282079e7b1cc4ec3ff37c79e101ca423f6f837454b0477420
Instruction ID: bd84d56b6894f75e26cef5f3946bad99a5a0af5c6d350b34fde74252ccd2aed5
Opcode Fuzzy Hash: 53761dadd9654fb282079e7b1cc4ec3ff37c79e101ca423f6f837454b0477420
Instruction Fuzzy Hash: BB118E71409380AFDB22CF55DD44A52FFF4EF06220F0888DEED858B662C375A418CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0132BD42, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,B3D3861B,00000000,00000000,00000000,00000000), ref: 0132BD95

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 23a4841f5b0f36c9d6333928591a4a6aa1d885361b98e76b63bd2e953ff5c074
Instruction ID: 46cdeba92b955938b4c8098399f4c1b15e6f5d86c8a316670e20c1fc7501d0ba
Opcode Fuzzy Hash: 23a4841f5b0f36c9d6333928591a4a6aa1d885361b98e76b63bd2e953ff5c074
Instruction Fuzzy Hash: AE01F571600344AFE721DF19DC85BA6FB9CDF04720F18C49AED449B64AD678E408CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 0132A172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(?,00000E2C,?,?), ref: 0132A1BD

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aa604fb8c729030e5e72731027e0833e8453ad63f91e250a22b998f91a6f1f8e
Instruction ID: 112e665b97e42aa43b7b9696b2733cc0d8c9a327ed303f0088d1520682dc3afb
Opcode Fuzzy Hash: aa604fb8c729030e5e72731027e0833e8453ad63f91e250a22b998f91a6f1f8e
Instruction Fuzzy Hash: 4B01B171500600AFD710DF1ADC81B26FBA8EF89A20F14816AED088B641D231B916CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0302141E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNELBASE(?,00000E2C,?,?), ref: 0302146E

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: e2a34478e5a319a530d6ebe4d5161f9b36a1f49fb7e33dc557d074c693091689
Instruction ID: 0b42981903cf819b552cdf75e5bfa27693b055a98c637b75ff8d22bc710a5b0f
Opcode Fuzzy Hash: e2a34478e5a319a530d6ebe4d5161f9b36a1f49fb7e33dc557d074c693091689
Instruction Fuzzy Hash: 43017171500604AFD714DF1ADC85B26FBA8EF89B20F14856AED089B641D231B916CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 03021846, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 03021891

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: ffe988c180055e870486f48064c87ba172d33871b4906c6d1c68da5eddc71ca1
Instruction ID: 4bac1ad22e47b8e68bcbd8c65af0733549ce745f1b04e2c409697ce8cc5c7723
Opcode Fuzzy Hash: ffe988c180055e870486f48064c87ba172d33871b4906c6d1c68da5eddc71ca1
Instruction Fuzzy Hash: F10180756012049FD764CE5AD884B16FFE8EF04624F08859ADD498B642E379E408CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0132A5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0132A61A

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5d9af17c4a5cf8417515973528efbf9fa55357a3cc8fdcb293e7ea32aed5a37a
Instruction ID: b12ec3bf78a31e878d1fb7ada139c4344089c073fd7741b2bc099e9ac04fce2c
Opcode Fuzzy Hash: 5d9af17c4a5cf8417515973528efbf9fa55357a3cc8fdcb293e7ea32aed5a37a
Instruction Fuzzy Hash: 410157725007049FDB319F99D944B56FFE4EF48720F08C8AAEE894BA16D375A418CF62

Uniqueness

Uniqueness Score: -1.00%

Function 0132B7B2, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 0132B802

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: ea2569865c192632276460bdebe63786844edab21f4a315f5c6972901827de0d
Instruction ID: 4665b4083d2ee301e5fa37122290efd454b70ba29c67b6a6c1e35a06c846ea44
Opcode Fuzzy Hash: ea2569865c192632276460bdebe63786844edab21f4a315f5c6972901827de0d
Instruction Fuzzy Hash: F701A271500604ABD324DF1ADC82B26FBA8FF89B20F14811AED084B741D271F916CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 0132A2FA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0132A32C

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 0de99b299056eddfed1afc4a7bcd2b57f32ce601c2deea28217326bb59b0e507
Instruction ID: a59ab60bada0c4f9d3633d98df33f97dabdfcfe82d5769daa2397f3d3a590934
Opcode Fuzzy Hash: 0de99b299056eddfed1afc4a7bcd2b57f32ce601c2deea28217326bb59b0e507
Instruction Fuzzy Hash: 7801A7716043448FDB50DF19D884755FB94EF04624F08C4ABDD458FA46D774E808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0132B952, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 0132B990

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 9d339c254431ca4cf59eb870a4f299618d4d3cf787b4e3457d5a4dc958c3e6f3
Instruction ID: ca864d424ff74f73600ce5f66463984e816f9af24a35e9ce150f11426b99bf27
Opcode Fuzzy Hash: 9d339c254431ca4cf59eb870a4f299618d4d3cf787b4e3457d5a4dc958c3e6f3
Instruction Fuzzy Hash: BD015E71600344DFDB21DF59D944B56FFA4EF08724F0888AADD894BA1AD375A418CF72

Uniqueness

Uniqueness Score: -1.00%

Function 030214C6, Relevance: 1.5, APIs: 1, Instructions: 43fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 03021504

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 0d62e002dd20c77924744a6486c7a7443aa54c176dfd6176c1ad848bb80f55aa
Instruction ID: 2afbf3779042966ede94f098e74fcbbbaa35f88e730ab1ba249174ba76248bcd
Opcode Fuzzy Hash: 0d62e002dd20c77924744a6486c7a7443aa54c176dfd6176c1ad848bb80f55aa
Instruction Fuzzy Hash: 0A018C32501340DFDB60CF55E944B56FFE4EF04320F0888AADD4A4BA16D375A418CB62

Uniqueness

Uniqueness Score: -1.00%

Function 030201D6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 03020226

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: b68d812d8398fdc3db1f3b35631fd8b0b699c65e9c21373d02a45578718f0f73
Instruction ID: 148d248133792a30a1f4b709878ff2ef358aa895fb5458e5c6ac57b072ae5925
Opcode Fuzzy Hash: b68d812d8398fdc3db1f3b35631fd8b0b699c65e9c21373d02a45578718f0f73
Instruction Fuzzy Hash: 6201A271500604ABD324DF1ADC82B26FBA8FF89B20F14815AED084B741D231F916CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 0132A8AE, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 0132A8E0

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 9faa90be95c18dd5892ca94e6bf7ec34be8777082c35c7b4982d2349e711187e
Instruction ID: b47870132916d3acc22be501ade7ffba77040230b189a7d28beb2bb6ea8a54c0
Opcode Fuzzy Hash: 9faa90be95c18dd5892ca94e6bf7ec34be8777082c35c7b4982d2349e711187e
Instruction Fuzzy Hash: 2801AD759003448FDB20DF1AD884766FFA4EF04724F08C4AADD488FA06D279A508CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 03021CEA, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 03021D25

Memory Dump Source

Source File: 00000005.00000002.674231529.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3020000_JUST1F1.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 95abbbbf3c4f66919fe70539eb493b9abf872d6ae998a2c0c8fd94565a9a9d82
Instruction ID: c8a2d8aec7f8ece8dfe0831f0128d65d19d8adc9d4b911562dd546d084422314
Opcode Fuzzy Hash: 95abbbbf3c4f66919fe70539eb493b9abf872d6ae998a2c0c8fd94565a9a9d82
Instruction Fuzzy Hash: FC017831501340DFDB60CF56D884B65FFA4EF08320F08C89ADE490B626D375A418CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0132A69A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0132A6CC

Memory Dump Source

Source File: 00000005.00000002.673898793.000000000132A000.00000040.00000001.sdmp, Offset: 0132A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_132a000_JUST1F1.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: af4968acc65966a188655c5b302eda3f88152f0931c7e3fe1bcedc99c5039785
Instruction ID: 75f53d720e5c93be00e372c73041b30742c8ca7445876822f9b511fb7583c191
Opcode Fuzzy Hash: af4968acc65966a188655c5b302eda3f88152f0931c7e3fe1bcedc99c5039785
Instruction Fuzzy Hash: 09F0AF345007448FDB209F1AD984761FFA4EF44334F08C09ADD494BA56E379A448CEB2

Uniqueness

Uniqueness Score: -1.00%

Function 02FA05B0, Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

:@fq, xrefs: 02FA06DC

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID: :@fq
API String ID: 0-3673016210
Opcode ID: 65ef9744904dd64d8605556697d0c75b371330d6282822d1ea43f7477412c1ef
Instruction ID: 87d3ef505df85e9a80515f28da6b86852100ee6d7dd41e52f42e0d53b1837ffa
Opcode Fuzzy Hash: 65ef9744904dd64d8605556697d0c75b371330d6282822d1ea43f7477412c1ef
Instruction Fuzzy Hash: 6991D3B4E01218CFDB14DFA9D8A4BADBBF1BF89314F108169D509AB3A0DB319945CF51

Uniqueness

Uniqueness Score: -1.00%

Function 02FA05A0, Relevance: 1.4, Strings: 1, Instructions: 179COMMON

Download Yara Rule

Strings

:@fq, xrefs: 02FA06DC

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID: :@fq
API String ID: 0-3673016210
Opcode ID: 105b0a08f71d34e3dd8ba83a80f443c0c7720cd9b0bac09a8b9786b384d15e07
Instruction ID: 1c3fbd7e6df368173104067c9b06febebbcbab35bfd98b28408028d091a93128
Opcode Fuzzy Hash: 105b0a08f71d34e3dd8ba83a80f443c0c7720cd9b0bac09a8b9786b384d15e07
Instruction Fuzzy Hash: B871F6B4E01218CFDB24CFA9D4A4BADBBF1BF49314F2081A9D509AB350DB319985CF51

Uniqueness

Uniqueness Score: -1.00%

Function 02FA4576, Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

, xrefs: 02FA48C6

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 681e5d412bd12391ab0e84fcfd686628ca10eef184ddce1a586a14b59b28eb99
Instruction ID: 8a4166dc4b47be7ab174b78a298884950deaa5d92c65765c5c9cdcb3ebc3f249
Opcode Fuzzy Hash: 681e5d412bd12391ab0e84fcfd686628ca10eef184ddce1a586a14b59b28eb99
Instruction Fuzzy Hash: 4A4107B5E15248CFDB10DFA8E868A8CBBB1FF45345F1581AAE409AB311DB749D41CF10

Uniqueness

Uniqueness Score: -1.00%

Function 02FA426A, Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

, xrefs: 02FA48C6

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: bd24e51495c825b6602576329261a47a0a62eab67afbd4424d7277959b69fc46
Instruction ID: 7969d622ab224c1cb214becb312e6418ede4e19585fdd9b6a1dbd2524afe02da
Opcode Fuzzy Hash: bd24e51495c825b6602576329261a47a0a62eab67afbd4424d7277959b69fc46
Instruction Fuzzy Hash: 9531E6B4E14208CFDB10DFA8E9A8A9CBBB1FB44345F20856DE515AB391DB749D41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02FA4A88, Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

, xrefs: 02FA48C6

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 5f0eb3638ad5f815b7462b418117e3c78dd3d9508286dc72c113b6e12f29d8a8
Instruction ID: f36dfbbe8708a89fd47a9660b3fce56913f826bc07a69cb43a754f5c8813bfa1
Opcode Fuzzy Hash: 5f0eb3638ad5f815b7462b418117e3c78dd3d9508286dc72c113b6e12f29d8a8
Instruction Fuzzy Hash: BD3127B4D11208CFDB10DFA8E9A8B9CBBB1FB04345F1085A9E509AB350CB749D85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 02FABB4B, Relevance: 1.3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

Strings

(, xrefs: 02FABB9D

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 4785c66ed84ec293ecf60c6049057339044e49a8ca3926da144b2aef21a89d97
Instruction ID: 70422d581d5073ecfc07d836f8c96f96b2db8b0ebbe7d1080a4e4ad87b5c4194
Opcode Fuzzy Hash: 4785c66ed84ec293ecf60c6049057339044e49a8ca3926da144b2aef21a89d97
Instruction Fuzzy Hash: F10169759082188FD710CB50CCA5BD8BBB0BB1A350F2086CAD188E7181C7B99A86CF40

Uniqueness

Uniqueness Score: -1.00%

Function 02FAC3A1, Relevance: 1.3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

Strings

9, xrefs: 02FAC41F

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 483839e3383e943e717ca8fe2e7786b4a3cf341ee120ce7d46a229ef62afec9c
Instruction ID: 1d02eca29ab38a7dfbcd7e9699d6c4359ffc91fa06e19c98661d0b3014f7d366
Opcode Fuzzy Hash: 483839e3383e943e717ca8fe2e7786b4a3cf341ee120ce7d46a229ef62afec9c
Instruction Fuzzy Hash: F301F670940269CFCB25DF24C8A47EDBBB1BB19359F2086EAC549A3290CB755EC1CF41

Uniqueness

Uniqueness Score: -1.00%

Function 02FAC308, Relevance: 1.3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

Strings

5, xrefs: 02FAC345

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID: 5
API String ID: 0-2226203566
Opcode ID: 018f63dc962fe454c0bc4fb4c0bb258bcc0aca8862b0fb177a483dd338928dbc
Instruction ID: f52d88e055f656c013bc3b694c2ca9f8d58d12893e2f64a72e316ac8f13af622
Opcode Fuzzy Hash: 018f63dc962fe454c0bc4fb4c0bb258bcc0aca8862b0fb177a483dd338928dbc
Instruction Fuzzy Hash: 0C01CCB19042288FDB60CF68C890BD8BBB4BB19351F5085DAD68CE7240C7759EC5CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02FAC859, Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

1, xrefs: 02FAC8C2

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID: 1
API String ID: 0-2212294583
Opcode ID: 200192be192f5ec57b0352013667035ac0f413fbbd2720f769b1caab8099137d
Instruction ID: b71f4cd7da32ac7571a5d0c275d682256276bc0624d0d4a2e4ff85cf73ee0720
Opcode Fuzzy Hash: 200192be192f5ec57b0352013667035ac0f413fbbd2720f769b1caab8099137d
Instruction Fuzzy Hash: BEF07FB0905229CEDB20DF19C998BD9B7B1BB19341F6085DAC188A3241D7759EC0CF51

Uniqueness

Uniqueness Score: -1.00%

Function 02FAC94A, Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

., xrefs: 02FAC992

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: e9892e922985d641b4260f70ab1be89093c21a829ae6fe3c09ef1527238128be
Instruction ID: 6f377705621e01fb017f739f3a5990474deb3a58685bff6fd25d523ce4014c0a
Opcode Fuzzy Hash: e9892e922985d641b4260f70ab1be89093c21a829ae6fe3c09ef1527238128be
Instruction Fuzzy Hash: F9F0FF75900228CFCB60CF54CC94BD8BBB5BB49305F2080CAD408A7200C7369E86CF40

Uniqueness

Uniqueness Score: -1.00%

Function 02FAB1EB, Relevance: 1.3, Strings: 1, Instructions: 10COMMON

Download Yara Rule

Strings

), xrefs: 02FAB1FE

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID: )
API String ID: 0-2427484129
Opcode ID: 63029b2a5258626676246cfbf1d986904237586ec589e7b65c160a3f959e3e53
Instruction ID: c22c9b560b6a8d546e061299e44e584de6ceaefe0a74d05fde9b1c32919bea9c
Opcode Fuzzy Hash: 63029b2a5258626676246cfbf1d986904237586ec589e7b65c160a3f959e3e53
Instruction Fuzzy Hash: 5BD0C970E1010CCFEB048F18F09966DB771FB66399F105585E10697210DB309D91CF00

Uniqueness

Uniqueness Score: -1.00%

Function 02FA3240, Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6888f1317f86c36d4c0118d63cdde6a72d35e8233b4a2205dcaef1782d5554c1
Instruction ID: 59fd74f8ae86cebb355a1e9ff6c638cd777f9e5a01f538ff6de4a62bfde14224
Opcode Fuzzy Hash: 6888f1317f86c36d4c0118d63cdde6a72d35e8233b4a2205dcaef1782d5554c1
Instruction Fuzzy Hash: 44813BB4E14258CFEB10DFA8C964B9DBBB5FF49389F508099D609AB244CB345E45CF11

Uniqueness

Uniqueness Score: -1.00%

Function 02FA10F1, Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9030431b3e9c63004a8a1007f710bf138f853994939873f5c8da323e7783ab4e
Instruction ID: 5bb118b20df788bda5afc795ef80c3e9366210a61eb531c488be74c3961ca428
Opcode Fuzzy Hash: 9030431b3e9c63004a8a1007f710bf138f853994939873f5c8da323e7783ab4e
Instruction Fuzzy Hash: CD812BB4E00258CFDB54DFE9D8986AEBBB2FF89344F218169E509AB344DB345941CF11

Uniqueness

Uniqueness Score: -1.00%

Function 02FA3381, Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47c325cb5bb2273b0d252e328df2d9afc1e389e6ccfac4c403320590f371abb6
Instruction ID: 0ce6c8d831035e41c843bfb4ff6b3c1014abdf87435d46a5cfad66afecafd4d5
Opcode Fuzzy Hash: 47c325cb5bb2273b0d252e328df2d9afc1e389e6ccfac4c403320590f371abb6
Instruction Fuzzy Hash: 64713BB4E14258CFEB10DFA8C964B9DBBB5FF49389F508099D609AB244C7345A86CF11

Uniqueness

Uniqueness Score: -1.00%

Function 02FA3195, Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8909d6623b8a6804b5c9179c42eeddebc37c33814fc6bcdb24931e673d5994b5
Instruction ID: 96c505ca93e3d7ef79c247e7f460854da226c2841b9fa1c29da632760676ace1
Opcode Fuzzy Hash: 8909d6623b8a6804b5c9179c42eeddebc37c33814fc6bcdb24931e673d5994b5
Instruction Fuzzy Hash: 666169B4E05298CFEB10CFA8C8A4BADBBB5BF49399F5080D9D209AB244C7344A45CF11

Uniqueness

Uniqueness Score: -1.00%

Function 02FAAB68, Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89f16c80116d9d907b151f4c679da1181847e6df66bc4030289037ec877e9350
Instruction ID: d02785b43319940c2b9951ebe7ea381b1538cd5eb83b80686ae15ba6ee642cb1
Opcode Fuzzy Hash: 89f16c80116d9d907b151f4c679da1181847e6df66bc4030289037ec877e9350
Instruction Fuzzy Hash: 895177B1E052088FEB00CFA9C550BEEBBF2BF49354F289159D115B7394D7309A89CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02FA31FF, Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4feccd171a275c8afdd849179270b40f54f13b1b6b1a5c250e763376a05a2d2
Instruction ID: f1c786b5d961d97190dab8f1684df42dcc36b7dc66b95dc635ea9593c9b5bef1
Opcode Fuzzy Hash: a4feccd171a275c8afdd849179270b40f54f13b1b6b1a5c250e763376a05a2d2
Instruction Fuzzy Hash: 585149B4E15258CFEB10DFA8C964BADBBB5BF49359F908099D209AB244C7344E85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 02FA3257, Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56c5768226b9632723cdc609bc7f7142cc3706d8b6c8872c42ce9bd109efdcb0
Instruction ID: 55c96f9003eb8fc74c8a3fb27d2e397b859df3915eba5b382d0a7efad7b88f74
Opcode Fuzzy Hash: 56c5768226b9632723cdc609bc7f7142cc3706d8b6c8872c42ce9bd109efdcb0
Instruction Fuzzy Hash: 115148B4E14258CFEB10DFE8C9A4B9DBBB5FF49399F508099D209AB244C7345A85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 02FA3AF0, Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c108c304daa75515952e5bf53387fc12821751f86389873dfb4cc034239f4dbe
Instruction ID: acd862d007a03b307fbbe895f036f203be5186978eb215acee818ff6786a48d5
Opcode Fuzzy Hash: c108c304daa75515952e5bf53387fc12821751f86389873dfb4cc034239f4dbe
Instruction Fuzzy Hash: 43516FB4E09218DFCB00DFE9D4A0AEDFBF6BF4A394F649189D116AB255C730A941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0270, Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fa7ae1473a9f2b1a798ad23362cb4e91ce28142da73710ff3b188f281e446cc
Instruction ID: cb75174a5332fcb8be8ab6a47f20e2a76d66d4ae339710facc026ee7141632e5
Opcode Fuzzy Hash: 5fa7ae1473a9f2b1a798ad23362cb4e91ce28142da73710ff3b188f281e446cc
Instruction Fuzzy Hash: E75190B8E04218DFDB10CFA8C495BADBBF1AF4D354F104499EA01AB360DB35A984DF65

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0280, Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b95414fe61f25764e86b0cad523ae246ba2b64344f5c4f8ab9298695492bbca
Instruction ID: 69ce391807424b5a2a44c22deb961f911ee67d9ea63bf0fbe700423cb86ec41a
Opcode Fuzzy Hash: 6b95414fe61f25764e86b0cad523ae246ba2b64344f5c4f8ab9298695492bbca
Instruction Fuzzy Hash: 7541AEB8A04318DFDB10CFA8C495BADBBF1AF4D354F104499E602AB360DB35A984DF65

Uniqueness

Uniqueness Score: -1.00%

Function 02FA2E08, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e5e40463289709254bb9718ad3854f2498fd480877c8d17717f5394c327a40d
Instruction ID: 6df552243f08d0f4babd8b23756cb00c747bbe1365c749c60065012446f22fc3
Opcode Fuzzy Hash: 3e5e40463289709254bb9718ad3854f2498fd480877c8d17717f5394c327a40d
Instruction Fuzzy Hash: 404138B4F04219DFCB04DFA8D8A46EEBBB6FB89340F208169E905A7354DB354941CF55

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0DE7, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4df793096834913689729d84b1fc6a079dff45a96a8f0e958c1166fb13e8d66
Instruction ID: 7925ddc5143b01aa6498cf5846e98f11014e8e8283a80dba6e13f2e346115a19
Opcode Fuzzy Hash: f4df793096834913689729d84b1fc6a079dff45a96a8f0e958c1166fb13e8d66
Instruction Fuzzy Hash: 0A41F8B4E10208DFDB09DFA9D890AAEFBF2FF89304F10806AE805A7365DB355941DB51

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0DF8, Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f71f21c0c0adea6f2a6bf4489f99b20c67e99d23acc450b32d041b211d018e1b
Instruction ID: d598b84ff3b0b248e784a3259b79beef32d4a94714f2c27dd6a5351269887726
Opcode Fuzzy Hash: f71f21c0c0adea6f2a6bf4489f99b20c67e99d23acc450b32d041b211d018e1b
Instruction Fuzzy Hash: C341B8B4E11218DFDB08DFA9D890AAEFBF2FF88304F208069E90567364DB359941DB55

Uniqueness

Uniqueness Score: -1.00%

Function 0133ABE8, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 580274699ea556c08e2fd1fe7d83879b095f81cb751ec7b59bdfe1aa7d8fa20e
Instruction ID: 531c744c269348a08c48bffe33de97da47a5381a848868ed04615409daf3b315
Opcode Fuzzy Hash: 580274699ea556c08e2fd1fe7d83879b095f81cb751ec7b59bdfe1aa7d8fa20e
Instruction Fuzzy Hash: FD318FB6509300AFD310CF19DC41E57FBE8EB89620F04C86EFD499B211D275E904CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0133AABE, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a361505169bf906ce013d8b2cd6e85f6e3deb11f7bfb48369cfe4ac46eef1784
Instruction ID: f88646df6e8ff1cd69c374b075f58292add6c8b552481658b31be9afdc3b4d95
Opcode Fuzzy Hash: a361505169bf906ce013d8b2cd6e85f6e3deb11f7bfb48369cfe4ac46eef1784
Instruction Fuzzy Hash: 2A3171B6549340AFD310CF19EC41A57FBE8EB89620F18C86EFD489B211D275E9048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0133A98F, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06041fb82706f9fdd171b8456599f8896a0302ae6818c1bb5356caa64e1e342e
Instruction ID: 4801fd80fa250eb2a014604551fb3e7232d8cb3445e8d72f0892879f739ffa2a
Opcode Fuzzy Hash: 06041fb82706f9fdd171b8456599f8896a0302ae6818c1bb5356caa64e1e342e
Instruction Fuzzy Hash: DF3182B6548344AFD310CF19DC41A57FBE8EF85620F08C86EFD589B211D275E9088FA2

Uniqueness

Uniqueness Score: -1.00%

Function 0133A863, Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9a5d5c7af89a1d493e41062b5499fb8f1f313580a939d6eb36f39d036aafee2
Instruction ID: 60c285ea15f542b6adf74345c8ea0bc182f8d7cee335f096490063dcbfe221bf
Opcode Fuzzy Hash: d9a5d5c7af89a1d493e41062b5499fb8f1f313580a939d6eb36f39d036aafee2
Instruction Fuzzy Hash: C521BF76548304AFD3108F15EC41A57FBE8EB85630F18C9AEED498B612D275B9048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0133A64B, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07bb5ff35283ca608647229d5af65e9f2fa2e63049e48291453285657147e999
Instruction ID: 93ed1a4ed7a24bfb3bbdc8cbf58ead6aa5a04ef264bb21ea81a25acd43bd3246
Opcode Fuzzy Hash: 07bb5ff35283ca608647229d5af65e9f2fa2e63049e48291453285657147e999
Instruction Fuzzy Hash: DE21BFB6544340AFD3108F15EC41E57FBE8EF85630F18C86EED498B212D235A8048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0BD0, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42a70f6dfbc13550c934a61c4fbff60f243c1c959ec41f1f523d1a345e6b29c5
Instruction ID: 0f3a1f53e151e75bdb5e3259af27e29a7d80348bd89cda9d043705e17dac3683
Opcode Fuzzy Hash: 42a70f6dfbc13550c934a61c4fbff60f243c1c959ec41f1f523d1a345e6b29c5
Instruction Fuzzy Hash: 73318DB4E012099FCB44DFAAE990A9DBBF2FF49310F10906AE918B7314DB746945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0133AD6C, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da1d5a48256679a89c28bdd2ddf06df9fbc3c98d4c9c96603ca2150f7d9edac8
Instruction ID: 1fe48e37bce6687233a003e2e53c7c8ac87c4679ab923495802da09e0ea98661
Opcode Fuzzy Hash: da1d5a48256679a89c28bdd2ddf06df9fbc3c98d4c9c96603ca2150f7d9edac8
Instruction Fuzzy Hash: 35314CB550E3C19FD302CF258854956BFF4EF86614F0988DEE8C8DB253D275A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0133A436, Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b8f7c8b82e76df8551e2da343dcbeae65586c49bfa9f55483c8d790bfb90db2
Instruction ID: aaa6cf1108bc424a9ebe1677d8c605f4c1365b64f51ad4abcfb5aea4da591004
Opcode Fuzzy Hash: 2b8f7c8b82e76df8551e2da343dcbeae65586c49bfa9f55483c8d790bfb90db2
Instruction Fuzzy Hash: 7C21C576504204BFD7108F15DC41E63FFACEB85630F19C46AFD485B612D271B804CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0006, Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56b68d08009b4bf61b01925d54da9c1f3e2aaa59f0e56aa4dff4172c2e21a083
Instruction ID: bac7f615dac73e53824dcdeda889a01eaca2d3a8bafcac2a1eeeb804c19ac374
Opcode Fuzzy Hash: 56b68d08009b4bf61b01925d54da9c1f3e2aaa59f0e56aa4dff4172c2e21a083
Instruction Fuzzy Hash: D1211D7085E3C49FD7538B7488756AA7FB0AF07214F1A44DFD4C0DB1A3D629281ACB66

Uniqueness

Uniqueness Score: -1.00%

Function 0133A9BA, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c47ca6749b5f3a9dabac4bcd05985eccfb0df592689e667624ad0f279c65c1a
Instruction ID: 7127a50c4c0672c3248fc245a93cbdf351ed1c344a4072116fba8e365d4648b0
Opcode Fuzzy Hash: 0c47ca6749b5f3a9dabac4bcd05985eccfb0df592689e667624ad0f279c65c1a
Instruction Fuzzy Hash: 26214CB6644304AFD310CF0AEC41A57FBE8EB88630F14C92EFD5897311D275E9188BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0133AC12, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41bf2fb912702a4821fa7ad4b5e2d019d7bf49eac096556cb869d4f464dfa83f
Instruction ID: 67f98f3962c980721c0d5ad291942a2dbb1639620666c9cd566acb3d8275d364
Opcode Fuzzy Hash: 41bf2fb912702a4821fa7ad4b5e2d019d7bf49eac096556cb869d4f464dfa83f
Instruction Fuzzy Hash: 7E213AB6644304AFD310CF0AEC41A57FBE8EB88620F14C92EFD5897311D271E9188BA6

Uniqueness

Uniqueness Score: -1.00%

Function 0133AAE6, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13c7410ede2ecf1898e5336d7e3c4102be1e6715defe2f8f1e56967101778328
Instruction ID: 0ccdd73e4aedd4bf8c2893ff5920618cde014816d210cbc550088a0253789801
Opcode Fuzzy Hash: 13c7410ede2ecf1898e5336d7e3c4102be1e6715defe2f8f1e56967101778328
Instruction Fuzzy Hash: 3C212CB6644304AFD310CF0AEC41A57FBE8EB88630F14C92EFD5997711D275E9188BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0133A88E, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b1cea3cb25e016c0f4d47a976992813446651afcfb4f002b946f5843b8c9958
Instruction ID: efa9df341a4516a558e29520583f47726bc4af5e26e82514559a82ca0991fbc9
Opcode Fuzzy Hash: 1b1cea3cb25e016c0f4d47a976992813446651afcfb4f002b946f5843b8c9958
Instruction Fuzzy Hash: 17119376644204BFD7108F06EC41E67FBE8EB84630F18C96EFD195B711D276F9148AA2

Uniqueness

Uniqueness Score: -1.00%

Function 0133A676, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ad796aba20467422f4f7e1474fe42f4b06cc83720b8bce6f2c0cb1fdc4b8ff8
Instruction ID: 2a290c0df485fc1495fdd948e973a8607724473876a713792544cce3890d0d89
Opcode Fuzzy Hash: 6ad796aba20467422f4f7e1474fe42f4b06cc83720b8bce6f2c0cb1fdc4b8ff8
Instruction Fuzzy Hash: E211B176644204AFD3108E06EC41E67FBE8EB88630F18C82AFD085B211D272B8048AA2

Uniqueness

Uniqueness Score: -1.00%

Function 0133A8E4, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89a0d67402ad386bcc9def9ae42b709bb04dc3a5190334a1868b4cce9f89d325
Instruction ID: 7f3d6870171c19dbca1bbaf5a821523bdeb22b0119b2a6723d6e5c80887e47e4
Opcode Fuzzy Hash: 89a0d67402ad386bcc9def9ae42b709bb04dc3a5190334a1868b4cce9f89d325
Instruction Fuzzy Hash: 2F215EB554D3806FD302CF25DC51956BFF4EF86620F0989DEF9889B253D235A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0133A45E, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dc2c383dc35b3c79b7a8566dc5daadcf55021d5645f8d31b3aa69f8d91f4034
Instruction ID: ceaefb0480429a53c60cba88532caf5adb577f597ce9e23f2b2cb52ba63cdb91
Opcode Fuzzy Hash: 6dc2c383dc35b3c79b7a8566dc5daadcf55021d5645f8d31b3aa69f8d91f4034
Instruction Fuzzy Hash: 4A11CA76640304BFD7108E06EC41E67FBACEB84630F18C46EFD095B601D172B9148BB5

Uniqueness

Uniqueness Score: -1.00%

Function 0303075C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674238234.0000000003030000.00000040.00000040.sdmp, Offset: 03030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3030000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f47213bdfeddea2b8ad15a702e1a9015988c10d75e89427d53edb5ca11c42bbd
Instruction ID: bbb4f7df45c2dba9815bd87dec2421b72529f4e1e79770c9980bfe267fc819ff
Opcode Fuzzy Hash: f47213bdfeddea2b8ad15a702e1a9015988c10d75e89427d53edb5ca11c42bbd
Instruction Fuzzy Hash: 9411B434606344DFD315CB14C980B2BBBD9EB49B08F28C9ACE94A0B652C77BD803CE51

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0CD8, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1faed3b0bb5103377826f30f7cd3d59452495d3ad8fbc73104fbf79ecd4c83a8
Instruction ID: ca363987db13d1cf50b974b1ac3163bf22ecb69887800eb5cb807c1db5c42e6b
Opcode Fuzzy Hash: 1faed3b0bb5103377826f30f7cd3d59452495d3ad8fbc73104fbf79ecd4c83a8
Instruction Fuzzy Hash: 3A21D8B4E01219DFCB04DFA9C4506AFBBF2BF89304F2084A9C405A7355DB359E41DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 02FA09E0, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 434b8440c42b519214e02f9c88e852694e50f13871615403801ac37cb5edd850
Instruction ID: ac1164744eb3b09e1ffb5e07357fadbad4258592563d0e0f84a15324eaa21ade
Opcode Fuzzy Hash: 434b8440c42b519214e02f9c88e852694e50f13871615403801ac37cb5edd850
Instruction Fuzzy Hash: F1211774D01249DFCB04EFA8C9919AEBBB2FF89304F10449AD801B7394CB34AE41DB99

Uniqueness

Uniqueness Score: -1.00%

Function 0133ADAD, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bfaeca4ee41b88d4bf7de4b3e01054ef675961f800f36e2a7d166cd8f5f0da0
Instruction ID: e5d869d37311035834ea91cbc052289c9654ec701359f1806cae43748483462a
Opcode Fuzzy Hash: 4bfaeca4ee41b88d4bf7de4b3e01054ef675961f800f36e2a7d166cd8f5f0da0
Instruction Fuzzy Hash: E811D7B5A08301AFD350CF19D881A5BFBE4FB88660F04892EFD9897311D231E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 02FACE89, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf51705ce16bd79bab332130eb9275206a5b7b7d32eeece2469929558d8ad615
Instruction ID: bddb46b72a6b7f91ee8c2f82f3585bb548df716cb413a3d926bd833154c3e919
Opcode Fuzzy Hash: cf51705ce16bd79bab332130eb9275206a5b7b7d32eeece2469929558d8ad615
Instruction Fuzzy Hash: 79117C75D4510DABCB01DF94C985BAEBBB4FB49341F14819AD818A3391DB318A52DB80

Uniqueness

Uniqueness Score: -1.00%

Function 02FA00F7, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d925c8e1fd7205b8ac9c802eea94218d62db5550adfa2202d9c27da6b15fb6a3
Instruction ID: 3624d0675e52eb6bcc4ff0e477b878ddf4b774231f14532e7219c8f1fdd38339
Opcode Fuzzy Hash: d925c8e1fd7205b8ac9c802eea94218d62db5550adfa2202d9c27da6b15fb6a3
Instruction Fuzzy Hash: 17215C74D0020ADFDB14EFA8D8499AEBB76FF80308F1081ADD401A7258DF749E05DB55

Uniqueness

Uniqueness Score: -1.00%

Function 02FA09F0, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01cd69b6cef323e7d95770720a38300e4221797eb1fae43fd9023c3ecfd70332
Instruction ID: 471a1f31f2f1b6c93395ec3fb017c6b59dad3c7f1925a6abd01bb4bceb79784b
Opcode Fuzzy Hash: 01cd69b6cef323e7d95770720a38300e4221797eb1fae43fd9023c3ecfd70332
Instruction Fuzzy Hash: DA11D4B4E00109DFCB04EFA8C9919AEBBB2FF88304F105199D505B7394DB34AE41DB99

Uniqueness

Uniqueness Score: -1.00%

Function 0133A3BC, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f70fccafe83f21fecf15e97f8c615ded1ac6618d1a905263f3849ebe9cde76
Instruction ID: 563504ee18e069ee9684970f16726cab7c02e6ae8f4696b3ce7042fb79345e29
Opcode Fuzzy Hash: 10f70fccafe83f21fecf15e97f8c615ded1ac6618d1a905263f3849ebe9cde76
Instruction Fuzzy Hash: 5D01D4B250E3C06FD31247259C55AA2BFB8DF43620F0884CBE9849F163E2666909D7A6

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0108, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b46fb2a797ce9f7379f586c451d2789381edda709a21f71ff33afc6efc0343
Instruction ID: 121fffef87ace89d28720aa612e50b3c1f519c32455afe0376bc1b95e59f2e4d
Opcode Fuzzy Hash: 30b46fb2a797ce9f7379f586c451d2789381edda709a21f71ff33afc6efc0343
Instruction Fuzzy Hash: FF114974D0020AEFDF14EBA8D8499AEBB76FB80308F10816DD901A7258DF749E05DB55

Uniqueness

Uniqueness Score: -1.00%

Function 02FAA4AF, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6248be29b791ca4853e5aabd18a716b1fb6eee786958bcf0282bd90debc73b68
Instruction ID: 55d4109ccf1cf8aead25b92da095ae0936c818f9e04582f7b8a00406d03ab591
Opcode Fuzzy Hash: 6248be29b791ca4853e5aabd18a716b1fb6eee786958bcf0282bd90debc73b68
Instruction Fuzzy Hash: AA1123B4E0020DDFCB04DFA9D5855AEBBB2BB89301F2480A9D915A7340DB309A42CF91

Uniqueness

Uniqueness Score: -1.00%

Function 030305CF, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674238234.0000000003030000.00000040.00000040.sdmp, Offset: 03030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3030000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42b97306ccb73cbeb9b1e9a61072632df9d15bf72d616c4cfb69e18a4bd97d9
Instruction ID: 0bd5be5128c0d39626560b5f3ee698a843d540d4fda22032c7e1b62b5bfc6a1b
Opcode Fuzzy Hash: b42b97306ccb73cbeb9b1e9a61072632df9d15bf72d616c4cfb69e18a4bd97d9
Instruction Fuzzy Hash: 690181B65097806FD7118B16EC40862FFB8EF86620719C49FEC49CB612D225B908CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 02FA1000, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19378c2f8b4770d2362988601cf2e2bc71aefcc2988ac5783960fa1faec23108
Instruction ID: 22ca164e8e85a0816c8db2f6578e88d1c373713a4864f26dee185c60cdc93a4b
Opcode Fuzzy Hash: 19378c2f8b4770d2362988601cf2e2bc71aefcc2988ac5783960fa1faec23108
Instruction Fuzzy Hash: 920146B0E45148DFCB04DFA9C8526AFBBBABB49740F11D969DA09B3240E7308A50CB55

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0FEE, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da163c0717ef9e21daa7fd5088943b19581d24c367f413f89d0d5627dc146678
Instruction ID: deb2e3877bb07f01b976a001b5be2bb8d1b9c480c83e999f99dc2bcdb9cf149c
Opcode Fuzzy Hash: da163c0717ef9e21daa7fd5088943b19581d24c367f413f89d0d5627dc146678
Instruction Fuzzy Hash: 800174B0E01148EFDB04EFA9C8552AEBBB6BF89750F11D96AD619F3240D7308A41CB00

Uniqueness

Uniqueness Score: -1.00%

Function 02FA03E9, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceccb1a8fca81b441dd1e0d0124b04d7874131c700b16f531e2e8e61f7c2020c
Instruction ID: 5325b279d8f23f9805b14fa5f936ae9064943df8c826224cf92b22d7cf261d08
Opcode Fuzzy Hash: ceccb1a8fca81b441dd1e0d0124b04d7874131c700b16f531e2e8e61f7c2020c
Instruction Fuzzy Hash: 9EF09030A4A2089FC708DBB0D550FEF7B72EF86304F626498890527285CA75AE01D6A9

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0070, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21b014071878e416e6075f364a8d3a3a6549ee693a28c8a98026a8265f82a94f
Instruction ID: ef3a54eee6b79b12a163a3d0d38d479c2f79938868a0486d915067e6d65288d5
Opcode Fuzzy Hash: 21b014071878e416e6075f364a8d3a3a6549ee693a28c8a98026a8265f82a94f
Instruction Fuzzy Hash: C0F08CB1D112099BDB649FB9D866BAFFFF4AB09B44F10582EC101B3240DA7469048BE9

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0538, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f71336b1fa4ae9a7a4aaf869eeb44a5a56959c69a905cfc9ff3c1ad2aaf3e22
Instruction ID: d2125cebcde361ce7917884ed4ca1c5a68920f3e3aabea27f22d146fbd672229
Opcode Fuzzy Hash: 7f71336b1fa4ae9a7a4aaf869eeb44a5a56959c69a905cfc9ff3c1ad2aaf3e22
Instruction Fuzzy Hash: B20114B8D01209EFCB50DFA8D084A9DBBF0FF48310F2086AAD804A7305D730AE44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02FA03F8, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3615309e4f6d142ff4aa85a290666b6362afcff2c06e60c6c16c8f1ac129ae87
Instruction ID: d7cb9fc8352756add586363a1f0e18afe45740529fbfb7a5a5c6345ed6cd473b
Opcode Fuzzy Hash: 3615309e4f6d142ff4aa85a290666b6362afcff2c06e60c6c16c8f1ac129ae87
Instruction Fuzzy Hash: 5EF03930E4A1089BD708DBB1D150FAFB7B6EBC6304F2194A88906233848E75AF01D6A9

Uniqueness

Uniqueness Score: -1.00%

Function 02FA2C30, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01e4a123e485d173be1234cb58843586fa5eb140c29738b9f9fc6c0eee7b7c5b
Instruction ID: 56dc789a32e1a9b61d29d05001afe22eeae11d982778c044bc8eb75c96724b94
Opcode Fuzzy Hash: 01e4a123e485d173be1234cb58843586fa5eb140c29738b9f9fc6c0eee7b7c5b
Instruction Fuzzy Hash: 48F082B5945208AFCB02CB98C951AD8BF71FB1A350F14C186DC4887352C2329B43DB51

Uniqueness

Uniqueness Score: -1.00%

Function 03030818, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674238234.0000000003030000.00000040.00000040.sdmp, Offset: 03030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3030000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
Instruction ID: 234851539cd5bc805bf623e500f9711c989fd887648aea5c191686e27de89868
Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
Instruction Fuzzy Hash: E8F0FB35505644DFC206CB40D940B26FBA6EB89718F24C6A9E9490B752C337D813DA81

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0A9F, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f917e05418f1be524ab6f0d737e971041d825c44eb630654e597d477879452c
Instruction ID: 9ef6201df73d078821a6b0dd183238ee8ce3625b59802720ef313b8d250e5661
Opcode Fuzzy Hash: 6f917e05418f1be524ab6f0d737e971041d825c44eb630654e597d477879452c
Instruction Fuzzy Hash: FAF04478D09208EFDB10DFA8E4546AEBBB1FB4A300F1080EADC0597311DB346E06DB82

Uniqueness

Uniqueness Score: -1.00%

Function 02FA41D8, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26af42454a9e4bfed8b61de2135222aa0994157085bd2b3e891cb5d5a9c2fcb8
Instruction ID: 6fd2420d4a9b01d8f2d10d42b31537609e4f44d47aae5f829112dba86b655a88
Opcode Fuzzy Hash: 26af42454a9e4bfed8b61de2135222aa0994157085bd2b3e891cb5d5a9c2fcb8
Instruction Fuzzy Hash: 4AF082B1C0420CEBCB51DFA8D5597ACBBB5FB85304F1481AAD90463341D371AA54CF95

Uniqueness

Uniqueness Score: -1.00%

Function 02FA4080, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e133474520904dcc2059dbba9ff8c1ce0fe84ae4a8f57f7197ed43e18db0dcec
Instruction ID: 5ce0e40e7d7c9a3111c1b373306f72eeac1f0efb3c695c46bbb2a718f866a5ec
Opcode Fuzzy Hash: e133474520904dcc2059dbba9ff8c1ce0fe84ae4a8f57f7197ed43e18db0dcec
Instruction Fuzzy Hash: 15F01776904208EFCB01DF98C8019ADBFB5FF49310F14C5AAED2857291D7729A62EF91

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0458, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 654977414522c3fbd2431cb4fbcce8dac2cac6e04ade01f336b9615f3fff2222
Instruction ID: 64ef3d4f9f851be9d66a6ae6978358d9f776128a291b9e3a4a87740edff75c45
Opcode Fuzzy Hash: 654977414522c3fbd2431cb4fbcce8dac2cac6e04ade01f336b9615f3fff2222
Instruction Fuzzy Hash: 7FF012B4C01248AFCB15DFB8D4486AEBFB4EB06300F1089AEC894A3211DB344A92CF54

Uniqueness

Uniqueness Score: -1.00%

Function 02FACE37, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df9d167915f9af82ea13381abf4ada0e62122ee42242c6c3b73a286802c04281
Instruction ID: 382b66ec86f1b5d2b3476069234076fd50204a9ea0451a599d059cdda8ed4fc7
Opcode Fuzzy Hash: df9d167915f9af82ea13381abf4ada0e62122ee42242c6c3b73a286802c04281
Instruction Fuzzy Hash: F0F0E5B5D05108AFCB00DF94D982BADFFB4FB88300F10C0AAD848A7341DB319A42CB80

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0221, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e07f5f3cf09d67e9bafb9512070fe37b696b96664ee1965a004e3a74d021e57f
Instruction ID: 00e2b36d272d1b7ff24a5799ba21ed20d1670fb87af462ee98a8ac476afea1d8
Opcode Fuzzy Hash: e07f5f3cf09d67e9bafb9512070fe37b696b96664ee1965a004e3a74d021e57f
Instruction Fuzzy Hash: 01F08CB0C0A348DFCB16CF68D5116ACBFF5AB26300F1080EED88593252D6360E45DB11

Uniqueness

Uniqueness Score: -1.00%

Function 02FACFB9, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfa3d83f7232af8c234a149d8e5a67e076f12fe73ce20c586cb1f026a419f7b4
Instruction ID: 71c860557a70e10d02b05967ed76041f15d979159d77263bf0ed3c0182f27ef1
Opcode Fuzzy Hash: bfa3d83f7232af8c234a149d8e5a67e076f12fe73ce20c586cb1f026a419f7b4
Instruction Fuzzy Hash: A2F0E570D14108AFCB05CF94C951BADFFB8EB88301F14C1AED80493381DB319A01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02FAB787, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 734a64da548ed1194b19906d052679761beca379d92da3f6caa290bd390384fd
Instruction ID: 7342c2488f5fbd937d385255f8c6dc1a2d1f13d06de35674edcccc288aede19d
Opcode Fuzzy Hash: 734a64da548ed1194b19906d052679761beca379d92da3f6caa290bd390384fd
Instruction Fuzzy Hash: 79F05870D0A2089FCB00DFA8E95659D7F74AB45305F2050EAD409A3342CA305D41CF45

Uniqueness

Uniqueness Score: -1.00%

Function 030305F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674238234.0000000003030000.00000040.00000040.sdmp, Offset: 03030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3030000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8efc27b4ca80d7c5f207e32fb3c530ed060f5b811b7ff6f7356f32d26e643a1c
Instruction ID: 8c5b81e32f064fdb644c9e13f32df2a2a5b79ebfc780c8afa8f415fdbda077d6
Opcode Fuzzy Hash: 8efc27b4ca80d7c5f207e32fb3c530ed060f5b811b7ff6f7356f32d26e643a1c
Instruction Fuzzy Hash: 90E092766406045BD750CF0AEC41452FBD8EB84630718C47FDC0D8B701E535F508CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 02FAD009, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f6f0a9008acbfb008049bcff633ca4e8f0f6dc58eba9a801ae1c9e20ce8284f
Instruction ID: 64e4a3fc72a7d737b0a3fcb46bfb0c49f49cf66ba4df378edd895703b9ce7912
Opcode Fuzzy Hash: 7f6f0a9008acbfb008049bcff633ca4e8f0f6dc58eba9a801ae1c9e20ce8284f
Instruction Fuzzy Hash: 1DF06570D55108AFC744DF98C956B9DBBB4FB84304F10C19D980897341DB31A942CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0133A81F, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 333174f55fa5f95ae38b8691e8a6301e9348e399cd6318ede6b148c4398d8f3b
Instruction ID: 1d0ccdb6baf6e389ae5ee93293dc4ad7ef9cde4821bb1c0aacfaef985b31a68f
Opcode Fuzzy Hash: 333174f55fa5f95ae38b8691e8a6301e9348e399cd6318ede6b148c4398d8f3b
Instruction Fuzzy Hash: 05E048716413046BD2509E06DC46B52FB98DB44930F54C55BED085B742E175B5048AE5

Uniqueness

Uniqueness Score: -1.00%

Function 0133AB9F, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d98cb190519690862cb9ef35823c5e19ca76cbe7b488a2b4e90edd8f16e49f5
Instruction ID: cadadf1b19ff5bf7e86a643ba0446faa5cb6c696c915ad9995893913a917d7ad
Opcode Fuzzy Hash: 6d98cb190519690862cb9ef35823c5e19ca76cbe7b488a2b4e90edd8f16e49f5
Instruction Fuzzy Hash: D9E048726413046BD2509F169C46F52FB98DB54A30F14C55BED085B702E175B5148AE5

Uniqueness

Uniqueness Score: -1.00%

Function 0133A607, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eaee077349aab04cd0672c30cb7957140b33e2d665fceafb21fbd2b6236fafe
Instruction ID: 455cff0eeb15cdf792e867c24b829a393873b15549306bd9ae0df26d74e77711
Opcode Fuzzy Hash: 8eaee077349aab04cd0672c30cb7957140b33e2d665fceafb21fbd2b6236fafe
Instruction Fuzzy Hash: 70E048B16413046BD2509E069C46B52FB98DB44930F54C55BED085B702E175B5048AE5

Uniqueness

Uniqueness Score: -1.00%

Function 0133AE0F, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3992457c74bbe26d58aa717e8bdce7411c06c39db31ec719027dfc16e734814
Instruction ID: 16236af3c64d24c4b54a1bfaa4c7006052627db3619f47e2d813afd7f675913b
Opcode Fuzzy Hash: c3992457c74bbe26d58aa717e8bdce7411c06c39db31ec719027dfc16e734814
Instruction Fuzzy Hash: 6CE0D8726413046BD3508E069C46F22FB98DB90A30F04C55BED081B702E071B5148AE5

Uniqueness

Uniqueness Score: -1.00%

Function 0133AA73, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb2825adf4e4a9af2dd3a878e4a7a4119127da0556690a9e611bd93bdaa739b9
Instruction ID: c63c8d4e818fcb1ced7f1731c6d7e39f3e081a41e4e01965ec97f1c42c369b60
Opcode Fuzzy Hash: cb2825adf4e4a9af2dd3a878e4a7a4119127da0556690a9e611bd93bdaa739b9
Instruction Fuzzy Hash: B5E0D8726413046BD2108F069C86F12FF98DB44A30F04C55BED081B702E071B5048AE5

Uniqueness

Uniqueness Score: -1.00%

Function 0133A3F0, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a76c4fcfa8df164fb73fd764174629d82a31a2e3f1cd52d62f469a2cfabb204c
Instruction ID: b641f61004f0eae0cb20a7f4373f2606cc0b87a2373993ea3210a8e637f9ed22
Opcode Fuzzy Hash: a76c4fcfa8df164fb73fd764174629d82a31a2e3f1cd52d62f469a2cfabb204c
Instruction Fuzzy Hash: E2E048B1A413046BD2609E169C46F62FB98DB44930F54C55BED085B702E175B5048AE5

Uniqueness

Uniqueness Score: -1.00%

Function 0133A947, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673912966.0000000001332000.00000040.00000001.sdmp, Offset: 01332000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1332000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b24991b08c2ca19b6b228cdb990776f6b85d1bf61734695090589d90a0dafb3
Instruction ID: fdcf83394dc9c251eaa0e710bf6a0990a6493bbf7175518da0724c7e9891c5bf
Opcode Fuzzy Hash: 9b24991b08c2ca19b6b228cdb990776f6b85d1bf61734695090589d90a0dafb3
Instruction Fuzzy Hash: 09E04872A413046BD2509F069C46F52FB98DB54A31F18C55BED085B702E175B5188AE5

Uniqueness

Uniqueness Score: -1.00%

Function 02FA39D1, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac11681d489262e4d0a8dde4619e5b1e2bd9042d24ee006daa38cc1afa487ab0
Instruction ID: 3c117c8b9c2d0d21e52775b4f22fdc64b61f90b18afd4924c32cf73fc2f405ba
Opcode Fuzzy Hash: ac11681d489262e4d0a8dde4619e5b1e2bd9042d24ee006daa38cc1afa487ab0
Instruction Fuzzy Hash: A0F06D70C4A308EFC700EFA8D4556EDBFF8BB0A300F1085EAD85993245D6346A45CF65

Uniqueness

Uniqueness Score: -1.00%

Function 02FA2DC0, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8b20c31176aae3fa9eccf6d77d3614234200c4e85fdcc6c8711172c4822bd99
Instruction ID: 707e9bc3616195119d214479ea708fc305493a974acaf05026439984332f2582
Opcode Fuzzy Hash: e8b20c31176aae3fa9eccf6d77d3614234200c4e85fdcc6c8711172c4822bd99
Instruction Fuzzy Hash: 67E06D70D052089FCB00DFA4E4586ADBBB8AB49304F1081EADC15A3301DA305A55CF85

Uniqueness

Uniqueness Score: -1.00%

Function 02FA4110, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2708be7bdf4bcb6017548940547a7bbb14461ad516b9baf7940cccb5d24584f1
Instruction ID: bf2c8f4d5a6ff627f3482916700a1730ef90cbdba62b26edfd76fb984041a601
Opcode Fuzzy Hash: 2708be7bdf4bcb6017548940547a7bbb14461ad516b9baf7940cccb5d24584f1
Instruction Fuzzy Hash: 5FF039B4D08208EFC746DF98D8556ACBBB4FB4A354F1080EED84897352D271AA46CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02FABA61, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b5f68dbd0c59b9268dcb63af3f3406fe92a72ce07396f041a355d8cfcc04464
Instruction ID: 76d64d40741d982727a771976b8c7b0075debb42620459b4aafc58b635651f89
Opcode Fuzzy Hash: 2b5f68dbd0c59b9268dcb63af3f3406fe92a72ce07396f041a355d8cfcc04464
Instruction Fuzzy Hash: C1E02670E5120CAFC7109E94D9477AE7F34FB85305F1000E8980963381CF30A950CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 02FAB748, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4da026acc43a1c781656a96dee50196dbfabb0f7ad440472b872e9fb8529005f
Instruction ID: 686cdbd9cb1beb1d7e7d8287d2b3e9c7aaea9b61ec11ac21d9c65b82585a9a2d
Opcode Fuzzy Hash: 4da026acc43a1c781656a96dee50196dbfabb0f7ad440472b872e9fb8529005f
Instruction Fuzzy Hash: E8E0DF70D5920CEBCB209A98D84779E7F74E702301F105198980873241DB706981C789

Uniqueness

Uniqueness Score: -1.00%

Function 02FA4090, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 372820b4ced11c1851d3318ea5d0f71e928f8ff3bc53ea07a8e788d729672676
Instruction ID: 60a22d80d86d32455c3dc1c8ed66885e3d28862cdc6cc28c557aa9bc8147a223
Opcode Fuzzy Hash: 372820b4ced11c1851d3318ea5d0f71e928f8ff3bc53ea07a8e788d729672676
Instruction Fuzzy Hash: 3BF0F276904108EFCB01DF98D8419ADBBB6FB48300F10C0AAED0853251C7729A62EFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02FA2D81, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c03440a1df39dee330898077748108b115f1f5aab8a4c7d1de95594d7524ce1
Instruction ID: 876480681797032dc7ea45efe073a6832874656d567c72dc98b4c3493ade82fc
Opcode Fuzzy Hash: 5c03440a1df39dee330898077748108b115f1f5aab8a4c7d1de95594d7524ce1
Instruction Fuzzy Hash: 32E0927490C2889FC705DB64D8149A9BF74AB46304F14C1DEC84967353D7319A06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02FACE98, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebaa5548bb894ecbc96c7e9e530d79b3216c6be71a55448b850be8633d92d99b
Instruction ID: 3e9b7df2515d09848007cf0870b3da19f9866e49b14f9e9d400b102abd2ac9a4
Opcode Fuzzy Hash: ebaa5548bb894ecbc96c7e9e530d79b3216c6be71a55448b850be8633d92d99b
Instruction Fuzzy Hash: C9F0F275901208EBCB00DF98D9409ADBBB5FB48300F10C09AED0863351CB329A61EB40

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0468, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb117fb8d4098d9fe77e4c84aa69dc47d4394b01dab69dadbe90df25f5ad21b
Instruction ID: 3a1bc11df582cfed83393c9e2fb8b0f6861a65cc2f5daf416b625c7afe5337e6
Opcode Fuzzy Hash: fdb117fb8d4098d9fe77e4c84aa69dc47d4394b01dab69dadbe90df25f5ad21b
Instruction Fuzzy Hash: 02F0C9B4D01208EFCB14EFB8D5495AEBBB4FB45305F1045ADC81467344DB749A51CB95

Uniqueness

Uniqueness Score: -1.00%

Function 02FAAB28, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a24887e5997ae2ffa17990d8bcd9af13f3d614bf5af2de2f479451b33fbe6b6
Instruction ID: 6f8f352ca843fed46bf4098b86caf0ac1480b2af5584e9021566b295a778a767
Opcode Fuzzy Hash: 2a24887e5997ae2ffa17990d8bcd9af13f3d614bf5af2de2f479451b33fbe6b6
Instruction Fuzzy Hash: 20E08670D6610C9BCB50EE68D94739DBF78EB04641F4014A5D809A3341EF309945C785

Uniqueness

Uniqueness Score: -1.00%

Function 02FAA470, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd23a003ffaf8ba5f227a97299c3487857292d89ef87d7ecb5853dab6a3be92a
Instruction ID: 82a57e69c6b9d9f5e206f345fc4812320e67dbc268713bf481ff9b728e65112a
Opcode Fuzzy Hash: dd23a003ffaf8ba5f227a97299c3487857292d89ef87d7ecb5853dab6a3be92a
Instruction Fuzzy Hash: 90E0DF34D51208DBC700EF98E60A7AD7FB4BB04201F5000B8ED08A3351DB305950CB81

Uniqueness

Uniqueness Score: -1.00%

Function 02FA2C40, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f19804e48cd1b5719d125eddf3a48a8e1b62cefbdbf65e0e70f4466a076a416a
Instruction ID: 1c5a9b748275e0adb342599b015536a1fe030c818c890ff21b697f2e63a32ae2
Opcode Fuzzy Hash: f19804e48cd1b5719d125eddf3a48a8e1b62cefbdbf65e0e70f4466a076a416a
Instruction Fuzzy Hash: 00E0C275A04208EBCB04DF98D944AACFBB9FB48350F10C0AAAD0857341C632AA52DF90

Uniqueness

Uniqueness Score: -1.00%

Function 02FAA5C1, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5086588e7b995f8bdf785c5bd74c564a4d48cd7b4bcf677b976b1df1a8b777ef
Instruction ID: f8d73540cf15ae3c6f7d4017ae35c6ae9490175b23053e148610fa631c85a00b
Opcode Fuzzy Hash: 5086588e7b995f8bdf785c5bd74c564a4d48cd7b4bcf677b976b1df1a8b777ef
Instruction Fuzzy Hash: 5EE01A71D0524CAFCB10DFE8E6596EDBFBAAB49205F2481E9D94963301CA305A48CF44

Uniqueness

Uniqueness Score: -1.00%

Function 02FACE48, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f9f4b27667ca86e6733aacac0243c430b02cfedb2f097c652716da333bc27de
Instruction ID: 692377cc33b5e12b791ac451957b59e6aae7aa2d6c4ae7b37c0312f05e6702b2
Opcode Fuzzy Hash: 5f9f4b27667ca86e6733aacac0243c430b02cfedb2f097c652716da333bc27de
Instruction Fuzzy Hash: 6FE01A74D05208EFCB04DF98D5515ADFFB4EB88300F10C0AADC4867341DB31AA51DB90

Uniqueness

Uniqueness Score: -1.00%

Function 02FA0230, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 461f1d1511f8ce9c3bff2e31d43549730e4ab236430d741f9576f542f9692b41
Instruction ID: d7d7bc661356303f10e48b5a18512e4910d6efd798b5cb51a15a8249f442b9f9
Opcode Fuzzy Hash: 461f1d1511f8ce9c3bff2e31d43549730e4ab236430d741f9576f542f9692b41
Instruction Fuzzy Hash: F1E046B4D09308EFCB14DFA9E1466ADBBF9EB45301F1080ADD80993340EB316E40DB91

Uniqueness

Uniqueness Score: -1.00%

Function 02FACFC8, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f9f4b27667ca86e6733aacac0243c430b02cfedb2f097c652716da333bc27de
Instruction ID: 6fa16f2cc46b76386f7b33708c96cba8a8f049a551c18fbd6846da3f4ae8c90e
Opcode Fuzzy Hash: 5f9f4b27667ca86e6733aacac0243c430b02cfedb2f097c652716da333bc27de
Instruction Fuzzy Hash: 40E01A74D05208EFCB04DF98D5519ADFFB5EB88301F20C0AADC48A3341DA319A51DB90

Uniqueness

Uniqueness Score: -1.00%

Function 02FAD018, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10ca4578a4606415554131169ddd891837bffbbbcaa656f155e35393622d0720
Instruction ID: d728a514bf26557d8738edee881988957ca0f62b40778709dcca84f85101acda
Opcode Fuzzy Hash: 10ca4578a4606415554131169ddd891837bffbbbcaa656f155e35393622d0720
Instruction Fuzzy Hash: F3E09A74D05108EFCB04DF98D5555ADBBB4FB88744F20C1A9981897755DA31AA42CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02FA4C01, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adb38e01e966ca8613ead58dd5fb95176b86e4faf2112f8e1fa0be433931d5c9
Instruction ID: b54cbb27e233e9b4c0ec540cc4866926ed6b4e20ff1a37210f4650ef1af21a92
Opcode Fuzzy Hash: adb38e01e966ca8613ead58dd5fb95176b86e4faf2112f8e1fa0be433931d5c9
Instruction Fuzzy Hash: EBE08674D2A20CEBCB00EFB8E54979C7FB4AB05605F1455EDD84C63301EBB05A44C750

Uniqueness

Uniqueness Score: -1.00%

Function 02FA41E8, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7994ed9ebd51838cd6e86ca33974f480d467cad7c2774055de56602b3d481a06
Instruction ID: 45eecb04ec16b687a4aa039cb4ba31be47a953b36b7a4756df22abebf956e047
Opcode Fuzzy Hash: 7994ed9ebd51838cd6e86ca33974f480d467cad7c2774055de56602b3d481a06
Instruction Fuzzy Hash: F2E012B0D04208EBCB04DFA8D408AADBBB9AB84300F1080AAD90427310D7719A90DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02FA4120, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0025fdee4b9b4fc14aec63a4f2858d7261e1e89d4d871417985d954a6a43068e
Instruction ID: 4c50b323a4fdd287598f6009214cae7f3b37f2f5cc4c50a29806badd7d8e96cf
Opcode Fuzzy Hash: 0025fdee4b9b4fc14aec63a4f2858d7261e1e89d4d871417985d954a6a43068e
Instruction Fuzzy Hash: 69E09AB4D04108EBC744DF98D5555ACFBB4EB49344F10C5A9981867341D671AA42CF55

Uniqueness

Uniqueness Score: -1.00%

Function 02FA39E0, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31eedd28533b59f98fff74df80bcbdff72caf14063c411ad9d1f8273a80a2d07
Instruction ID: 155b647849049723134ec9fd510223f4d22fa8154ae30a1282eb8fd26c0c7a5f
Opcode Fuzzy Hash: 31eedd28533b59f98fff74df80bcbdff72caf14063c411ad9d1f8273a80a2d07
Instruction Fuzzy Hash: 77E0ECB4D05208EFCB14DFA8D4596ADBBB9FB48300F1086E9DC0963344D7305A44CF95

Uniqueness

Uniqueness Score: -1.00%

Function 02FAA5D0, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d92b084e09fac16402e58e32e7c5fca816b6dc6082de1af74fb88ba26c11f22
Instruction ID: 129c94d2fd94d40243f93c20f445998c7aeece1ddd25322619b16ff646a5e854
Opcode Fuzzy Hash: 2d92b084e09fac16402e58e32e7c5fca816b6dc6082de1af74fb88ba26c11f22
Instruction Fuzzy Hash: 65E0ECB5D0520CEFCB14DFA8E6555ADBFB4FB48351F1091AAD91963340DB305A44CF85

Uniqueness

Uniqueness Score: -1.00%

Function 02FA2DD0, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 258c31b08a05a607e6f718723bf40606a5b3c40f085a54c8a62427a53acd0832
Instruction ID: a945bf49288a21ec30021ffdcba0cfb4f63bf3a950c170ebea0be5643017971e
Opcode Fuzzy Hash: 258c31b08a05a607e6f718723bf40606a5b3c40f085a54c8a62427a53acd0832
Instruction Fuzzy Hash: FDE08CB0E05208EFCB04EFA8D8086ACBBB8FB44300F1081EADC0963301C7305A40CF85

Uniqueness

Uniqueness Score: -1.00%

Function 02FA2D90, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3da842bba4d203935c5c2bfad5ad533dfd09c7c997946a9c5a412a5b5c1abec9
Instruction ID: fcf762cca3bfd84f5ce1b92a31e3eb501a201b6af8f0e9cfb2e74876e22d2f49
Opcode Fuzzy Hash: 3da842bba4d203935c5c2bfad5ad533dfd09c7c997946a9c5a412a5b5c1abec9
Instruction Fuzzy Hash: 9BE01274A18108DBC704DF94D9559ADFBB8FB85304F20C19ECC0917346C731AE42CB95

Uniqueness

Uniqueness Score: -1.00%

Function 02FABA70, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22f1e6386dae672d7601abb691508f6bbe9f5c39e7eb65ae1c7a23683fd18e54
Instruction ID: df831530e8cdfbe7d7e9f7fb482b54b6d7949c3a58793ef835ccc16888ba86e4
Opcode Fuzzy Hash: 22f1e6386dae672d7601abb691508f6bbe9f5c39e7eb65ae1c7a23683fd18e54
Instruction Fuzzy Hash: 95D01270D1620CDBC704DFE4D51566D7F74A746345F1051D8980923641CF302950CB95

Uniqueness

Uniqueness Score: -1.00%

Function 02FAB758, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3078954170156f22ea0a2ef2e3cac7b04b92840ec1dad371a4299101da5a993e
Instruction ID: 3759110424d0dcdfd29277215b43d1a928fdca3766db4f2f6e8aa88ae2aab2f8
Opcode Fuzzy Hash: 3078954170156f22ea0a2ef2e3cac7b04b92840ec1dad371a4299101da5a993e
Instruction Fuzzy Hash: FCD01770D5A20CEBCB04EFA8E5065AEBFB8FB46306F1051A8980823650DF702A80CB95

Uniqueness

Uniqueness Score: -1.00%

Function 02FAAB38, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69bc9abe7dcf1a9126de6520c8828520dc570751f4dbf0669f4824f5ddb128a6
Instruction ID: e7d5e2e771bcd92ebfc08ac3bdc2003a3f116d5f6e673ec5285cb1df62c4ee6f
Opcode Fuzzy Hash: 69bc9abe7dcf1a9126de6520c8828520dc570751f4dbf0669f4824f5ddb128a6
Instruction Fuzzy Hash: 30D01770D2620CEBCB00EFA8E5066ADBFB8AB05641F1051A9980963341EE305A44CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02FA00ED, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68edc8c9ad0e011b69d3439e23366c43b97140bf498956861a4503de9e86cd5a
Instruction ID: e4188911fe2bf2f5135bcdeada439ddac3bdf71cf767d2083ec08704bc132fc7
Opcode Fuzzy Hash: 68edc8c9ad0e011b69d3439e23366c43b97140bf498956861a4503de9e86cd5a
Instruction Fuzzy Hash: E3D01C36E01208CBCB008FA8E0882ECBBB0EF89329F20842AC618A3200C7318485CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02FAA480, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eee40dcf7332a19e05e4574516129e432b1cd2203a77dc797fd2f86b9eba2fbe
Instruction ID: c21a54d3a19d50082a32e9fd16a6b2d8a1e967a3c785bb93701d392185e088d3
Opcode Fuzzy Hash: eee40dcf7332a19e05e4574516129e432b1cd2203a77dc797fd2f86b9eba2fbe
Instruction Fuzzy Hash: 31D05E78D1620CEBCB10EFA8E60A6ADBFB8BB45201F5011E8EC0963350DF306A54CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02FA1431, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3571a4af242fc7fa6bb0dd70029e27d33e49490740b6379b40d6abc0f03180ab
Instruction ID: cb5b5f7de507282b5ba0560ba853e24ccc819193adc717ba12f21afb69c4b8f5
Opcode Fuzzy Hash: 3571a4af242fc7fa6bb0dd70029e27d33e49490740b6379b40d6abc0f03180ab
Instruction Fuzzy Hash: 81D02EA208D3C84ACF0306206BF42A83FB8281B101F08048BC9CECA083D420890AC305

Uniqueness

Uniqueness Score: -1.00%

Function 02FA4C10, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b82320cb758d4a487e461888ee7484fc95b5c6dcad829882336690dce747aa7
Instruction ID: 82cae3439919c68826870ae9b298119e8e9108e521e019bf58c3273fc0e16760
Opcode Fuzzy Hash: 0b82320cb758d4a487e461888ee7484fc95b5c6dcad829882336690dce747aa7
Instruction Fuzzy Hash: 11D05EB0D1620CEBCB00EFA8E6466ADBF78BB05702F1015A9D80C63340EFB05A40CB61

Uniqueness

Uniqueness Score: -1.00%

Function 02FABF8F, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d47c257ca6029ef240dbd3417203461334e8b04f472e86fb6ef31a9ce563cc8a
Instruction ID: d2d9773ffd70d2cbda176c41f94d3d5204403bf01b6ee5e87f511b58b9d0e0e0
Opcode Fuzzy Hash: d47c257ca6029ef240dbd3417203461334e8b04f472e86fb6ef31a9ce563cc8a
Instruction Fuzzy Hash: 53E092B5904228CFCB218F20D8697DCBBB1BB19341F1096DBD449A3250CB794EC6CF40

Uniqueness

Uniqueness Score: -1.00%

Function 02FA476D, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fac3e2e17a9593ff6f018e4c072df33db79529be9cf38d0cea037dedf4c3653
Instruction ID: 1523829051c46c5d6cdad01a24875c5306c64c50153c8c1563bbfff9699c8702
Opcode Fuzzy Hash: 7fac3e2e17a9593ff6f018e4c072df33db79529be9cf38d0cea037dedf4c3653
Instruction Fuzzy Hash: A3E0C2B18163898FD7108B14DC69F883F71BB01200F2047C6E4248B251DA784A488B04

Uniqueness

Uniqueness Score: -1.00%

Function 013223F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673891699.0000000001322000.00000040.00000001.sdmp, Offset: 01322000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1322000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beefea57480c5ce453da79dabc96b4355f78a5ecafe96555db2d0ea4ee82f83c
Instruction ID: 59b0901e7ba3cfe0ffd2bf1c90ea3c4f7c70772bd6d8e2a03999a40e5d66ee90
Opcode Fuzzy Hash: beefea57480c5ce453da79dabc96b4355f78a5ecafe96555db2d0ea4ee82f83c
Instruction Fuzzy Hash: A2D05E79205AA14FE3269A1CC5A8B963FE4AB51B08F4644FAE8008B667C369D681D610

Uniqueness

Uniqueness Score: -1.00%

Function 013223BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.673891699.0000000001322000.00000040.00000001.sdmp, Offset: 01322000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1322000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 934e447d6ba5969737d26cc99c0779d5dcec8efe6021687836d3f85e1e17d29d
Instruction ID: b90e5a13a358b0b9de855c355c768b13aec64c60b42bc214466a96143a91aa65
Opcode Fuzzy Hash: 934e447d6ba5969737d26cc99c0779d5dcec8efe6021687836d3f85e1e17d29d
Instruction Fuzzy Hash: 15D05E342002814BD719EB0CC594F5A3BD4AF41B04F0644E8EE008B266C7A4D881C640

Uniqueness

Uniqueness Score: -1.00%

Function 02FA00CD, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60b64c42cb6f77811dbedf935b5dbb1f8ad25b5b61a9ce75c491e08761fac943
Instruction ID: e9eb2752e57b0fcbd06b64eaa14377e0806026adc4c7925cf149d1c68781f111
Opcode Fuzzy Hash: 60b64c42cb6f77811dbedf935b5dbb1f8ad25b5b61a9ce75c491e08761fac943
Instruction Fuzzy Hash: 28D09236E012088B8B108AA8E0440DCB775EB89225F109066C614A2200D7319455CF54

Uniqueness

Uniqueness Score: -1.00%

Function 02FA1440, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.674148025.0000000002FA0000.00000040.00000001.sdmp, Offset: 02FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2fa0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad9bd01cad3934df8341207081c398dfca7fd1243bd62b9a3b7616fb59c85642
Instruction ID: 0f6aea7019f3546662ae14a6298d5cf9d341ac9135e73617b491e62bfea4093d
Opcode Fuzzy Hash: ad9bd01cad3934df8341207081c398dfca7fd1243bd62b9a3b7616fb59c85642
Instruction Fuzzy Hash: F7C02BB1049604C3C924368CA61C3B2B6AC63077A9F414009DB0E030439FB09800CB79

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: JUST1F1.exe PID: 6516 Parent PID: 6840 JUST1F1.exeCOMMON

Execution Graph

Execution Coverage:	29.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	74
Total number of Limit Nodes:	3

Executed Functions

Function 015D1D00, Relevance: 4.9, Strings: 3, Instructions: 1181COMMON

Download Yara Rule

Strings

:@fq, xrefs: 015D1FB5
:@fq, xrefs: 015D1E02
:@fq, xrefs: 015D1DF3

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID: :@fq$:@fq$:@fq
API String ID: 0-3738185570
Opcode ID: 1368897cd1ec5d78d20e0953dd887c434851cb6ac84b4f10ab545996dc4dbc56
Instruction ID: dff47ed14970a279af433ad58325548226fc598a895843b0b6b4d4f6fe145147
Opcode Fuzzy Hash: 1368897cd1ec5d78d20e0953dd887c434851cb6ac84b4f10ab545996dc4dbc56
Instruction Fuzzy Hash: BDA22970E012198FDB68DF79C8547AEBAF2BF88304F1484A9D50AAB394DB719D81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0543E138, Relevance: 2.3, APIs: 1, Instructions: 829
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0543E88D

Memory Dump Source

Source File: 00000006.00000002.992036298.0000000005430000.00000040.00000001.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5430000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 007194a1c90431bf1d836fe44be7bee3e39267a3630f37e160c4b4003dc532c6
Instruction ID: 0eb832ddf8a225988627fbf3a1f7896c40ac7c5f089a7d9c0441211217042748
Opcode Fuzzy Hash: 007194a1c90431bf1d836fe44be7bee3e39267a3630f37e160c4b4003dc532c6
Instruction Fuzzy Hash: 4D623D31A00629CFCB25DF64C848BDEB7F2BF89304F1581A9E909AB264DB719D85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0543BD08, Relevance: 1.7, APIs: 1, Instructions: 155
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0543BD6E

Memory Dump Source

Source File: 00000006.00000002.992036298.0000000005430000.00000040.00000001.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5430000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b5421214dde49907fd99cdb501e042332c7e7b0f1f3eceb938e10096859a55e1
Instruction ID: 57905c82e6b5cf5cfbd52c4bb54d7cecdafc9e0de9dda557023a4e0b644bdddd
Opcode Fuzzy Hash: b5421214dde49907fd99cdb501e042332c7e7b0f1f3eceb938e10096859a55e1
Instruction Fuzzy Hash: 9D513230B00205DFCB54EBB8D489AAEB7B6FF88304F248529E516DB254EF35DD458B91

Uniqueness

Uniqueness Score: -1.00%

Function 054330C8, Relevance: 8.2, APIs: 1, Strings: 3, Instructions: 1225libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 054334C4

Strings

:@fq, xrefs: 054349BA
:@fq, xrefs: 0543458C
:@fq, xrefs: 05433555

Memory Dump Source

Source File: 00000006.00000002.992036298.0000000005430000.00000040.00000001.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5430000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID: :@fq$:@fq$:@fq
API String ID: 2994545307-3738185570
Opcode ID: 7fa783f1e56e7d068415e37b34a7dbafdf61d6bec93c11adf3ba71f9719a752f
Instruction ID: 5b2470d5ac5342736cded1fad0e253a23584781792dc6c597a1b39a9c9c6f954
Opcode Fuzzy Hash: 7fa783f1e56e7d068415e37b34a7dbafdf61d6bec93c11adf3ba71f9719a752f
Instruction Fuzzy Hash: F1C2B474A11629CFCB64DF68DC58A9EB7B2BB48312F5081EAD409E7354EB319E81CF14

Uniqueness

Uniqueness Score: -1.00%

Function 054330F8, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 691libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 054334C4

Strings

:@fq, xrefs: 05433555

Memory Dump Source

Source File: 00000006.00000002.992036298.0000000005430000.00000040.00000001.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5430000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID: :@fq
API String ID: 2994545307-3673016210
Opcode ID: a31d276da98106bf48030cff10714ac0a0e09c17ceeb4568bac7d541f2ac72dd
Instruction ID: af56a3c92a018c0f6c5501d19d334c1656fbb8f6d565d208e0c9bf60eb053a6b
Opcode Fuzzy Hash: a31d276da98106bf48030cff10714ac0a0e09c17ceeb4568bac7d541f2ac72dd
Instruction Fuzzy Hash: EE729174A1162D8FCB64DF68DC58A9EB7B2BB49311F5081E6D809E3364EB319E81CF05

Uniqueness

Uniqueness Score: -1.00%

Function 0543314C, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 681libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 054334C4

Strings

:@fq, xrefs: 05433555

Memory Dump Source

Source File: 00000006.00000002.992036298.0000000005430000.00000040.00000001.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5430000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID: :@fq
API String ID: 2994545307-3673016210
Opcode ID: c56fec599c7aba68988e3cef344905b9ef5277b6b17386844e5de86c4a41a694
Instruction ID: 0392bf5b434792b60abac6565b81d800cce167233f6cc2494eda7ccbd7c2cc23
Opcode Fuzzy Hash: c56fec599c7aba68988e3cef344905b9ef5277b6b17386844e5de86c4a41a694
Instruction Fuzzy Hash: 4A729274A1162D8FCB64DF68DC58A9EB7B2BB49311F5081E6D809E3364EB319E81CF05

Uniqueness

Uniqueness Score: -1.00%

Function 054331A0, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 671libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 054334C4

Strings

:@fq, xrefs: 05433555

Memory Dump Source

Source File: 00000006.00000002.992036298.0000000005430000.00000040.00000001.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5430000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID: :@fq
API String ID: 2994545307-3673016210
Opcode ID: 08f45832f9c721b518976d876ac2dd68748ab6e67dfbe78dbb6ef74484b55d10
Instruction ID: 052009bb6aad1aec9eaabc60cc369f00bc5c56322fa563a9298335c69e232ab1
Opcode Fuzzy Hash: 08f45832f9c721b518976d876ac2dd68748ab6e67dfbe78dbb6ef74484b55d10
Instruction Fuzzy Hash: CC72A274A11629CFCB64DF68DC58A9EB7B2BB49311F5081E6D809E3364EB319E81CF05

Uniqueness

Uniqueness Score: -1.00%

Function 054331F4, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 661libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 054334C4

Strings

:@fq, xrefs: 05433555

Memory Dump Source

Source File: 00000006.00000002.992036298.0000000005430000.00000040.00000001.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5430000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID: :@fq
API String ID: 2994545307-3673016210
Opcode ID: 3a10d34f7f2c1596d526ed51ff343ff23b95515e4cf13b9b349034d05a9d162e
Instruction ID: 4041b06a5f930ca3010a07ef77e5307beb32b25074acd76fbc5e06a6036af141
Opcode Fuzzy Hash: 3a10d34f7f2c1596d526ed51ff343ff23b95515e4cf13b9b349034d05a9d162e
Instruction Fuzzy Hash: 43729274A11629CFCB64DF68DC58A9EB7B2BB49311F5081E6D809E3364EB319E81CF05

Uniqueness

Uniqueness Score: -1.00%

Function 05433248, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 649libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 054334C4

Strings

:@fq, xrefs: 05433555

Memory Dump Source

Source File: 00000006.00000002.992036298.0000000005430000.00000040.00000001.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5430000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID: :@fq
API String ID: 2994545307-3673016210
Opcode ID: e6d90157930a055842f755b226e214af9c40ac03550e0c8edd2e479c000dd493
Instruction ID: f5c879c23548b98efaf2c88049edad1a3b8fbdd39525904e14e2c5014499628b
Opcode Fuzzy Hash: e6d90157930a055842f755b226e214af9c40ac03550e0c8edd2e479c000dd493
Instruction Fuzzy Hash: BE629274A11629CFCB64DF68DC58A9EB7B2BB48311F5081E6D909E3364EB319E81CF05

Uniqueness

Uniqueness Score: -1.00%

Function 05433293, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 641libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 054334C4

Strings

:@fq, xrefs: 05433555

Memory Dump Source

Source File: 00000006.00000002.992036298.0000000005430000.00000040.00000001.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5430000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID: :@fq
API String ID: 2994545307-3673016210
Opcode ID: 4b9ad0f62ce3aad170a04b7c622306b700edd42d7720b5b773c573e3673be697
Instruction ID: 27aa7ff944ecd1484f5008575e06a43ea0a3f3398dcecfd24c84a26500207a7f
Opcode Fuzzy Hash: 4b9ad0f62ce3aad170a04b7c622306b700edd42d7720b5b773c573e3673be697
Instruction Fuzzy Hash: 86629274A11629CFCB64DF68DC58A9EB7B2BB48311F5081E6D909E3364EB319E81CF04

Uniqueness

Uniqueness Score: -1.00%

Function 054332E7, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 631libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 054334C4

Strings

:@fq, xrefs: 05433555

Memory Dump Source

Source File: 00000006.00000002.992036298.0000000005430000.00000040.00000001.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5430000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID: :@fq
API String ID: 2994545307-3673016210
Opcode ID: 4bddbe44974730f1e23f37dc63591027e2465c1e26235ddf3c26e60a427e432a
Instruction ID: 7a1edc24d2116b4f7d085287aaf70d0091b39b6836f1d82fb53d195a08daf9ca
Opcode Fuzzy Hash: 4bddbe44974730f1e23f37dc63591027e2465c1e26235ddf3c26e60a427e432a
Instruction Fuzzy Hash: F5629274A11629DFCB64DF68DC58A9EB7B2BB48311F5081E6D909E3364EB319E81CF04

Uniqueness

Uniqueness Score: -1.00%

Function 0543333B, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 621libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 054334C4

Strings

:@fq, xrefs: 05433555

Memory Dump Source

Source File: 00000006.00000002.992036298.0000000005430000.00000040.00000001.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5430000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID: :@fq
API String ID: 2994545307-3673016210
Opcode ID: f8fbea65d028afd90810f73289cc1a0a8ee6473179bb89c70a377b7bc6fa58c7
Instruction ID: 0cb1241e05679843ff5f672e253178b9202e341cfd639d44dfc5ba8cbdd5e8cb
Opcode Fuzzy Hash: f8fbea65d028afd90810f73289cc1a0a8ee6473179bb89c70a377b7bc6fa58c7
Instruction Fuzzy Hash: F4629274A11629CFCB64DF68DC58A9EB7B2BB48311F5081E6D909E3364EB319E81CF04

Uniqueness

Uniqueness Score: -1.00%

Function 0543338F, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 611libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 054334C4

Strings

:@fq, xrefs: 05433555

Memory Dump Source

Source File: 00000006.00000002.992036298.0000000005430000.00000040.00000001.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5430000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID: :@fq
API String ID: 2994545307-3673016210
Opcode ID: 3f05fb6e7556b64f0d0028935d8e16106d07cbcba8bed8ae89dd576eaf3da263
Instruction ID: 004a19a4c9eba56083e5a1bbff68ae78dee97d105e339a7c116cb0294818bad4
Opcode Fuzzy Hash: 3f05fb6e7556b64f0d0028935d8e16106d07cbcba8bed8ae89dd576eaf3da263
Instruction Fuzzy Hash: 8A629274A11629CFCB64DF68DC58A9EB7B2BB48311F5081E6D909E3364EB319E81CF04

Uniqueness

Uniqueness Score: -1.00%

Function 05D126B0, Relevance: 3.1, APIs: 2, Instructions: 113
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNEL32(?,?), ref: 05D12659
shutdown.WS2_32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D12744

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: CreateMutexshutdown
String ID:
API String ID: 3897568296-0
Opcode ID: b627b37c965643b73200b03c73e2670a9ae3fdb6e9010d1c4fb0c92b0035ac87
Instruction ID: db3c5b2775ee35572fd6923a136a7442d393d6ce985f433bc0eaf8b09ed892df
Opcode Fuzzy Hash: b627b37c965643b73200b03c73e2670a9ae3fdb6e9010d1c4fb0c92b0035ac87
Instruction Fuzzy Hash: 9D41D2B5405384AFE712CF15EC85BA6BFA8EF45320F0884ABED848F292D2759905CB65

Uniqueness

Uniqueness Score: -1.00%

Function 015D1CA1, Relevance: 2.7, Strings: 2, Instructions: 155COMMON

Download Yara Rule

Strings

:@fq, xrefs: 015D1E02
:@fq, xrefs: 015D1DF3

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID: :@fq$:@fq
API String ID: 0-2474355454
Opcode ID: b28eabe35323ace5412bdfd164aed4220e63cea3b85cb11cee831457fda3c177
Instruction ID: 7175d951024f90b8f75bc6669e9ba2b223f5475310c768614c4326cb179322a4
Opcode Fuzzy Hash: b28eabe35323ace5412bdfd164aed4220e63cea3b85cb11cee831457fda3c177
Instruction Fuzzy Hash: 72512D34F003458FDB58DBB8D8596AE7BB2AF85304F1088BAE519EB355EB348D41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05DD9F90, Relevance: 2.2, APIs: 1, Instructions: 657
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.992840634.0000000005DD0000.00000040.00000001.sdmp, Offset: 05DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5dd0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6625e327243935967f7702993c34052500282d8ec10c26828e65c05a5ffb4684
Instruction ID: 202f765f0f47d811cb98f629dc2b16e62bdfdf5e40bbf04c81f7d8aeeda1924b
Opcode Fuzzy Hash: 6625e327243935967f7702993c34052500282d8ec10c26828e65c05a5ffb4684
Instruction Fuzzy Hash: 5C325C34B042058FCB14DBB4D498AAEBBF3AF88314F25856AD406DB394EB35DD45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0543BCA7, Relevance: 1.7, APIs: 1, Instructions: 182
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0543BD6E

Memory Dump Source

Source File: 00000006.00000002.992036298.0000000005430000.00000040.00000001.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5430000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f44fc67bb38a872c58c45d13224e5062c16a5a212d6d809c89d48940907dfc77
Instruction ID: 18689b5a05289e293b1b30841dd12acdc97959328cd3af10a56e37e1007f08cc
Opcode Fuzzy Hash: f44fc67bb38a872c58c45d13224e5062c16a5a212d6d809c89d48940907dfc77
Instruction Fuzzy Hash: DB51B230B043459FCB14DB78D889AAE7BB6FF88304F24856ED505DB255EF319805CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05D11C2D, Relevance: 1.6, APIs: 1, Instructions: 106
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 05D11CF6

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: bb0804c8b72443c9aca85efec9137975114a452e0912abf1aad5ab1ecd141038
Instruction ID: 1a3c215108d8415f45e9c536c4859a40e9c663c1318e9e2e1fc4c3a77fdebdd5
Opcode Fuzzy Hash: bb0804c8b72443c9aca85efec9137975114a452e0912abf1aad5ab1ecd141038
Instruction Fuzzy Hash: 71416F7140D7C0AFE7238B659C54B66BFB5AF07210F1985DBE9C48F1A3D265A808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 05D12A07, Relevance: 1.6, APIs: 1, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(?,00000E2C), ref: 05D12ADB

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: ae08cd082f0b8cf18d9756e85751d8b8de444ef4f9d9e10e2621387264a7ab72
Instruction ID: 75444ef80d29e0c6fc09421908dfc70ce6f9653c5d86f1e3cdea6e965c2babc7
Opcode Fuzzy Hash: ae08cd082f0b8cf18d9756e85751d8b8de444ef4f9d9e10e2621387264a7ab72
Instruction Fuzzy Hash: F131A371004345AFEB228F65DC84FA6BFBCEF06710F14899AE9849B182D275A549CB71

Uniqueness

Uniqueness Score: -1.00%

Function 05D12CB9, Relevance: 1.6, APIs: 1, Instructions: 92
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAIoctl.WS2_32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D12D6D

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 2ff54173c08e84104da2aab3eaec09f0ed861a00ea5c8dc23ce5bbd210ec7196
Instruction ID: 04571714842cd22b7da18436bb27e04f375601bc0ebdddf0ee947ea78940bddb
Opcode Fuzzy Hash: 2ff54173c08e84104da2aab3eaec09f0ed861a00ea5c8dc23ce5bbd210ec7196
Instruction Fuzzy Hash: 75318375109780AFE7228F25DC44F92BFB8EF06310F08849BED858B162D335E809CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05D10DF4, Relevance: 1.6, APIs: 1, Instructions: 90
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 05D10E95

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 4837aa0ca1ed2a983aaa48770651fe94ac6405841fe5a169b8010f7498b1e747
Instruction ID: 2da692e251dcecf8d63e5fea94c22744f620c3557f7ad885478482c537e93425
Opcode Fuzzy Hash: 4837aa0ca1ed2a983aaa48770651fe94ac6405841fe5a169b8010f7498b1e747
Instruction Fuzzy Hash: 06317EB1504340AFE722CF66DC44F66BFE8EF05610F0884AEED858B252D375E845CB65

Uniqueness

Uniqueness Score: -1.00%

Function 05D1206C, Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 05D12103

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 45a8fc203cee6617e9e8fe83e9cb8fb1456da7a51b92a74b19d4739901aa0f97
Instruction ID: ff33635a0eea733d70350957fbf580d4c4c7307c94b9623ab500c0847a7eb837
Opcode Fuzzy Hash: 45a8fc203cee6617e9e8fe83e9cb8fb1456da7a51b92a74b19d4739901aa0f97
Instruction Fuzzy Hash: 9D31B1725043456FEB22CF25DC45F66BFA8EF06320F0884AAED84CB152D224E845CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05D12DB7, Relevance: 1.6, APIs: 1, Instructions: 87networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D12E5E

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 7c546cbbc7a86a9ec138ed41b7648949d9600f5b288be42c040b8975d8647ae3
Instruction ID: 0b38836830ee6c8dc5d51b52daca0f2e7023aec03bb0aa509c597798ce79defb
Opcode Fuzzy Hash: 7c546cbbc7a86a9ec138ed41b7648949d9600f5b288be42c040b8975d8647ae3
Instruction Fuzzy Hash: C63181B14093846FE7138B25DC55F96BFA8EF06324F0884DBE9849F153D224E549CB75

Uniqueness

Uniqueness Score: -1.00%

Function 05D11F6E, Relevance: 1.6, APIs: 1, Instructions: 87
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D12018

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 9ebe216c1d9964f82e36736e1bbaf57a583c6aab922d23266e6d0ae032044c3c
Instruction ID: a103f0f573f8ca3011ca3447cc4dc6eb10a185084ac451318fa695953a4114a0
Opcode Fuzzy Hash: 9ebe216c1d9964f82e36736e1bbaf57a583c6aab922d23266e6d0ae032044c3c
Instruction Fuzzy Hash: 79318E725093846FEB228F65DC44F92BFB8EF06310F0884DBE9859B163D265E948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05D12304, Relevance: 1.6, APIs: 1, Instructions: 87
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MapViewOfFile.KERNEL32 ref: 05D123B6

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 68812662b2fd26d8ed0aaf22bfaa8bfefe10f8413d4da4903bb5c8bb56ad2115
Instruction ID: 1d1112987f3b78b8e01709a7c0ed7e5b7948646524b4b29b1fad363c06ed6bcd
Opcode Fuzzy Hash: 68812662b2fd26d8ed0aaf22bfaa8bfefe10f8413d4da4903bb5c8bb56ad2115
Instruction Fuzzy Hash: F131B1B2404780AFE722CB65DC85F56FFF8EF06320F08859EE9848B152D375A509CB65

Uniqueness

Uniqueness Score: -1.00%

Function 05D125B9, Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 05D12659

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 537034c92fc29677720fac997fa3064e5878caa11427cf9e72915f24912970da
Instruction ID: 2670f5d21787471dcfc6eda63a2364b19b85381283d9d87b8e18179dceb85f80
Opcode Fuzzy Hash: 537034c92fc29677720fac997fa3064e5878caa11427cf9e72915f24912970da
Instruction Fuzzy Hash: 873181B5509780AFE722CF25DC85F56FFE8EF05310F0884AAE9858B292D365E904CB65

Uniqueness

Uniqueness Score: -1.00%

Function 05D11744, Relevance: 1.6, APIs: 1, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D117E0

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 496b6d81b9fe7817b2c9cb192d886e2a67633f08ca3fda49cb77ec6f25091b53
Instruction ID: 814cd0bd50368d0721b3fbd27edbfd220e247df00f69bd56bd274d2b558d2a2e
Opcode Fuzzy Hash: 496b6d81b9fe7817b2c9cb192d886e2a67633f08ca3fda49cb77ec6f25091b53
Instruction Fuzzy Hash: AF216FB2509380AFE7228F65DC44F56BFB8EF06610F0884ABE985DB152D224E848CB75

Uniqueness

Uniqueness Score: -1.00%

Function 05D12A36, Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E2C), ref: 05D12ADB

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 983ccf6f7daee009fe778000cc2008e4a0122ff535eb7482c9a670d9db7882c8
Instruction ID: ea6456e33ef1fb1010e718ba9d7a8c8ed74f2a325359da6cf04a413bc99a9753
Opcode Fuzzy Hash: 983ccf6f7daee009fe778000cc2008e4a0122ff535eb7482c9a670d9db7882c8
Instruction Fuzzy Hash: 0B21EF71100304AFFB31DF65DC84FAAFBACEF08710F10885AFE849A185D675A5458BB1

Uniqueness

Uniqueness Score: -1.00%

Function 05D11642, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 05D116D6

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: e48437457973d09e0d9631c337ef562a89eed3cd661279d2280111de275b8691
Instruction ID: 96621b72a579b2107951725a04057dd9dcfb8fe21a3fbeb129dde7d785a508ef
Opcode Fuzzy Hash: e48437457973d09e0d9631c337ef562a89eed3cd661279d2280111de275b8691
Instruction Fuzzy Hash: 2A21B1B1504344AFE7228F64DC44F66FFB8EF05310F08849BED448B152D224E508CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05D12794, Relevance: 1.6, APIs: 1, Instructions: 79timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D1281D

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 1ecd5162962e7cdfef214941f26a08eab417cc8aa38d7a6eb9a1622e282dd638
Instruction ID: 7bd20bff9080939c71bba585a5897893b66e3ff67bd7bc236891fe943684557a
Opcode Fuzzy Hash: 1ecd5162962e7cdfef214941f26a08eab417cc8aa38d7a6eb9a1622e282dd638
Instruction Fuzzy Hash: 7421B271105380AFEB228F25DC44FA7BFB8EF06310F0884ABED859B152C235E448CB65

Uniqueness

Uniqueness Score: -1.00%

Function 05D11570, Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E2C,?,?), ref: 05D11616

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: 27c2d8d1d2149ce82bc2ee1a6fc230106cbd440502d10c638ad6628913d350f0
Instruction ID: d619bcd8de05a7f7332f4c5f184a2e79a9cbb2e4f23f182d8b60e463fbabf7ef
Opcode Fuzzy Hash: 27c2d8d1d2149ce82bc2ee1a6fc230106cbd440502d10c638ad6628913d350f0
Instruction Fuzzy Hash: 6021817550E3C06FC3138B358C55A21BFB4EF87A10F1D81DFD8848B6A3D225A91AC7A2

Uniqueness

Uniqueness Score: -1.00%

Function 05D12222, Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 05D122AD

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: efbe62c19722167ac68cee5cfdc5949f1d704b883cf315b888825794cf1af708
Instruction ID: caaa712be79356994ace95d039f178c49fa6346d226af402ff07e0b4fab0db47
Opcode Fuzzy Hash: efbe62c19722167ac68cee5cfdc5949f1d704b883cf315b888825794cf1af708
Instruction Fuzzy Hash: 782180B1509380AFE722CB65DC44F66FFA8EF05310F08849AED858F252D275E404C765

Uniqueness

Uniqueness Score: -1.00%

Function 05D12092, Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 05D12103

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 06e0f82f4f0d4abe0e8b20fbfe53ae44d314866bfcf506d11e3876c8f3258dba
Instruction ID: 1b482b02527b744974e84eacdd839f4af354ad083128d641d5e6991927199a17
Opcode Fuzzy Hash: 06e0f82f4f0d4abe0e8b20fbfe53ae44d314866bfcf506d11e3876c8f3258dba
Instruction Fuzzy Hash: 2D21CF72600304AFEB20DF2AEC85F6ABBACEF04720F04846AED45CB241D274E4458B75

Uniqueness

Uniqueness Score: -1.00%

Function 05D1069C, Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E2C), ref: 05D10737

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 5fc8f9e232244144bc9153f72df36f8531ffe2072966db06c360cfe84a9b535b
Instruction ID: 9895333b6e1005a80414f2ffbb4ba3002239cbc15ed0700271123240f43ee189
Opcode Fuzzy Hash: 5fc8f9e232244144bc9153f72df36f8531ffe2072966db06c360cfe84a9b535b
Instruction Fuzzy Hash: 7D21F8710093806FE722CB15DC45FA6BFB8EF06720F1880DAED845F192C264A849CB75

Uniqueness

Uniqueness Score: -1.00%

Function 05D10E16, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 05D10E95

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 8a7c7c9b12eb1d84688871069cebd4ebba56e863854c27a4f45a402413e792b6
Instruction ID: aca5ffba8f8a1395e047da86cff3d129b8affe14ccfdc5f2d61c1be2a4d93757
Opcode Fuzzy Hash: 8a7c7c9b12eb1d84688871069cebd4ebba56e863854c27a4f45a402413e792b6
Instruction Fuzzy Hash: EF219C71604700AFE721DF66DC88B66FBE8EF08310F04846AED858B641D335E444CB69

Uniqueness

Uniqueness Score: -1.00%

Function 05D110F0, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D11181

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 9d716b7f615fc836da575e7a9df0b314eb7751e7ee908782fcccebe8d2ebb070
Instruction ID: e8f4195ec38ad3424deea85a2d2ed85a9b07b2b8097a4d94df4b4c2358d905a1
Opcode Fuzzy Hash: 9d716b7f615fc836da575e7a9df0b314eb7751e7ee908782fcccebe8d2ebb070
Instruction Fuzzy Hash: 69219271409380AFEB228F65DC44F56BFB8EF06314F0884DBE9849B153C224A449CB66

Uniqueness

Uniqueness Score: -1.00%

Function 05D12BE6, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D12C6F

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: a5cd860a3a6566c716895e7b6729f7b9e14488707c9001058b44f1015089d4d7
Instruction ID: c40d0b305a99edbe0268e1c0e946888b429d66ef018c210f196e695e8e9326dc
Opcode Fuzzy Hash: a5cd860a3a6566c716895e7b6729f7b9e14488707c9001058b44f1015089d4d7
Instruction Fuzzy Hash: 582171B14097846FE7228F65DC84F96BFB8EF46310F0884DBE9849F153D265A508C766

Uniqueness

Uniqueness Score: -1.00%

Function 05D12EA8, Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D12F3D

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: 9529c801b4db32b6504f8191ee56f08b46132a5eb8b18406019a2d38256d057b
Instruction ID: f2454e2cda283771023f65200bef5c723f5b58ef9757782083a5af59e56928b8
Opcode Fuzzy Hash: 9529c801b4db32b6504f8191ee56f08b46132a5eb8b18406019a2d38256d057b
Instruction Fuzzy Hash: 9B21C1714093846FEB228F21DC45F66FFB8EF06310F08849BE9849B153C265A508CB66

Uniqueness

Uniqueness Score: -1.00%

Function 05D11662, Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 05D116D6

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: c41b505a7b806bc0b66cef3e2f27a47039dbee34d42cde4200f16ff917280f92
Instruction ID: c2984a75d1b58608c5375e0bca0db456caa41639ab6fb7894b0a23bff03bd9ec
Opcode Fuzzy Hash: c41b505a7b806bc0b66cef3e2f27a47039dbee34d42cde4200f16ff917280f92
Instruction Fuzzy Hash: 5321C3B1500304AFEB21DF55DC45F6AFBA8EF04720F08886BED459B641D274E505CB75

Uniqueness

Uniqueness Score: -1.00%

Function 05D12CF2, Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D12D6D

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 247a05f0eccf13cfb56ca1e6a0529ae6a802f01d888a9a9814d98aa9747b1c42
Instruction ID: bd0779e5e49b89b06c6c7bd660dbf1c842dbbbf08df46144c0d4f2bb3524a42d
Opcode Fuzzy Hash: 247a05f0eccf13cfb56ca1e6a0529ae6a802f01d888a9a9814d98aa9747b1c42
Instruction Fuzzy Hash: 41216A75500704AFEB21CF56DC84FA6BBE8EF08720F08886AED858B652D275E404CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 05D125E6, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 05D12659

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 70a13264877a0eefd34efc6defa16cee51ea90585555ce8c3b91449ea42ab8aa
Instruction ID: 8b71f9ecf442b79fd17dddcc6a281312c787b236ba929d470e478ad95bd64644
Opcode Fuzzy Hash: 70a13264877a0eefd34efc6defa16cee51ea90585555ce8c3b91449ea42ab8aa
Instruction Fuzzy Hash: 7C21CF75604340AFE720CF2ADC84B66FBE8EF04320F04846AED858B282D775E804CA75

Uniqueness

Uniqueness Score: -1.00%

Function 05D1102E, Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D110B5

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 64f3ed2c879f307e4d9bc5f4f08e657ccc7c3890bb0ac3271de30cf09c3f171d
Instruction ID: 8dfbecfcd16c683617625d55d04c2a73c94f4489910b5c78c360e34ca10d5edb
Opcode Fuzzy Hash: 64f3ed2c879f307e4d9bc5f4f08e657ccc7c3890bb0ac3271de30cf09c3f171d
Instruction Fuzzy Hash: 4E219F715093C06FE7228B659C45B66BFB8EF06320F0880DBE9849B193C264A848C762

Uniqueness

Uniqueness Score: -1.00%

Function 05D12F7A, Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05D12FFE

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: f7ad99cf54ffc942b53168338c72de768bb292c8d85c64a3f910ab59865fbbbf
Instruction ID: 65f010f93125677b8e1d464c48a61c5799e672a96986f0f87d74c9d88beb76d2
Opcode Fuzzy Hash: f7ad99cf54ffc942b53168338c72de768bb292c8d85c64a3f910ab59865fbbbf
Instruction Fuzzy Hash: 33218C764093C0AFDB228F65D884A92FFF4EF06210F0984DEED858B563D275A849DB61

Uniqueness

Uniqueness Score: -1.00%

Function 05D1176E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D117E0

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: fb2c111380015f7dc8504f8d5f173fe9e85a8849a57a47a41013cdb4665da021
Instruction ID: b23c797a77108df3249b1fb7e02f94d4455741cdc7e0a3c3f67abaebd9361aa0
Opcode Fuzzy Hash: fb2c111380015f7dc8504f8d5f173fe9e85a8849a57a47a41013cdb4665da021
Instruction Fuzzy Hash: 4A218EB2504304AFEB21CF95EC84F66BBA8EF04720F04846AEE459B646D774E404CAB5

Uniqueness

Uniqueness Score: -1.00%

Function 05D11A87, Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D11B08

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: 25caef29f1a74cde3c391688efec458084a5129ced297609817bf3a63a6999a4
Instruction ID: 74ebd39adb3cdb12e660b80a78fbf0bad82622d630dffc01131df1a9d452a2cf
Opcode Fuzzy Hash: 25caef29f1a74cde3c391688efec458084a5129ced297609817bf3a63a6999a4
Instruction Fuzzy Hash: E32190714093846FEB228F55DD84FA6FFB8EF46320F0884DBED849B153D264A549CB62

Uniqueness

Uniqueness Score: -1.00%

Function 05D12242, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 05D122AD

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 7f004ae429856941d78676ea35151e5d29867c25f2561c286cce88547ee51d02
Instruction ID: 8038365bb0c1386399ecc6dd36ccec52e04159867b70b6c3bc8e7f986f75d5e6
Opcode Fuzzy Hash: 7f004ae429856941d78676ea35151e5d29867c25f2561c286cce88547ee51d02
Instruction Fuzzy Hash: DA21AEB5504340AFE721DF6ADC85B6AFBE8EF04320F14846AED858F642D676E404CA75

Uniqueness

Uniqueness Score: -1.00%

Function 05D11C8A, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 05D11CF6

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 6dea27db0e3ccfbfebaeb9aaf097f38f2a6296cbd30b9d16b8ccd2a7502c9a64
Instruction ID: 57eac8acc4b00bde91ad5ba3add5d2ad26174694ed293b4df275517e345bcecb
Opcode Fuzzy Hash: 6dea27db0e3ccfbfebaeb9aaf097f38f2a6296cbd30b9d16b8ccd2a7502c9a64
Instruction Fuzzy Hash: 0A219D71500740AFEB31DFA5DC84B66FBA9EF08720F14886EEE858A652D375E404CB76

Uniqueness

Uniqueness Score: -1.00%

Function 05D12342, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 05D123B6

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 9f4e2d1cdc9ebff3de73e60b1be11b16f360adb03dab6047aa016cd7e920ecfd
Instruction ID: e8a143a09d079f240bda0c40c1e2b1b208bb9bbdd1a7be1891bf17734f45dfda
Opcode Fuzzy Hash: 9f4e2d1cdc9ebff3de73e60b1be11b16f360adb03dab6047aa016cd7e920ecfd
Instruction Fuzzy Hash: 81219D71500740AFE721CF5ADD85F66FBE8EF08320F04845EE9858B641D676E508CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 05D11D4F, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 05D11DCC

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 89d3a8282a567daa36285cfbfd4482c58a5afcc29fc78475d56f28946788c227
Instruction ID: 5bd1f1268092dddb6a85627ce5a1a788d72d20d240e08a3569e64a93e2a23847
Opcode Fuzzy Hash: 89d3a8282a567daa36285cfbfd4482c58a5afcc29fc78475d56f28946788c227
Instruction Fuzzy Hash: A8216A724097C0AFDB228F65DC44AA2BFB4EF07320F0985DAED848F163C2359859CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05D11FA6, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D12018

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: f5ec31d0f2d4ba3a302b0026c0f2b7c345c081924af67c32030b2d5222c20af5
Instruction ID: 72a0f6e80cc07bc4fef222748b26cf279a5fdbc30242a01acfb1ad980bb77f62
Opcode Fuzzy Hash: f5ec31d0f2d4ba3a302b0026c0f2b7c345c081924af67c32030b2d5222c20af5
Instruction Fuzzy Hash: 3C11DF72200304AFEB21CE66DC80F66FBA8EF04720F08856AED868B652D375E444CB75

Uniqueness

Uniqueness Score: -1.00%

Function 05D127BE, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D1281D

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: d429ba22a943947bc30d7956e0cd018087e53dcd6ace7b2cdfe5c453c99b402c
Instruction ID: 65754cce76bfe1007d244e73a08586570dce4819ab59d757d174223ec9248a43
Opcode Fuzzy Hash: d429ba22a943947bc30d7956e0cd018087e53dcd6ace7b2cdfe5c453c99b402c
Instruction Fuzzy Hash: DB119071500304AFEB21CF66EC85FAAFBA8EF04720F04846AED458B655D675E404CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 05D12DFA, Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D12E5E

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 538b41ae55c43e6b6f9d8be22fba556c1b905fc7db21b9d49fca9d205f5fafd1
Instruction ID: 919f8dcf9eda7db19e1ee1642717a599dda31a4a093d0971fcae72b00b6a7a3b
Opcode Fuzzy Hash: 538b41ae55c43e6b6f9d8be22fba556c1b905fc7db21b9d49fca9d205f5fafd1
Instruction Fuzzy Hash: 3C118EB2500304AEEB21CF66DC84FAABBACEF04720F04886BED459B245D674E4048AB5

Uniqueness

Uniqueness Score: -1.00%

Function 05D11122, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D11181

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 33f1f6bbd625afd3c723c91a980a8772d5c4dfbdc7d243a13a06225deb0874c2
Instruction ID: bd080be97a307d04abed92d65c8c001a7c180d7151519c655d6158919ebc7d50
Opcode Fuzzy Hash: 33f1f6bbd625afd3c723c91a980a8772d5c4dfbdc7d243a13a06225deb0874c2
Instruction Fuzzy Hash: A111B271504304AFEB21CF95DC44F6AFBA8EF04720F04846AEE459B645D274E444CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 05D12C16, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D12C6F

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: def0f503232a5a1b37f3ba3d5b79b85cd820788b2c81edaadcd24d13647cbe2c
Instruction ID: e3ed414e09667bb1e9feea57a3c0b9826eb43e6280c6f8d44be211c6180adadd
Opcode Fuzzy Hash: def0f503232a5a1b37f3ba3d5b79b85cd820788b2c81edaadcd24d13647cbe2c
Instruction Fuzzy Hash: 30119171504304AFEB21CF56DC84BA6FBA8EF44720F14846BEE459B245D675E404CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 05D1183A, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?,625113E7,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 05D11898

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 2270545a53e10feec840cfc7cd26fbb0aad8ef8af87f5a6ac76a7ba0db93918d
Instruction ID: b61076f642d5b35af059fa882e4c54bd9094691c3aa9a5182af3c7d7a7ee6145
Opcode Fuzzy Hash: 2270545a53e10feec840cfc7cd26fbb0aad8ef8af87f5a6ac76a7ba0db93918d
Instruction Fuzzy Hash: 221163715093C4AFDB128B65DC44B56BFA4EF06210F09C4EBED858F662D275A448CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05D126EE, Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D12744

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 040c051b05d46dadd33b47efaffaf1a6dab89ca5f361c72af32fbedba85e80fd
Instruction ID: a0e8e7e95f7cb897adee64ee9c83ea3b519095914b3d4325fe069ee95313b028
Opcode Fuzzy Hash: 040c051b05d46dadd33b47efaffaf1a6dab89ca5f361c72af32fbedba85e80fd
Instruction Fuzzy Hash: B911C275500304AFEB21CF5AEC84B67FBA8EF44720F1484ABED449B246D275E404CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 05D12EDE, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D12F3D

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: a865b2ed9581a353b6a8ff7197ceed00edf1cbdd5ea941cd6f2cd71e7e173434
Instruction ID: 0d9275ac06302eced811ec1e1163007413a1d53fed4e7ec12f433ea70f1ed9e4
Opcode Fuzzy Hash: a865b2ed9581a353b6a8ff7197ceed00edf1cbdd5ea941cd6f2cd71e7e173434
Instruction Fuzzy Hash: 23110E75500304AFEB218F16EC84F66FBA8EF04720F04849BED858B656D375E408CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 05D106CE, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E2C), ref: 05D10737

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 62944601ee3a770c5093fd8e9d9f6eb0b2255c1527ce2874f4090cf455b5bba5
Instruction ID: 536a03e2103514190f9f0513910f24bdc73ccffea02de3b9d098497f9c99e99d
Opcode Fuzzy Hash: 62944601ee3a770c5093fd8e9d9f6eb0b2255c1527ce2874f4090cf455b5bba5
Instruction Fuzzy Hash: AA11E571500300AFF731DB15DD89F76FBA8EF04720F14C49AED455A286D2B4E544CAB6

Uniqueness

Uniqueness Score: -1.00%

Function 05D11AB2, Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D11B08

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: 946e12d16336f34be4ad2bceaefa7252613af0bc702e0359cba287199eb0d95c
Instruction ID: 50a748150adb104a09b3591534e5af510649e935f2eb42ae8b0a4beba3827b1c
Opcode Fuzzy Hash: 946e12d16336f34be4ad2bceaefa7252613af0bc702e0359cba287199eb0d95c
Instruction Fuzzy Hash: DF010471500304AFEB21CF55DE85F66FBA8EF45721F04809BEE449B246E274E404CAB5

Uniqueness

Uniqueness Score: -1.00%

Function 05DDA590, Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 05DDA5D0

Memory Dump Source

Source File: 00000006.00000002.992840634.0000000005DD0000.00000040.00000001.sdmp, Offset: 05DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5dd0000_JUST1F1.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fc29bfe2418dd96ae193bd17dbdbd8b342ba96f112cba358cb7e5198adc62ebf
Instruction ID: c5e711ef126fb33e7bd3faaadda724af5dfd018a1869fc6004b5aa783122058d
Opcode Fuzzy Hash: fc29bfe2418dd96ae193bd17dbdbd8b342ba96f112cba358cb7e5198adc62ebf
Instruction Fuzzy Hash: 36111970E00219DFDB14DFB4D459AAEFBF2FF48315F108529E802A7254DB359886CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05D10FA0, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(?,625113E7,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 05D10FF4

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: cbea009c79f923aab70648fa69238e268242def5d9a5c7f773e8aa172e627459
Instruction ID: 5d3e516ea21fca639f586a7eb917dc99d8351e58d4a310450e4b8e071ccd3a20
Opcode Fuzzy Hash: cbea009c79f923aab70648fa69238e268242def5d9a5c7f773e8aa172e627459
Instruction Fuzzy Hash: 2411C2715093C09FDB128B25DC94B62FFA4EF06220F0880DBED858B252D275A848CB62

Uniqueness

Uniqueness Score: -1.00%

Function 05D11062, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E2C,625113E7,00000000,00000000,00000000,00000000), ref: 05D110B5

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: a82873fff53a8e25544f3cf5edab36b7a43182c0205e062a2da6e8715c8b3a64
Instruction ID: 9d6bafa68c7df30912eda01d0a8174c81f4864c436301f9d006bcb78efc453e5
Opcode Fuzzy Hash: a82873fff53a8e25544f3cf5edab36b7a43182c0205e062a2da6e8715c8b3a64
Instruction Fuzzy Hash: 0F01D671900344AFE721CF66EC85F66FB98EF04720F14C09BEE449B286D274E444CAB6

Uniqueness

Uniqueness Score: -1.00%

Function 05D12FB2, Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05D12FFE

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 1e326084cda2fe49d0ad4a2d8a26bbda61efb13a8e71ebce6065c9b70ef86859
Instruction ID: dd2dc0914034a16ff505290c677ad3a6d1a05bf7cd24e1aba86ed633bafc0d2a
Opcode Fuzzy Hash: 1e326084cda2fe49d0ad4a2d8a26bbda61efb13a8e71ebce6065c9b70ef86859
Instruction Fuzzy Hash: 94117075500744AFDB21CF56D884B62FBE4FF04720F0888AADD858B616D335E458DB61

Uniqueness

Uniqueness Score: -1.00%

Function 05D115C6, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E2C,?,?), ref: 05D11616

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: 685f458c7c9f66fbd1a419a0ce3e644fc25aa5af5f1c24313106f136183a6be3
Instruction ID: 90e1102fdf38e5714753eb8d1efeda9a23c9b2b8849cfbac38f5dd9363a9863a
Opcode Fuzzy Hash: 685f458c7c9f66fbd1a419a0ce3e644fc25aa5af5f1c24313106f136183a6be3
Instruction Fuzzy Hash: D801A271500604ABD324DF1ADC86B26FBA8FB89B20F14C15AED084B741D231F516CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 05D11D8E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 05D11DCC

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 2fdccc38328cce3e18758b96c3db50c1d330edfa601ddf3dc3a40222a74117aa
Instruction ID: 87dc803e995243cc2b6e28454ebfe28a5453c793ff1c394095e940946f07e57e
Opcode Fuzzy Hash: 2fdccc38328cce3e18758b96c3db50c1d330edfa601ddf3dc3a40222a74117aa
Instruction Fuzzy Hash: E80180315007409FDB21CF95E844B65FBA0EF04721F0884AADE854B616D275E414CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 05D11866, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?,625113E7,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 05D11898

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: af79007832855b41e61fac22556f1fd6f00f6ba49c38b0a231c25329013c1a1d
Instruction ID: 994fc29957a3970b1fbdebb965c0da554b9d1a3d2de3412f2488d848dc7dd636
Opcode Fuzzy Hash: af79007832855b41e61fac22556f1fd6f00f6ba49c38b0a231c25329013c1a1d
Instruction Fuzzy Hash: 2F01A275904344AFEB20CF5AE885766FB94EF04321F08C4ABDD498F646D678E444CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 05D10FC2, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(?,625113E7,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 05D10FF4

Memory Dump Source

Source File: 00000006.00000002.992762533.0000000005D10000.00000040.00000001.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d10000_JUST1F1.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: b5fc0cdb757b875a6c9a7ec72c11576b1e37433b03710be4cc3a835a35d49ce6
Instruction ID: 721beb1f48ac71c5a2f8017a3455aafdb90d6072232c969b69d1a3fa6f32c069
Opcode Fuzzy Hash: b5fc0cdb757b875a6c9a7ec72c11576b1e37433b03710be4cc3a835a35d49ce6
Instruction Fuzzy Hash: 8E01D6359047409FDB20CF66E885766FB94EF04321F08C0ABDD458B656D279E488CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 015D3728, Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

:@fq, xrefs: 015D37BA

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID: :@fq
API String ID: 0-3673016210
Opcode ID: f2850c03a7efdec9805fb4a0b4bf01f5037a750a912f74eb2abaab9e612bfa56
Instruction ID: 258d5af70d55df28ad4331a63a55d4d7121d9285f70801b91f3b884b07a06725
Opcode Fuzzy Hash: f2850c03a7efdec9805fb4a0b4bf01f5037a750a912f74eb2abaab9e612bfa56
Instruction Fuzzy Hash: 6F717F70B001114BEF759BBCD44076E7ADAFB8D710F60443AE10ADB7A6CA78CD818766

Uniqueness

Uniqueness Score: -1.00%

Function 015D3738, Relevance: 1.5, Strings: 1, Instructions: 227COMMON

Download Yara Rule

Strings

:@fq, xrefs: 015D37BA

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID: :@fq
API String ID: 0-3673016210
Opcode ID: acadfeb571b2b01f375e16e8ab2b0a7a8d0a87d55a6936bb1fe7a25dd7a8bb94
Instruction ID: c4fdc20df18555af40c88e36017af327d74ce57822e1c84de881f200d353eeb8
Opcode Fuzzy Hash: acadfeb571b2b01f375e16e8ab2b0a7a8d0a87d55a6936bb1fe7a25dd7a8bb94
Instruction Fuzzy Hash: BA717E70B001118BEF759BBCD84076E7ADAFB8D710F60443AE10ADB799CA78CD818766

Uniqueness

Uniqueness Score: -1.00%

Function 015D0B68, Relevance: .7, Instructions: 661COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1bb1a1e54183ca8190f13d69dc5b510a811ba487e7a011ddad33e868f2c9cce
Instruction ID: c6bff7817fbee048bd537933bbd445e841b5fdd98d0c700ad70e18afdd6fa3da
Opcode Fuzzy Hash: b1bb1a1e54183ca8190f13d69dc5b510a811ba487e7a011ddad33e868f2c9cce
Instruction Fuzzy Hash: 4F325A30B002068FDB65DB7CD4847AEB7E2FB89314F24856AE509DB395EB35DC818B91

Uniqueness

Uniqueness Score: -1.00%

Function 015D0070, Relevance: .6, Instructions: 585COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b216821d7df039c9823f8437d0645df87163d7f63b463a00be0140853c9984f4
Instruction ID: 71daccc3da571a5348b0c728f0aa171f63aaf42e4db24180eb6097be895d7e60
Opcode Fuzzy Hash: b216821d7df039c9823f8437d0645df87163d7f63b463a00be0140853c9984f4
Instruction Fuzzy Hash: 27125F31F001168BDF359A7CC4946AE7BA6BB89350F24882AF849EF3D5DE35DC818791

Uniqueness

Uniqueness Score: -1.00%

Function 015D1419, Relevance: .5, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d237878d13aa847fbeabd36dd3c09ac232122d5b683e33b420b6cb28c7ce5c7c
Instruction ID: db5f1380da80638b2edc7e2178d5e141d318a99e47c1ee0f8f311bcfcf10e405
Opcode Fuzzy Hash: d237878d13aa847fbeabd36dd3c09ac232122d5b683e33b420b6cb28c7ce5c7c
Instruction Fuzzy Hash: 7F125C30A00609CFDB25DFA8C884AADBBB2FF85304F1585A9D519AF355DB30EC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 015D0B09, Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c87c21c371a2620d9a5f37bac31e072f16a145abfb671f5a0827ef65b334a87
Instruction ID: 456cbff02a79f80f2a7c0847af0f57fd92e4d672adc2283d56b8181e03f94a01
Opcode Fuzzy Hash: 4c87c21c371a2620d9a5f37bac31e072f16a145abfb671f5a0827ef65b334a87
Instruction Fuzzy Hash: 84D11670A0020A8FDF75CB6CD5847ADB7A2FB49314F248966F415DF292DB35EC818B91

Uniqueness

Uniqueness Score: -1.00%

Function 015D2FB0, Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55dea58b609581c5634c421a1e111620e367bb188bf9de565767a5d80e80766b
Instruction ID: 79c2deb44e9cbaa4197e2d586e0cf2c3ee5caa6e8a26a523da500704369d590e
Opcode Fuzzy Hash: 55dea58b609581c5634c421a1e111620e367bb188bf9de565767a5d80e80766b
Instruction Fuzzy Hash: 2CA181347093858FD752877898195BA7BF2AB86310F1980FBD048DF6A7EA39CD05C752

Uniqueness

Uniqueness Score: -1.00%

Function 015D3DD0, Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ef5e7fc7198c1ac8d194f3439f0ecefff6d31254531a007ed046d51202e5e62
Instruction ID: f8ff3057d7bdcfa127841da88ea97f43a69b2e3ebb93ddf4eaf515b434324103
Opcode Fuzzy Hash: 7ef5e7fc7198c1ac8d194f3439f0ecefff6d31254531a007ed046d51202e5e62
Instruction Fuzzy Hash: CAA18B35B002099FCB599BB8D8545AE7BF3AF88301F14846AE405DB3A4EB35DC86CB52

Uniqueness

Uniqueness Score: -1.00%

Function 015D3A50, Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3583a255fda5e2b88aecffb8ec72006adc2abb878c326b894fa132beadbdaa9
Instruction ID: 558c26a178db606b3fe250bcb252519e0d2d0d83617925c7081fc2724f34de3a
Opcode Fuzzy Hash: c3583a255fda5e2b88aecffb8ec72006adc2abb878c326b894fa132beadbdaa9
Instruction Fuzzy Hash: B9A1F070B043458FC766AB7C98146BD7BE1BF85310F1984BEC545AF3A2EA35CC058B92

Uniqueness

Uniqueness Score: -1.00%

Function 015D1860, Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cfa5a1f1488c283ff2fb777ed1d519c117bb3b127f55c644b47c1648ee30381
Instruction ID: 365e46aca4aea1460148c06c74e029e0b67bf99ec4c778b49b9ef2ff4b8a467e
Opcode Fuzzy Hash: 6cfa5a1f1488c283ff2fb777ed1d519c117bb3b127f55c644b47c1648ee30381
Instruction Fuzzy Hash: 04913D70A006098BDB18DFACC584A9DBBF6FF88304F248569E555AB359DB30EC45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 015D0610, Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bfef623a27a0523267707f278aa9467ac5b662e5b090f9cce6d26554f802901
Instruction ID: 31c2150bad2ee4d3261667eaeab3e692c1ddd3a7473a11f6fcfafa52c5946d42
Opcode Fuzzy Hash: 9bfef623a27a0523267707f278aa9467ac5b662e5b090f9cce6d26554f802901
Instruction Fuzzy Hash: B2414F31F002168FCBA8EBB8D0585AE77E3AF88715B20853DD406DB358EF359D428B91

Uniqueness

Uniqueness Score: -1.00%

Function 015D32FF, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17cd4ce7848969c391eba436a365565fdc329fc6c808628d85285c70f64c8318
Instruction ID: 44abf1ede6078c8d8888ed8c18fa86a35ac224c0c5f3dbf9f3e6b8fa41540ef0
Opcode Fuzzy Hash: 17cd4ce7848969c391eba436a365565fdc329fc6c808628d85285c70f64c8318
Instruction Fuzzy Hash: 04317C75B102498FCB95DB78D5455EE7BF2AF89310B1040BBD108DB756EB348D028B96

Uniqueness

Uniqueness Score: -1.00%

Function 015D09E9, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 862b73d140789ef07b5e5135b3315f5e8482ac8218ae043fcf67f265d8710e84
Instruction ID: 2b32370629af7cd8de31765509d929f2647e6d921af55c752faea71243e9bab1
Opcode Fuzzy Hash: 862b73d140789ef07b5e5135b3315f5e8482ac8218ae043fcf67f265d8710e84
Instruction Fuzzy Hash: F431C175F012498FCB94DB7CE8495EE7BF2EF89310B20817AE008DB651EB348D018B92

Uniqueness

Uniqueness Score: -1.00%

Function 05D2300E, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.992784020.0000000005D20000.00000040.00000001.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d20000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2b8234ac36f0e3eb0f162f5ac2c321e0be5d0da870e0fb480067494b2651696
Instruction ID: 6d884ac6d2d37c5a27c2488e693d8f8ea6ce47c56a048435d57f2676dc0fa376
Opcode Fuzzy Hash: a2b8234ac36f0e3eb0f162f5ac2c321e0be5d0da870e0fb480067494b2651696
Instruction Fuzzy Hash: 7A21C5B5608341AFD351CF19D880A5BFBE4FF89664F14896EF888D7311E275E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 02EE0724, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990129747.0000000002EE0000.00000040.00000040.sdmp, Offset: 02EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2ee0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2091da61cab01b656ff74cab5137701644d6a3d8b1f0a3d905b49fc4b5357d10
Instruction ID: b63c6538e536264f816e45f9a41df63a7ff278f0cb429f200c190cc3e28ee19c
Opcode Fuzzy Hash: 2091da61cab01b656ff74cab5137701644d6a3d8b1f0a3d905b49fc4b5357d10
Instruction Fuzzy Hash: A7215B3514D3C18FDB038B60C860B55BFB1AF57218F1985DED8859B6A3C33A8807DB92

Uniqueness

Uniqueness Score: -1.00%

Function 05D23A80, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.992784020.0000000005D20000.00000040.00000001.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d20000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7da02b100355016597adc5ddf49f5335875d8e2d2f802ca844707103821d706
Instruction ID: 63bf6afde1a12f9def6845d3761c9ad78f722cddcf9ba16cdf9546fa7d8d87da
Opcode Fuzzy Hash: c7da02b100355016597adc5ddf49f5335875d8e2d2f802ca844707103821d706
Instruction Fuzzy Hash: 9111CCB5508301AFD350CF19D880A5BFBE4FB88664F14896EF898D7311D231E9148FA6

Uniqueness

Uniqueness Score: -1.00%

Function 02EE075C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990129747.0000000002EE0000.00000040.00000040.sdmp, Offset: 02EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2ee0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79f80d30d50d24bab4316dc68c90df0be82e25e3e41ba31d9808e716ebdd3fd0
Instruction ID: ab301b8aae9f76cdd157f2a8ba41287e60796e983d7f43ddb883db0bc0c826a8
Opcode Fuzzy Hash: 79f80d30d50d24bab4316dc68c90df0be82e25e3e41ba31d9808e716ebdd3fd0
Instruction Fuzzy Hash: 27110634244384DFDB15DB14C981B26BB91EB48708F28C5ACE84A2B642C7BBD803CE51

Uniqueness

Uniqueness Score: -1.00%

Function 015D0A48, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c1f930d82e80add3a896026b96f2f4bf7e98d8e5c7e2638ffea9b159d774152
Instruction ID: 56ace9070fe4ebb9d02dd1a6f81f2a38eaa1e2a66930760322a1c37afe3aa877
Opcode Fuzzy Hash: 5c1f930d82e80add3a896026b96f2f4bf7e98d8e5c7e2638ffea9b159d774152
Instruction Fuzzy Hash: 3E116175F001098F8B44EBBDD4455AEB7F6EB8D610B20813AE509E7344EF349E028BA5

Uniqueness

Uniqueness Score: -1.00%

Function 015D3240, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1e2ee545f405f078fc26e11a1a61e0021b6886418ce67ddfe5145f43e7d3616
Instruction ID: 3645fbfb82d3cb5b155faa0154e12e55b11ad3fcf1aa215ed7a4ee53bc94619a
Opcode Fuzzy Hash: d1e2ee545f405f078fc26e11a1a61e0021b6886418ce67ddfe5145f43e7d3616
Instruction Fuzzy Hash: 6D115B75F001598F8B84EBBDD4459AEB7F6FB8D210B20816AE509E7304EF349E029B95

Uniqueness

Uniqueness Score: -1.00%

Function 015D3360, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3077566fe312e7f9ee173b1a6d5495e849f08c71e9d486be2b18c330ee5261dc
Instruction ID: 531f55bf6193fb7d9726b8847fc1b9ea8f50f589e71f981281edc4ddfa72a20f
Opcode Fuzzy Hash: 3077566fe312e7f9ee173b1a6d5495e849f08c71e9d486be2b18c330ee5261dc
Instruction Fuzzy Hash: 06115B75F101098F8B94EBBDD5459AEB7F6FB8C610B20807AE509E7304EF349E029B95

Uniqueness

Uniqueness Score: -1.00%

Function 05D23924, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.992784020.0000000005D20000.00000040.00000001.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d20000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f481f4397f3a47339de3a30723696535baa32694afad9f399549a24af13ea34
Instruction ID: 1b529b1bb3dfe291dd33bea017ef9891dbdf515bc1c1690db6f17624f5939c22
Opcode Fuzzy Hash: 8f481f4397f3a47339de3a30723696535baa32694afad9f399549a24af13ea34
Instruction Fuzzy Hash: 8311FAB5608301AFD350CF09DC80A5BFBE8EB88660F14C92EFD9997311D231E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 02EE05CF, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990129747.0000000002EE0000.00000040.00000040.sdmp, Offset: 02EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2ee0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f366e6e5b64f042d73f6e45cf191bc8be65d9d7b1685b09136b5bac4d1cc78af
Instruction ID: 9608bb7e763b9b065b7873fa14fa1b8ffee7bbc781fb3a52d1ea2e3e8bf99d3d
Opcode Fuzzy Hash: f366e6e5b64f042d73f6e45cf191bc8be65d9d7b1685b09136b5bac4d1cc78af
Instruction Fuzzy Hash: 4801867550D7806FD7128B169C54862FFF8EF86620719C4DFEC89CB612D225A909CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 015D3D1E, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a5b7190718916316ab50cdd8ae6205b04bc966bc275468f6284e0c892d07c48
Instruction ID: 80571333b0dbdf92e92b045abd6f9c2de9165d72c846658508a019f33a457d7f
Opcode Fuzzy Hash: 6a5b7190718916316ab50cdd8ae6205b04bc966bc275468f6284e0c892d07c48
Instruction Fuzzy Hash: 5AF06D72B04520CBCBA4BBBCA54426CB6F2BB88255B25487CD59997288EF314D28D7C2

Uniqueness

Uniqueness Score: -1.00%

Function 02EE0818, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990129747.0000000002EE0000.00000040.00000040.sdmp, Offset: 02EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2ee0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
Instruction ID: f7f2f4a6659d56ee78c5dcd7dc73bc81aaf27161304f7c21a98e123141020fc9
Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
Instruction Fuzzy Hash: 38F01D35144644DFC706DF40D940B25FBA2EB89718F24C6ADE9491B752C377E813DE81

Uniqueness

Uniqueness Score: -1.00%

Function 02EE05F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990129747.0000000002EE0000.00000040.00000040.sdmp, Offset: 02EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2ee0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d1bb00f56159e538c89fc7222b59d6b78079af5966baf30a840aae88f4eb944
Instruction ID: 91bc83e09e4b6c06a4945369c820689b2de1f603ca18809d49d2127c437b2036
Opcode Fuzzy Hash: 0d1bb00f56159e538c89fc7222b59d6b78079af5966baf30a840aae88f4eb944
Instruction Fuzzy Hash: 76E092766047045BD650CF0AEC81462FBD8EB84630B18C07FDC0D8B701E535F504CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 015D329F, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: debd0a5a027b1b0d1ae8bbec7f466e8746c8622e28a4dafc3e2a7ebc911fe839
Instruction ID: 011098ca6177e2851cc5e3b6ee54b34789cfb4bf1efd3a7e3d89eed34e930c68
Opcode Fuzzy Hash: debd0a5a027b1b0d1ae8bbec7f466e8746c8622e28a4dafc3e2a7ebc911fe839
Instruction Fuzzy Hash: 49E0C935B041488BCF54EBB9D5458DDB3F1FF8D2147208569D509E7219EE359E018751

Uniqueness

Uniqueness Score: -1.00%

Function 015D33BF, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22c91dc035219fce6ac19ed141c7b611f0f35b393856fcca901eb100156770cd
Instruction ID: f2b74edd0ad9e4bf1dea61023a0ebd03ebd72c3525b7b98294338c5b5292e8be
Opcode Fuzzy Hash: 22c91dc035219fce6ac19ed141c7b611f0f35b393856fcca901eb100156770cd
Instruction Fuzzy Hash: 1CE0ED35B001088FCF54E7B8D5498DDB3E1FF8C214720446AD109E7215EF35DE019B51

Uniqueness

Uniqueness Score: -1.00%

Function 015D0AA7, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.990004398.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15d0000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08b633d85a902b54a9b5fbcc12fb058fb0129496f56f43214fb181b357d1cb28
Instruction ID: a0ae8b499b49fb4ae1f977c287353b24ace32f7b60a98cbcb01896a2fa7836e5
Opcode Fuzzy Hash: 08b633d85a902b54a9b5fbcc12fb058fb0129496f56f43214fb181b357d1cb28
Instruction Fuzzy Hash: B2E0C975B001088FCF14E7B8E5558DDB3E1EF8C2147208569E509E7255EA359E018B61

Uniqueness

Uniqueness Score: -1.00%

Function 05D23AEB, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.992784020.0000000005D20000.00000040.00000001.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d20000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5790e276e7d42c92e074e2640e743100de1634f704902da6e8c112f4a133274d
Instruction ID: 97ceb0ac67be32c0c485477b75fe2bbc4a70803166d00cd6e674cd95390dce0f
Opcode Fuzzy Hash: 5790e276e7d42c92e074e2640e743100de1634f704902da6e8c112f4a133274d
Instruction Fuzzy Hash: 90E0D8B255130467D2208E0A9C85B22FB9CDB54A30F04C467ED081B702E072F5148AE5

Uniqueness

Uniqueness Score: -1.00%

Function 05D23397, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.992784020.0000000005D20000.00000040.00000001.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d20000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80aa161cab99459ead9d57f8f3bc6ccf7f1af29bf8850b73c9d8c63e586affc
Instruction ID: d95296abc0f87fa12094fae7aede72b4dd1e5a25c33df599cd078042b920aeee
Opcode Fuzzy Hash: e80aa161cab99459ead9d57f8f3bc6ccf7f1af29bf8850b73c9d8c63e586affc
Instruction Fuzzy Hash: 26E0D87251130467D2209E0ADC85B23FB98DB45A30F08C467ED081B706E072F514CAE5

Uniqueness

Uniqueness Score: -1.00%

Function 05D23083, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.992784020.0000000005D20000.00000040.00000001.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d20000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cf9166ad6612cca9c25d945d17c4f3c2ad42c8a6bcfdc74c7bbe82e4403474b
Instruction ID: 24411dbb093ef1e573527bdeaaf47d1990b1d7db7527b37d2a2b651a2069c832
Opcode Fuzzy Hash: 1cf9166ad6612cca9c25d945d17c4f3c2ad42c8a6bcfdc74c7bbe82e4403474b
Instruction Fuzzy Hash: DFE0D87255170467E2208F0A9C85B22FB98DB40A30F04C467ED081B742E072F5148AE5

Uniqueness

Uniqueness Score: -1.00%

Function 05D23973, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.992784020.0000000005D20000.00000040.00000001.sdmp, Offset: 05D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d20000_JUST1F1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f6b069b1ad2283e1218308163e278e1b43d76ccdf637c887bd703d10d03d80d
Instruction ID: aec0703b6361c0fdf320f88255946dc2bc4ec8f6b5ec582feafc1a77460e8ae3
Opcode Fuzzy Hash: 3f6b069b1ad2283e1218308163e278e1b43d76ccdf637c887bd703d10d03d80d
Instruction Fuzzy Hash: 77E0D87251130467D2609E0A9C85B23FB98DB40A30F04C467ED081B702E172F5148AF5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report JUST1F1.tar

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: Agenttesla

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

SMTP Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Function 018102A8, Relevance: 3.0, Strings: 2, Instructions: 475
COMMON

Function 013DB0B2, Relevance: 1.6, APIs: 1, Instructions: 101
COMMON

Function 013DAB70, Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 013DA504, Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Function 013DA9E2, Relevance: 1.6, APIs: 1, Instructions: 90
pipeCOMMON

Function 013DA120, Relevance: 1.6, APIs: 1, Instructions: 82
fileCOMMON

Function 013DAB96, Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Function 013DB0E2, Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Function 013DA77C, Relevance: 1.6, APIs: 1, Instructions: 78
COMMON

Function 013DA85F, Relevance: 1.6, APIs: 1, Instructions: 77
fileCOMMON

Function 013DA52A, Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Function 013DA6BB, Relevance: 1.6, APIs: 1, Instructions: 73
COMMON

Function 013DA600, Relevance: 1.6, APIs: 1, Instructions: 68
COMMON

Function 013DA448, Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Function 013DA88E, Relevance: 1.6, APIs: 1, Instructions: 60
fileCOMMON

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre