Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report dbeaver.exe

Overview

General Information

Sample Name:dbeaver.exe
Analysis ID:347768
MD5:b56bf7c40d3e84ca5557e6f9f9786cb3
SHA1:eadaa2cdd7c8dd0f2978a8ea0b2fe45ae9d4dd26
SHA256:82d314c6d7c17dbbd8ba26241b82402f246da22aaaafc3418d04b6fc30872a10

Most interesting Screenshot:

Detection

Score:24
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Potential time zone aware malware
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found evasive API chain (may stop execution after checking a module file name)
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info

Classification

Analysis Advice

Sample may be VM or Sandbox-aware, try analysis on a native machine
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")



Startup

  • System is w10x64
  • dbeaver.exe (PID: 1064 cmdline: 'C:\Users\user\Desktop\dbeaver.exe' MD5: B56BF7C40D3E84CA5557E6F9F9786CB3)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Compliance:

barindex
PE / OLE file has a valid certificateShow sources
Source: dbeaver.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
Source: dbeaver.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F35E94 __doserrno,_errno,_errno,__doserrno,FindFirstFileW,_errno,_errno,_errno,_errno,_errno,GetDriveTypeW,free,free,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,0_2_00007FF6C6F35E94
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F32A20 free,malloc,FindFirstFileW,FindNextFileW,free,FindClose,malloc,free,free,0_2_00007FF6C6F32A20
Source: dbeaver.exeString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: dbeaver.exeString found in binary or memory: http://ocsp.thawte.com0
Source: dbeaver.exeString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: dbeaver.exeString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: dbeaver.exeString found in binary or memory: http://sv.symcd.com0&
Source: dbeaver.exeString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: dbeaver.exeString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: dbeaver.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: dbeaver.exeString found in binary or memory: https://d.symcb.com/cps0%
Source: dbeaver.exeString found in binary or memory: https://d.symcb.com/rpa0
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F41BD00_2_00007FF6C6F41BD0
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F366800_2_00007FF6C6F36680
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F34E900_2_00007FF6C6F34E90
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F3D6A80_2_00007FF6C6F3D6A8
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F441580_2_00007FF6C6F44158
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F449580_2_00007FF6C6F44958
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F438700_2_00007FF6C6F43870
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F420700_2_00007FF6C6F42070
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F3DC940_2_00007FF6C6F3DC94
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F415180_2_00007FF6C6F41518
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F4364C0_2_00007FF6C6F4364C
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F38EE40_2_00007FF6C6F38EE4
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F463000_2_00007FF6C6F46300
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F36F300_2_00007FF6C6F36F30
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F3654C0_2_00007FF6C6F3654C
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F4094C0_2_00007FF6C6F4094C
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F44D8C0_2_00007FF6C6F44D8C
Source: dbeaver.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dbeaver.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dbeaver.exe, 00000000.00000002.219120303.0000000000740000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs dbeaver.exe
Source: classification engineClassification label: sus24.evad.winEXE@1/0@0/0
Source: dbeaver.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\dbeaver.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: dbeaver.exeString found in binary or memory: --launcher.library
Source: dbeaver.exeString found in binary or memory: --launcher.suppressErrors
Source: dbeaver.exeString found in binary or memory: --launcher.ini
Source: dbeaver.exeString found in binary or memory: .exe.exe-vmargs-name.--launcher.library--launcher.suppressErrors-protectroot--launcher.inieclipseorg.eclipse.equinox.launcherorg.eclipse.equinox.launcherpluginseclipse.inirt%[^
Source: dbeaver.exeStatic PE information: certificate valid
Source: dbeaver.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: dbeaver.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F3FC90 LoadLibraryA,GetProcAddress,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00007FF6C6F3FC90

Malware Analysis System Evasion:

barindex
Potential time zone aware malwareShow sources
Source: C:\Users\user\Desktop\dbeaver.exeSystem information queried: CurrentTimeZoneInformationJump to behavior
Source: C:\Users\user\Desktop\dbeaver.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-9228
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F35E94 __doserrno,_errno,_errno,__doserrno,FindFirstFileW,_errno,_errno,_errno,_errno,_errno,GetDriveTypeW,free,free,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,0_2_00007FF6C6F35E94
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F32A20 free,malloc,FindFirstFileW,FindNextFileW,free,FindClose,malloc,free,free,0_2_00007FF6C6F32A20
Source: C:\Users\user\Desktop\dbeaver.exeAPI call chain: ExitProcess graph end nodegraph_0-9230
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F383BC RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6C6F383BC
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F3FC90 LoadLibraryA,GetProcAddress,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00007FF6C6F3FC90
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F46474 GetProcessHeap,HeapAlloc,_errno,_errno,__doserrno,_errno,GetProcessHeap,HeapFree,SetEndOfFile,_errno,__doserrno,GetLastError,0_2_00007FF6C6F46474
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F383BC RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6C6F383BC
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F36F18 SetUnhandledExceptionFilter,0_2_00007FF6C6F36F18
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F3FF30 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6C6F3FF30
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F36A00 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6C6F36A00
Source: C:\Users\user\Desktop\dbeaver.exeCode function: _getptd,EnumSystemLocalesA,GetUserDefaultLangID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,_itow_s,0_2_00007FF6C6F3C7EC
Source: C:\Users\user\Desktop\dbeaver.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,0_2_00007FF6C6F3C0A8
Source: C:\Users\user\Desktop\dbeaver.exeCode function: GetLocaleInfoW,0_2_00007FF6C6F400D8
Source: C:\Users\user\Desktop\dbeaver.exeCode function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,GetLocaleInfoA,0_2_00007FF6C6F40134
Source: C:\Users\user\Desktop\dbeaver.exeCode function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,0_2_00007FF6C6F3C348
Source: C:\Users\user\Desktop\dbeaver.exeCode function: EnumSystemLocalesA,0_2_00007FF6C6F3C780
Source: C:\Users\user\Desktop\dbeaver.exeCode function: GetLocaleInfoA,0_2_00007FF6C6F3C294
Source: C:\Users\user\Desktop\dbeaver.exeCode function: GetLocaleInfoA,0_2_00007FF6C6F42AA0
Source: C:\Users\user\Desktop\dbeaver.exeCode function: EnumSystemLocalesA,0_2_00007FF6C6F3C6EC
Source: C:\Users\user\Desktop\dbeaver.exeCode function: _getptd,GetLocaleInfoA,0_2_00007FF6C6F3C1AC
Source: C:\Users\user\Desktop\dbeaver.exeCode function: _getptd,GetLocaleInfoA,0_2_00007FF6C6F3C5DC
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F38070 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00007FF6C6F38070
Source: C:\Users\user\Desktop\dbeaver.exeCode function: 0_2_00007FF6C6F41BD0 _lock,___lc_codepage_func,free,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00007FF6C6F41BD0

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter2Path InterceptionPath InterceptionVirtualization/Sandbox Evasion1OS Credential DumpingSystem Time Discovery12Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsNative API2Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemorySecurity Software Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerVirtualization/Sandbox Evasion1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSFile and Directory Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery12SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
dbeaver.exe0%VirustotalBrowse
dbeaver.exe0%MetadefenderBrowse
dbeaver.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ocsp.thawte.com00%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://crl.thawte.com/ThawteTimestampingCA.crl0dbeaver.exefalse
    		high
    http://ocsp.thawte.com0dbeaver.exefalse
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown

    Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox Version:31.0.0 Emerald
    Analysis ID:347768
    Start date:03.02.2021
    Start time:08:07:25
    Joe Sandbox Product:CloudBasic
    Overall analysis duration:0h 2m 13s
    Hypervisor based Inspection enabled:false
    Report type:full
    Sample file name:dbeaver.exe
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
    Number of analysed new started processes analysed:1
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • HDC enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Detection:SUS
    Classification:sus24.evad.winEXE@1/0@0/0
    EGA Information:
    • Successful, ratio: 100%
    HDC Information:
    • Successful, ratio: 100% (good quality ratio 86.3%)
    • Quality average: 61.9%
    • Quality standard deviation: 33%
    HCA Information:Failed
    Cookbook Comments:
    • Adjust boot time
    • Enable AMSI
    • Found application associated with file extension: .exe
    • Stop behavior analysis, all processes terminated

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASN

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:PE32+ executable (GUI) x86-64, for MS Windows
    Entropy (8bit):4.047360328974477
    TrID:
    • Win64 Executable GUI (202006/5) 92.65%
    • Win64 Executable (generic) (12005/4) 5.51%
    • Generic Win/DOS Executable (2004/3) 0.92%
    • DOS Executable Generic (2002/1) 0.92%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:dbeaver.exe
    File size:421968
    MD5:b56bf7c40d3e84ca5557e6f9f9786cb3
    SHA1:eadaa2cdd7c8dd0f2978a8ea0b2fe45ae9d4dd26
    SHA256:82d314c6d7c17dbbd8ba26241b82402f246da22aaaafc3418d04b6fc30872a10
    SHA512:c2486fdacab42218bfcf66b62f07481f1889efa04c97316dd6b101922fe7905ca5c95ad8a447c109f07e4f30374d3cc1b251f2ffe2e4ef5bf42622ced6fde996
    SSDEEP:3072:rWquWTMBa39BAr9vfzb6ZhPd7z08qdK6D9qQWqXmF:TuWTaanSZzOZhVzWVDSF
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j....|...|...|..0.r..|..0.c.'|......)|...|..E|..0.u..|..0.b./|..0.g./|..Rich.|..........PE..d....J,].........."......l.........

    File Icon

    Icon Hash:e8a6b531258c8cf4

    Static PE Info

    General

    Entrypoint:0x140003a14
    Entrypoint Section:.text
    Digitally signed:true
    Imagebase:0x140000000
    Subsystem:windows gui
    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
    DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
    Time Stamp:0x5D2C4A8F [Mon Jul 15 09:42:39 2019 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:5
    OS Version Minor:2
    File Version Major:5
    File Version Minor:2
    Subsystem Version Major:5
    Subsystem Version Minor:2
    Import Hash:4cb0bcb130e5a05bcf628fec922fe4cf

    Authenticode Signature

    Signature Valid:true
    Signature Issuer:CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
    Signature Validation Error:The operation completed successfully
    Error Number:0
    Not Before, Not After
    • 10/18/2019 5:00:00 PM 10/19/2021 4:59:59 PM
    Subject Chain
    • CN=DBeaver Corp, O=DBeaver Corp, L=New York, S=New York, C=US
    Version:3
    Thumbprint MD5:334A98F5FE4639AFB11AD5EA77FF367E
    Thumbprint SHA-1:B994BB5D145459C197D1F7D34AAB24789FFE2458
    Thumbprint SHA-256:92593F323CBC6DE10A454F2F46248A6BC35C400BB83EDB02427AE73379A1CD4B
    Serial:50D9C98DE6FA143E7D1411BB6E379FC3

    Entrypoint Preview

    Instruction
    dec eax
    sub esp, 28h
    call 00007F0618ADCE78h
    dec eax
    add esp, 28h
    jmp 00007F0618AD867Bh
    int3
    int3
    dec eax
    test ecx, ecx
    je 00007F0618AD8859h
    push ebx
    dec eax
    sub esp, 20h
    dec esp
    mov eax, ecx
    dec eax
    mov ecx, dword ptr [0001A624h]
    xor edx, edx
    call dword ptr [00014654h]
    test eax, eax
    jne 00007F0618AD8839h
    call 00007F0618ADBBECh
    dec eax
    mov ebx, eax
    call dword ptr [0001463Ah]
    mov ecx, eax
    call 00007F0618ADBB94h
    mov dword ptr [ebx], eax
    dec eax
    add esp, 20h
    pop ebx
    ret
    int3
    int3
    int3
    dec eax
    mov dword ptr [esp+08h], ebx
    dec eax
    mov dword ptr [esp+10h], esi
    push edi
    dec eax
    sub esp, 20h
    dec eax
    mov ebx, ecx
    dec eax
    cmp ecx, FFFFFFE0h
    jnbe 00007F0618AD889Eh
    mov edi, 00000001h
    dec eax
    test ecx, ecx
    dec eax
    cmovne edi, ecx
    dec eax
    mov ecx, dword ptr [0001A5CDh]
    dec eax
    test ecx, ecx
    jne 00007F0618AD8842h
    call 00007F0618ADBEE0h
    mov ecx, 0000001Eh
    call 00007F0618ADBCAEh
    mov ecx, 000000FFh
    call 00007F0618AD8900h
    dec eax
    mov ecx, dword ptr [0001A5A8h]
    dec esp
    mov eax, edi
    xor edx, edx
    call dword ptr [000145DDh]
    dec eax
    mov esi, eax
    dec eax
    test eax, eax
    jne 00007F0618AD884Eh
    cmp dword ptr [0001A59Fh], eax
    je 00007F0618AD8830h
    dec eax
    mov ecx, ebx
    call 00007F0618ADCE76h

    Rich Headers

    Programming Language:
    • [ C ] VS2008 build 21022
    • [LNK] VS2008 build 21022
    • [ASM] VS2008 build 21022
    • [IMP] VS2005 build 50727
    • [RES] VS2008 build 21022
    • [C++] VS2008 build 21022

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x1b2f80x50.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x210000x47d90.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x200000xef4.pdata
    IMAGE_DIRECTORY_ENTRY_SECURITY0x65e000x1250.rsrc
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x690000x200.reloc
    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x180000x328.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x16a070x16c00False0.553828983516zlib compressed data6.32672377634IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
    .rdata0x180000x3d8a0x3e00False0.39314516129data5.32901592653IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0x1c0000x3c580x1c00False0.186802455357data2.20987381275IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
    .pdata0x200000xef40x1000False0.479248046875data4.82830588581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .rsrc0x210000x47d900x47e00False0.0541202445652data2.3032042568IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .reloc0x690000x5de0x600False0.261067708333data2.45367038558IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

    Resources

    NameRVASizeTypeLanguageCountry
    RT_ICON0x212100xea8dataEnglishUnited States
    RT_ICON0x220b80x8a8dataEnglishUnited States
    RT_ICON0x229600x568GLS_BINARY_LSB_FIRSTEnglishUnited States
    RT_ICON0x22ec80x25a8dataEnglishUnited States
    RT_ICON0x254700x10a8dataEnglishUnited States
    RT_ICON0x265180x468GLS_BINARY_LSB_FIRSTEnglishUnited States
    RT_ICON0x269800x42028dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 16777215, next used block 16777215EnglishUnited States
    RT_GROUP_ICON0x689a80x68dataEnglishUnited States
    RT_MANIFEST0x68a100x37cXML 1.0 document, ASCII textEnglishUnited States

    Imports

    DLLImport
    KERNEL32.dllWideCharToMultiByte, FindClose, FindNextFileW, FindFirstFileW, LoadLibraryExW, GetModuleHandleW, LoadLibraryW, GetModuleFileNameW, GetProcAddress, CreateFileA, GetProcessHeap, SetEndOfFile, ReadFile, WriteConsoleW, FreeLibrary, MultiByteToWideChar, GetLastError, HeapFree, HeapAlloc, Sleep, ExitProcess, EnterCriticalSection, LeaveCriticalSection, GetFullPathNameW, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeW, HeapReAlloc, SetUnhandledExceptionFilter, WriteFile, GetStdHandle, GetModuleFileNameA, RtlUnwindEx, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, EncodePointer, DecodePointer, FlsGetValue, FlsSetValue, FlsFree, SetLastError, GetCurrentThreadId, FlsAlloc, HeapSetInformation, HeapCreate, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, LoadLibraryA, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, GetStringTypeA, GetStringTypeW, GetCurrentDirectoryA, GetDriveTypeA, LCMapStringW, CloseHandle, HeapSize, GetLocaleInfoW, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, LCMapStringA, GetTimeZoneInformation, SetStdHandle, CreateFileW, CompareStringW, SetEnvironmentVariableA, SetEnvironmentVariableW, WriteConsoleA, GetConsoleOutputCP, CompareStringA
    USER32.dllCreateWindowExW, SetClassLongPtrW, MessageBoxW, LoadIconW
    COMCTL32.dll

    Possible Origin

    Language of compilation systemCountry where language is spokenMap
    EnglishUnited States

    Network Behavior

    No network behavior found

    Code Manipulations

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    System Behavior

    Analysis Process: dbeaver.exe PID: 1064 Parent PID: 5552

    General

    Start time:08:08:15
    Start date:03/02/2021
    Path:C:\Users\user\Desktop\dbeaver.exe
    Wow64 process (32bit):false
    Commandline:'C:\Users\user\Desktop\dbeaver.exe'
    Imagebase:0x7ff6c6f30000
    File size:421968 bytes
    MD5 hash:B56BF7C40D3E84CA5557E6F9F9786CB3
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low

    Chronological Activities

    Disassembly

    Code Analysis

    Reset < >

      Analysis Process: dbeaver.exe PID: 1064 Parent PID: 5552 dbeaver.exeCOMMON

      Execution Graph

      Execution Coverage:11.3%
      Dynamic/Decrypted Code Coverage:0%
      Signature Coverage:12.8%
      Total number of Nodes:541
      Total number of Limit Nodes:50

      Graph

      execution_graph 11360 7ff6c6f3bcb8 11361 7ff6c6f3bccf 11360->11361 11362 7ff6c6f3bcc5 11360->11362 11364 7ff6c6f3bac0 11362->11364 11365 7ff6c6f37e44 _getptd 45 API calls 11364->11365 11366 7ff6c6f3bae4 11365->11366 11388 7ff6c6f3b6fc 11366->11388 11371 7ff6c6f3bc6d 11371->11361 11372 7ff6c6f399f4 _getbuf 45 API calls 11373 7ff6c6f3bb10 __initmbctable 11372->11373 11373->11371 11406 7ff6c6f3b848 11373->11406 11376 7ff6c6f3bb4b 11379 7ff6c6f33a28 free 45 API calls 11376->11379 11382 7ff6c6f3bb70 11376->11382 11377 7ff6c6f3bc6f 11377->11371 11378 7ff6c6f3bc88 11377->11378 11380 7ff6c6f33a28 free 45 API calls 11377->11380 11381 7ff6c6f36e14 _errno 45 API calls 11378->11381 11379->11382 11380->11378 11381->11371 11382->11371 11383 7ff6c6f38370 _lock 45 API calls 11382->11383 11384 7ff6c6f3bba8 11383->11384 11385 7ff6c6f3bc58 11384->11385 11387 7ff6c6f33a28 free 45 API calls 11384->11387 11416 7ff6c6f38270 LeaveCriticalSection 11385->11416 11387->11385 11389 7ff6c6f37e44 _getptd 45 API calls 11388->11389 11390 7ff6c6f3b70b 11389->11390 11391 7ff6c6f3b726 11390->11391 11392 7ff6c6f38370 _lock 45 API calls 11390->11392 11393 7ff6c6f3b7aa 11391->11393 11395 7ff6c6f33b20 _getptd 45 API calls 11391->11395 11397 7ff6c6f3b739 11392->11397 11399 7ff6c6f3b7b8 11393->11399 11395->11393 11396 7ff6c6f3b770 11417 7ff6c6f38270 LeaveCriticalSection 11396->11417 11397->11396 11398 7ff6c6f33a28 free 45 API calls 11397->11398 11398->11396 11400 7ff6c6f35898 __initmbctable 45 API calls 11399->11400 11401 7ff6c6f3b7cc 11400->11401 11402 7ff6c6f3b7d8 GetOEMCP 11401->11402 11403 7ff6c6f3b7fd 11401->11403 11405 7ff6c6f3b7e8 11402->11405 11404 7ff6c6f3b802 GetACP 11403->11404 11403->11405 11404->11405 11405->11371 11405->11372 11407 7ff6c6f3b7b8 __initmbctable 47 API calls 11406->11407 11408 7ff6c6f3b86f 11407->11408 11409 7ff6c6f3b877 __initmbctable 11408->11409 11410 7ff6c6f3b8c8 IsValidCodePage 11408->11410 11415 7ff6c6f3b8ee _isindst 11408->11415 11411 7ff6c6f36a00 write_char 8 API calls 11409->11411 11410->11409 11412 7ff6c6f3b8d9 GetCPInfo 11410->11412 11413 7ff6c6f3baab 11411->11413 11412->11409 11412->11415 11413->11376 11413->11377 11418 7ff6c6f3b518 GetCPInfo 11415->11418 11419 7ff6c6f3b55a _isindst 11418->11419 11420 7ff6c6f3b646 11418->11420 11428 7ff6c6f3ce64 11419->11428 11422 7ff6c6f36a00 write_char 8 API calls 11420->11422 11424 7ff6c6f3b6e6 11422->11424 11424->11409 11425 7ff6c6f41a58 __initmbctable 78 API calls 11426 7ff6c6f3b610 11425->11426 11427 7ff6c6f41a58 __initmbctable 78 API calls 11426->11427 11427->11420 11429 7ff6c6f35898 __initmbctable 45 API calls 11428->11429 11430 7ff6c6f3ce88 11429->11430 11433 7ff6c6f3cbf8 11430->11433 11434 7ff6c6f3cc48 GetStringTypeW 11433->11434 11435 7ff6c6f3cc85 11433->11435 11436 7ff6c6f3cc6a GetLastError 11434->11436 11438 7ff6c6f3cc62 11434->11438 11437 7ff6c6f3cdb4 11435->11437 11435->11438 11436->11435 11441 7ff6c6f42aa0 __initmbctable 61 API calls 11437->11441 11439 7ff6c6f3cdad 11438->11439 11440 7ff6c6f3ccae MultiByteToWideChar 11438->11440 11443 7ff6c6f36a00 write_char 8 API calls 11439->11443 11440->11439 11446 7ff6c6f3ccdc 11440->11446 11442 7ff6c6f3cdde 11441->11442 11442->11439 11445 7ff6c6f3ce0f GetStringTypeA 11442->11445 11447 7ff6c6f42af4 __initmbctable 60 API calls 11442->11447 11444 7ff6c6f3b5dd 11443->11444 11444->11425 11445->11439 11448 7ff6c6f3ce32 11445->11448 11449 7ff6c6f33a68 malloc 45 API calls 11446->11449 11452 7ff6c6f3cd01 _isindst _flush 11446->11452 11451 7ff6c6f3ce04 11447->11451 11453 7ff6c6f33a28 free 45 API calls 11448->11453 11449->11452 11450 7ff6c6f3cd68 MultiByteToWideChar 11454 7ff6c6f3cd8a GetStringTypeW 11450->11454 11455 7ff6c6f3cd9f 11450->11455 11451->11439 11451->11445 11452->11439 11452->11450 11453->11439 11454->11455 11455->11439 11456 7ff6c6f33a28 free 45 API calls 11455->11456 11456->11439 11461 7ff6c6f340bc 11466 7ff6c6f39e5c 11461->11466 11467 7ff6c6f39d68 11466->11467 11468 7ff6c6f38370 _lock 45 API calls 11467->11468 11474 7ff6c6f39d91 11468->11474 11469 7ff6c6f39e2e 11495 7ff6c6f38270 LeaveCriticalSection 11469->11495 11472 7ff6c6f34144 46 API calls 11472->11474 11473 7ff6c6f341cc 2 API calls 11473->11474 11474->11469 11474->11472 11474->11473 11485 7ff6c6f39d20 11474->11485 11486 7ff6c6f39d2e 11485->11486 11487 7ff6c6f39d35 11485->11487 11496 7ff6c6f39d68 11486->11496 11489 7ff6c6f39ca4 _flush 77 API calls 11487->11489 11491 7ff6c6f39d3a 11489->11491 11490 7ff6c6f39d33 11490->11474 11491->11490 11492 7ff6c6f3db38 _flush 45 API calls 11491->11492 11493 7ff6c6f39d52 11492->11493 11505 7ff6c6f411e0 11493->11505 11497 7ff6c6f38370 _lock 45 API calls 11496->11497 11503 7ff6c6f39d91 11497->11503 11498 7ff6c6f39e2e 11531 7ff6c6f38270 LeaveCriticalSection 11498->11531 11501 7ff6c6f34144 46 API calls 11501->11503 11502 7ff6c6f341cc 2 API calls 11502->11503 11503->11498 11503->11501 11503->11502 11504 7ff6c6f39d20 81 API calls 11503->11504 11504->11503 11506 7ff6c6f411f9 11505->11506 11508 7ff6c6f4120c 11505->11508 11507 7ff6c6f36e14 _errno 45 API calls 11506->11507 11510 7ff6c6f411fe 11507->11510 11509 7ff6c6f412c2 11508->11509 11511 7ff6c6f41220 11508->11511 11512 7ff6c6f36e14 _errno 45 API calls 11509->11512 11510->11490 11514 7ff6c6f41246 11511->11514 11515 7ff6c6f4126b 11511->11515 11513 7ff6c6f412c7 11512->11513 11516 7ff6c6f384e4 _wsopen_s 7 API calls 11513->11516 11517 7ff6c6f36e14 _errno 45 API calls 11514->11517 11518 7ff6c6f4315c _flush 46 API calls 11515->11518 11516->11510 11519 7ff6c6f4124b 11517->11519 11520 7ff6c6f41272 11518->11520 11521 7ff6c6f384e4 _wsopen_s 7 API calls 11519->11521 11522 7ff6c6f430d8 _close_nolock 45 API calls 11520->11522 11530 7ff6c6f412a7 11520->11530 11521->11510 11524 7ff6c6f41285 FlushFileBuffers 11522->11524 11523 7ff6c6f36e14 _errno 45 API calls 11525 7ff6c6f412ae 11523->11525 11526 7ff6c6f4129c 11524->11526 11527 7ff6c6f41292 GetLastError 11524->11527 11532 7ff6c6f43204 LeaveCriticalSection 11525->11532 11526->11525 11529 7ff6c6f36e34 __doserrno 45 API calls 11526->11529 11527->11526 11529->11530 11530->11523 11678 7ff6c6f476c6 11681 7ff6c6f38270 LeaveCriticalSection 11678->11681 11713 7ff6c6f36ed4 11714 7ff6c6f36f0d 11713->11714 11715 7ff6c6f36ee3 11713->11715 11715->11714 11717 7ff6c6f387d4 11715->11717 11718 7ff6c6f37e44 _getptd 45 API calls 11717->11718 11719 7ff6c6f387dd 11718->11719 11722 7ff6c6f3ff30 11719->11722 11723 7ff6c6f3ff40 11722->11723 11726 7ff6c6f3ff4a 11722->11726 11724 7ff6c6f36f30 malloc 45 API calls 11723->11724 11724->11726 11725 7ff6c6f3ff5e 11728 7ff6c6f3ff67 RtlCaptureContext 11725->11728 11729 7ff6c6f3ffc6 11725->11729 11726->11725 11732 7ff6c6f38840 11726->11732 11730 7ff6c6f36cb0 _isindst 11728->11730 11731 7ff6c6f3ff87 SetUnhandledExceptionFilter UnhandledExceptionFilter 11730->11731 11731->11729 11733 7ff6c6f3886c 11732->11733 11734 7ff6c6f388c6 DecodePointer 11732->11734 11733->11734 11735 7ff6c6f38917 11733->11735 11738 7ff6c6f38890 11733->11738 11739 7ff6c6f3891c 11734->11739 11737 7ff6c6f37dc0 _errno 45 API calls 11735->11737 11737->11739 11738->11734 11741 7ff6c6f3889f 11738->11741 11740 7ff6c6f38370 _lock 45 API calls 11739->11740 11742 7ff6c6f389bb 11739->11742 11749 7ff6c6f388be 11739->11749 11740->11742 11743 7ff6c6f36e14 _errno 45 API calls 11741->11743 11747 7ff6c6f38a0d 11742->11747 11750 7ff6c6f37cd0 EncodePointer 11742->11750 11744 7ff6c6f388a4 11743->11744 11746 7ff6c6f384e4 _wsopen_s 7 API calls 11744->11746 11746->11749 11747->11749 11751 7ff6c6f38270 LeaveCriticalSection 11747->11751 11749->11725 9045 7ff6c6f33cdc 9063 7ff6c6f38370 9045->9063 9064 7ff6c6f3839f EnterCriticalSection 9063->9064 9065 7ff6c6f3838e 9063->9065 9069 7ff6c6f38288 9065->9069 9070 7ff6c6f382c6 9069->9070 9071 7ff6c6f382af 9069->9071 9072 7ff6c6f382db 9070->9072 9148 7ff6c6f399f4 9070->9148 9100 7ff6c6f37158 9071->9100 9072->9064 9095 7ff6c6f33b20 9072->9095 9078 7ff6c6f382f1 9153 7ff6c6f36e14 9078->9153 9079 7ff6c6f38300 9082 7ff6c6f38370 _lock 44 API calls 9079->9082 9084 7ff6c6f3830a 9082->9084 9085 7ff6c6f38313 9084->9085 9086 7ff6c6f38342 9084->9086 9156 7ff6c6f38c90 InitializeCriticalSectionAndSpinCount 9085->9156 9087 7ff6c6f33a28 free 44 API calls 9086->9087 9094 7ff6c6f38331 LeaveCriticalSection 9087->9094 9092 7ff6c6f3832c 9093 7ff6c6f36e14 _errno 44 API calls 9092->9093 9093->9094 9094->9072 9096 7ff6c6f37158 _FF_MSGBANNER 44 API calls 9095->9096 9097 7ff6c6f33b2d 9096->9097 9098 7ff6c6f36f30 malloc 44 API calls 9097->9098 9099 7ff6c6f33b34 DecodePointer 9098->9099 9164 7ff6c6f3fe84 9100->9164 9103 7ff6c6f3fe84 _FF_MSGBANNER 45 API calls 9105 7ff6c6f37175 9103->9105 9104 7ff6c6f36f30 malloc 45 API calls 9106 7ff6c6f3718c 9104->9106 9105->9104 9107 7ff6c6f37196 9105->9107 9108 7ff6c6f36f30 malloc 45 API calls 9106->9108 9109 7ff6c6f36f30 9107->9109 9108->9107 9110 7ff6c6f36f53 9109->9110 9111 7ff6c6f3713f 9110->9111 9112 7ff6c6f3fe84 _FF_MSGBANNER 42 API calls 9110->9112 9145 7ff6c6f33b8c 9111->9145 9113 7ff6c6f36f75 9112->9113 9114 7ff6c6f370fa GetStdHandle 9113->9114 9116 7ff6c6f3fe84 _FF_MSGBANNER 42 API calls 9113->9116 9114->9111 9115 7ff6c6f3710d 9114->9115 9115->9111 9119 7ff6c6f37113 __wtomb_environ 9115->9119 9117 7ff6c6f36f88 9116->9117 9117->9114 9118 7ff6c6f36f99 9117->9118 9118->9111 9120 7ff6c6f36fa5 9118->9120 9121 7ff6c6f37123 WriteFile 9119->9121 9183 7ff6c6f3bed8 9120->9183 9121->9111 9124 7ff6c6f36fdd GetModuleFileNameA 9126 7ff6c6f36ffd 9124->9126 9130 7ff6c6f3702e __wtomb_environ 9124->9130 9125 7ff6c6f383bc _isindst 6 API calls 9125->9124 9127 7ff6c6f3bed8 __wtomb_environ 42 API calls 9126->9127 9128 7ff6c6f37015 9127->9128 9128->9130 9132 7ff6c6f383bc _isindst 6 API calls 9128->9132 9129 7ff6c6f37089 9201 7ff6c6f3bce0 9129->9201 9130->9129 9192 7ff6c6f3be00 9130->9192 9132->9130 9135 7ff6c6f370b4 9138 7ff6c6f3bce0 malloc 42 API calls 9135->9138 9137 7ff6c6f383bc _isindst 6 API calls 9137->9135 9139 7ff6c6f370ca 9138->9139 9141 7ff6c6f370e3 9139->9141 9142 7ff6c6f383bc _isindst 6 API calls 9139->9142 9140 7ff6c6f383bc _isindst 6 API calls 9140->9129 9210 7ff6c6f3fc90 9141->9210 9142->9141 9228 7ff6c6f33b50 GetModuleHandleW 9145->9228 9150 7ff6c6f39a10 9148->9150 9151 7ff6c6f382e9 9150->9151 9152 7ff6c6f39a28 Sleep 9150->9152 9232 7ff6c6f33a68 9150->9232 9151->9078 9151->9079 9152->9150 9152->9151 9245 7ff6c6f37dc0 GetLastError FlsGetValue 9153->9245 9155 7ff6c6f36e1d 9155->9072 9157 7ff6c6f38320 9156->9157 9157->9094 9158 7ff6c6f33a28 9157->9158 9159 7ff6c6f33a2d HeapFree 9158->9159 9160 7ff6c6f33a5d free 9158->9160 9159->9160 9161 7ff6c6f33a48 9159->9161 9160->9092 9162 7ff6c6f36e14 _errno 43 API calls 9161->9162 9163 7ff6c6f33a4d GetLastError 9162->9163 9163->9160 9165 7ff6c6f3fe8c 9164->9165 9166 7ff6c6f36e14 _errno 45 API calls 9165->9166 9169 7ff6c6f37166 9165->9169 9167 7ff6c6f3feb1 9166->9167 9170 7ff6c6f384e4 DecodePointer 9167->9170 9169->9103 9169->9105 9171 7ff6c6f38515 9170->9171 9172 7ff6c6f3852f _isindst 9170->9172 9171->9169 9174 7ff6c6f383bc 9172->9174 9181 7ff6c6f36cb0 9174->9181 9177 7ff6c6f38479 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9178 7ff6c6f384b8 _isindst 9177->9178 9179 7ff6c6f384c4 GetCurrentProcess TerminateProcess 9177->9179 9178->9179 9179->9171 9180 7ff6c6f38419 9180->9177 9182 7ff6c6f36cb9 RtlCaptureContext 9181->9182 9182->9180 9184 7ff6c6f3beed 9183->9184 9185 7ff6c6f3bee3 9183->9185 9186 7ff6c6f36e14 _errno 45 API calls 9184->9186 9185->9184 9189 7ff6c6f3bf19 9185->9189 9187 7ff6c6f3bef5 9186->9187 9188 7ff6c6f384e4 _wsopen_s 7 API calls 9187->9188 9190 7ff6c6f36fc4 9188->9190 9189->9190 9191 7ff6c6f36e14 _errno 45 API calls 9189->9191 9190->9124 9190->9125 9191->9187 9196 7ff6c6f3be0e 9192->9196 9193 7ff6c6f3be13 9194 7ff6c6f37070 9193->9194 9195 7ff6c6f36e14 _errno 45 API calls 9193->9195 9194->9129 9194->9140 9197 7ff6c6f3be3d 9195->9197 9196->9193 9196->9194 9199 7ff6c6f3be61 9196->9199 9198 7ff6c6f384e4 _wsopen_s 7 API calls 9197->9198 9198->9194 9199->9194 9200 7ff6c6f36e14 _errno 45 API calls 9199->9200 9200->9197 9202 7ff6c6f3bcee 9201->9202 9204 7ff6c6f3bcf8 9201->9204 9202->9204 9207 7ff6c6f3bd3c 9202->9207 9203 7ff6c6f36e14 _errno 45 API calls 9205 7ff6c6f3bd00 9203->9205 9204->9203 9206 7ff6c6f384e4 _wsopen_s 7 API calls 9205->9206 9208 7ff6c6f3709b 9206->9208 9207->9208 9209 7ff6c6f36e14 _errno 45 API calls 9207->9209 9208->9135 9208->9137 9209->9205 9227 7ff6c6f37cd0 EncodePointer 9210->9227 9229 7ff6c6f33b6a GetProcAddress 9228->9229 9230 7ff6c6f33b83 ExitProcess 9228->9230 9229->9230 9231 7ff6c6f33b7f 9229->9231 9231->9230 9234 7ff6c6f33afc malloc 9232->9234 9242 7ff6c6f33a80 malloc 9232->9242 9233 7ff6c6f33ab8 RtlAllocateHeap 9237 7ff6c6f33af1 9233->9237 9233->9242 9236 7ff6c6f36e14 _errno 44 API calls 9234->9236 9235 7ff6c6f37158 _FF_MSGBANNER 44 API calls 9235->9242 9236->9237 9237->9150 9238 7ff6c6f33ae1 9239 7ff6c6f36e14 _errno 44 API calls 9238->9239 9241 7ff6c6f33ae6 9239->9241 9240 7ff6c6f36f30 malloc 44 API calls 9240->9242 9244 7ff6c6f36e14 _errno 44 API calls 9241->9244 9242->9233 9242->9235 9242->9238 9242->9240 9242->9241 9243 7ff6c6f33b8c malloc 3 API calls 9242->9243 9243->9242 9244->9237 9246 7ff6c6f37de6 9245->9246 9247 7ff6c6f37e2e SetLastError 9245->9247 9257 7ff6c6f39a60 9246->9257 9247->9155 9250 7ff6c6f37dfb FlsSetValue 9251 7ff6c6f37e27 9250->9251 9252 7ff6c6f37e11 9250->9252 9254 7ff6c6f33a28 free 40 API calls 9251->9254 9262 7ff6c6f37d0c 9252->9262 9256 7ff6c6f37e2c 9254->9256 9256->9247 9258 7ff6c6f39a85 9257->9258 9260 7ff6c6f37df3 9258->9260 9261 7ff6c6f39aa3 Sleep 9258->9261 9271 7ff6c6f40800 9258->9271 9260->9247 9260->9250 9261->9258 9261->9260 9263 7ff6c6f38370 _lock 45 API calls 9262->9263 9264 7ff6c6f37d61 9263->9264 9280 7ff6c6f38270 LeaveCriticalSection 9264->9280 9272 7ff6c6f40847 malloc 9271->9272 9273 7ff6c6f40815 9271->9273 9275 7ff6c6f4085f RtlAllocateHeap 9272->9275 9278 7ff6c6f40843 9272->9278 9273->9272 9274 7ff6c6f40823 9273->9274 9276 7ff6c6f36e14 _errno 44 API calls 9274->9276 9275->9272 9275->9278 9277 7ff6c6f40828 9276->9277 9279 7ff6c6f384e4 _wsopen_s 7 API calls 9277->9279 9278->9258 9279->9278 11877 7ff6c6f37e68 11878 7ff6c6f37e71 11877->11878 11906 7ff6c6f37f92 11877->11906 11879 7ff6c6f33a28 free 45 API calls 11878->11879 11880 7ff6c6f37e8c 11878->11880 11879->11880 11881 7ff6c6f33a28 free 45 API calls 11880->11881 11883 7ff6c6f37e9a 11880->11883 11881->11883 11882 7ff6c6f37ea8 11885 7ff6c6f37eb6 11882->11885 11886 7ff6c6f33a28 free 45 API calls 11882->11886 11883->11882 11884 7ff6c6f33a28 free 45 API calls 11883->11884 11884->11882 11887 7ff6c6f37ec4 11885->11887 11888 7ff6c6f33a28 free 45 API calls 11885->11888 11886->11885 11889 7ff6c6f37ed2 11887->11889 11890 7ff6c6f33a28 free 45 API calls 11887->11890 11888->11887 11891 7ff6c6f37ee3 11889->11891 11892 7ff6c6f33a28 free 45 API calls 11889->11892 11890->11889 11893 7ff6c6f37efb 11891->11893 11894 7ff6c6f33a28 free 45 API calls 11891->11894 11892->11891 11895 7ff6c6f38370 _lock 45 API calls 11893->11895 11894->11893 11899 7ff6c6f37f05 11895->11899 11896 7ff6c6f37f33 11909 7ff6c6f38270 LeaveCriticalSection 11896->11909 11899->11896 11901 7ff6c6f33a28 free 45 API calls 11899->11901 11901->11896 9281 7ff6c6f3387c 9282 7ff6c6f33894 9281->9282 9319 7ff6c6f38024 HeapCreate 9282->9319 9285 7ff6c6f33922 9322 7ff6c6f37fa0 9285->9322 9286 7ff6c6f3390e 9289 7ff6c6f36f30 malloc 45 API calls 9286->9289 9288 7ff6c6f37158 _FF_MSGBANNER 45 API calls 9288->9286 9291 7ff6c6f33918 9289->9291 9293 7ff6c6f33b8c malloc 3 API calls 9291->9293 9293->9285 9320 7ff6c6f38048 HeapSetInformation 9319->9320 9321 7ff6c6f338fc 9319->9321 9320->9321 9321->9285 9321->9286 9321->9288 9385 7ff6c6f33ea0 9322->9385 9402 7ff6c6f37cd0 EncodePointer 9385->9402 11102 7ff6c6f36680 11103 7ff6c6f366d8 11102->11103 11104 7ff6c6f366b2 11102->11104 11106 7ff6c6f366e6 11103->11106 11107 7ff6c6f3670c 11103->11107 11105 7ff6c6f36e14 _errno 45 API calls 11104->11105 11111 7ff6c6f366b7 11105->11111 11108 7ff6c6f36e14 _errno 45 API calls 11106->11108 11109 7ff6c6f3671b 11107->11109 11110 7ff6c6f3673e 11107->11110 11112 7ff6c6f366eb 11108->11112 11113 7ff6c6f36e14 _errno 45 API calls 11109->11113 11130 7ff6c6f3f4f0 11110->11130 11115 7ff6c6f384e4 _wsopen_s 7 API calls 11111->11115 11116 7ff6c6f384e4 _wsopen_s 7 API calls 11112->11116 11117 7ff6c6f36720 11113->11117 11127 7ff6c6f366d1 11115->11127 11116->11127 11119 7ff6c6f384e4 _wsopen_s 7 API calls 11117->11119 11119->11127 11131 7ff6c6f38370 _lock 45 API calls 11130->11131 11132 7ff6c6f3f509 11131->11132 11133 7ff6c6f3f598 11132->11133 11139 7ff6c6f38288 _lock 45 API calls 11132->11139 11144 7ff6c6f3f585 11132->11144 11163 7ff6c6f34144 11132->11163 11168 7ff6c6f341cc 11132->11168 11134 7ff6c6f399f4 _getbuf 45 API calls 11133->11134 11136 7ff6c6f3f5a5 11134->11136 11138 7ff6c6f38c90 _lock InitializeCriticalSectionAndSpinCount 11136->11138 11136->11144 11141 7ff6c6f3f5d0 11138->11141 11139->11132 11142 7ff6c6f3f5d4 11141->11142 11143 7ff6c6f3f5f2 EnterCriticalSection 11141->11143 11145 7ff6c6f33a28 free 45 API calls 11142->11145 11143->11144 11162 7ff6c6f38270 LeaveCriticalSection 11144->11162 11145->11144 11164 7ff6c6f34161 EnterCriticalSection 11163->11164 11165 7ff6c6f34152 11163->11165 11167 7ff6c6f3415a 11164->11167 11166 7ff6c6f38370 _lock 45 API calls 11165->11166 11166->11167 11167->11132 11169 7ff6c6f341e4 LeaveCriticalSection 11168->11169 11170 7ff6c6f341d5 11168->11170 11172 7ff6c6f341e2 11169->11172 11173 7ff6c6f38270 LeaveCriticalSection 11170->11173 11172->11132 12005 7ff6c6f32686 12006 7ff6c6f3292d 12005->12006 12007 7ff6c6f35e94 _free_nolock 111 API calls 12006->12007 12009 7ff6c6f3293c _free_nolock 12007->12009 12008 7ff6c6f32980 _free_nolock 12010 7ff6c6f35e94 _free_nolock 111 API calls 12008->12010 12009->12008 12012 7ff6c6f35a58 _free_nolock 47 API calls 12009->12012 12011 7ff6c6f329a4 12010->12011 12013 7ff6c6f329b6 12011->12013 12015 7ff6c6f329d0 _free_nolock 12011->12015 12012->12008 12014 7ff6c6f33a28 free 45 API calls 12013->12014 12017 7ff6c6f329c0 12014->12017 12016 7ff6c6f33a28 free 45 API calls 12015->12016 12015->12017 12016->12017 12018 7ff6c6f4768c 12019 7ff6c6f476a8 12018->12019 12020 7ff6c6f4769e 12018->12020 12022 7ff6c6f38270 LeaveCriticalSection 12020->12022 10971 7ff6c6f4682c 10972 7ff6c6f35898 __initmbctable 45 API calls 10971->10972 10975 7ff6c6f46858 10972->10975 10973 7ff6c6f4687b 10974 7ff6c6f36e14 _errno 45 API calls 10973->10974 10976 7ff6c6f46880 10974->10976 10975->10973 10977 7ff6c6f468c3 10975->10977 10983 7ff6c6f4685d 10975->10983 10978 7ff6c6f384e4 _wsopen_s 7 API calls 10976->10978 10979 7ff6c6f468e1 10977->10979 10980 7ff6c6f468ce 10977->10980 10978->10983 10999 7ff6c6f46f14 10979->10999 10984 7ff6c6f46fa0 10980->10984 10985 7ff6c6f35898 __initmbctable 45 API calls 10984->10985 10988 7ff6c6f46fc5 10985->10988 10986 7ff6c6f46fca 10986->10983 10987 7ff6c6f46fe8 10989 7ff6c6f36e14 _errno 45 API calls 10987->10989 10988->10986 10988->10987 10991 7ff6c6f47033 10988->10991 10990 7ff6c6f46fed 10989->10990 10992 7ff6c6f384e4 _wsopen_s 7 API calls 10990->10992 10993 7ff6c6f4703f 10991->10993 10994 7ff6c6f47054 10991->10994 10992->10986 11004 7ff6c6f42804 10993->11004 10996 7ff6c6f46f14 76 API calls 10994->10996 10997 7ff6c6f4707b 10996->10997 10997->10986 10998 7ff6c6f36e14 _errno 45 API calls 10997->10998 10998->10986 11000 7ff6c6f35898 __initmbctable 45 API calls 10999->11000 11001 7ff6c6f46f38 11000->11001 11015 7ff6c6f46a38 11001->11015 11005 7ff6c6f4282a 11004->11005 11014 7ff6c6f4285b 11004->11014 11006 7ff6c6f35898 __initmbctable 45 API calls 11005->11006 11007 7ff6c6f42836 11006->11007 11008 7ff6c6f4283b 11007->11008 11011 7ff6c6f42886 11007->11011 11009 7ff6c6f36e14 _errno 45 API calls 11008->11009 11010 7ff6c6f42840 11009->11010 11012 7ff6c6f384e4 _wsopen_s 7 API calls 11010->11012 11013 7ff6c6f4575c 78 API calls __create_locale 11011->11013 11011->11014 11012->11014 11013->11011 11014->10986 11016 7ff6c6f46a8d CompareStringW 11015->11016 11019 7ff6c6f46aaf 11015->11019 11017 7ff6c6f46ab9 GetLastError 11016->11017 11016->11019 11017->11019 11018 7ff6c6f36a00 write_char 8 API calls 11021 7ff6c6f46f01 11018->11021 11020 7ff6c6f46e0d 11019->11020 11024 7ff6c6f46b66 11019->11024 11042 7ff6c6f46b49 11019->11042 11055 7ff6c6f42aa0 GetLocaleInfoA 11020->11055 11021->10983 11025 7ff6c6f46c37 MultiByteToWideChar 11024->11025 11027 7ff6c6f46bb5 GetCPInfo 11024->11027 11024->11042 11035 7ff6c6f46c5d 11025->11035 11025->11042 11026 7ff6c6f46eab CompareStringA 11031 7ff6c6f46ee3 11026->11031 11026->11042 11030 7ff6c6f46bc6 11027->11030 11027->11042 11030->11025 11030->11042 11033 7ff6c6f33a28 free 45 API calls 11031->11033 11037 7ff6c6f46eeb 11033->11037 11034 7ff6c6f46cd9 MultiByteToWideChar 11038 7ff6c6f46d01 MultiByteToWideChar 11034->11038 11039 7ff6c6f46df5 11034->11039 11036 7ff6c6f33a68 malloc 45 API calls 11035->11036 11046 7ff6c6f46c86 _flush 11035->11046 11036->11046 11043 7ff6c6f33a28 free 45 API calls 11037->11043 11038->11039 11049 7ff6c6f46d2e 11038->11049 11039->11042 11044 7ff6c6f33a28 free 45 API calls 11039->11044 11040 7ff6c6f42af4 __initmbctable 60 API calls 11041 7ff6c6f46e96 11040->11041 11041->11026 11045 7ff6c6f46e9e 11041->11045 11042->11018 11043->11042 11044->11042 11047 7ff6c6f33a28 free 45 API calls 11045->11047 11046->11034 11046->11042 11047->11042 11048 7ff6c6f46d9f MultiByteToWideChar 11051 7ff6c6f46dc6 CompareStringW 11048->11051 11052 7ff6c6f46de4 11048->11052 11050 7ff6c6f33a68 malloc 45 API calls 11049->11050 11053 7ff6c6f46d4d _flush 11049->11053 11050->11053 11051->11052 11052->11039 11054 7ff6c6f33a28 free 45 API calls 11052->11054 11053->11039 11053->11048 11054->11039 11056 7ff6c6f42ad7 11055->11056 11057 7ff6c6f42ad2 11055->11057 11086 7ff6c6f427b0 11056->11086 11059 7ff6c6f36a00 write_char 8 API calls 11057->11059 11060 7ff6c6f42aee 11059->11060 11060->11026 11060->11042 11061 7ff6c6f42af4 11060->11061 11062 7ff6c6f42c1e 11061->11062 11063 7ff6c6f42b46 GetCPInfo 11061->11063 11066 7ff6c6f36a00 write_char 8 API calls 11062->11066 11064 7ff6c6f42b58 11063->11064 11065 7ff6c6f42bf7 MultiByteToWideChar 11063->11065 11064->11065 11067 7ff6c6f42b62 GetCPInfo 11064->11067 11065->11062 11069 7ff6c6f42b7d __wtomb_environ 11065->11069 11070 7ff6c6f42d68 11066->11070 11067->11065 11068 7ff6c6f42b77 11067->11068 11068->11065 11068->11069 11071 7ff6c6f33a68 malloc 45 API calls 11069->11071 11073 7ff6c6f42bb9 _isindst _flush 11069->11073 11070->11040 11070->11042 11071->11073 11072 7ff6c6f42c55 MultiByteToWideChar 11074 7ff6c6f42cb7 11072->11074 11075 7ff6c6f42c7f 11072->11075 11073->11062 11073->11072 11074->11062 11078 7ff6c6f33a28 free 45 API calls 11074->11078 11076 7ff6c6f42cbf 11075->11076 11077 7ff6c6f42c84 WideCharToMultiByte 11075->11077 11079 7ff6c6f42cf1 11076->11079 11080 7ff6c6f42cc5 WideCharToMultiByte 11076->11080 11077->11074 11078->11062 11081 7ff6c6f39a60 __mbtow_environ 45 API calls 11079->11081 11080->11074 11080->11079 11082 7ff6c6f42cfe 11081->11082 11082->11074 11083 7ff6c6f42d06 WideCharToMultiByte 11082->11083 11083->11074 11084 7ff6c6f42d2f 11083->11084 11085 7ff6c6f33a28 free 45 API calls 11084->11085 11085->11074 11087 7ff6c6f45b50 11086->11087 11090 7ff6c6f458cc 11087->11090 11091 7ff6c6f35898 __initmbctable 45 API calls 11090->11091 11093 7ff6c6f458fe 11091->11093 11092 7ff6c6f4590c 11094 7ff6c6f36e14 _errno 45 API calls 11092->11094 11093->11092 11098 7ff6c6f45947 11093->11098 11095 7ff6c6f45911 11094->11095 11096 7ff6c6f384e4 _wsopen_s 7 API calls 11095->11096 11101 7ff6c6f4592c 11096->11101 11097 7ff6c6f45308 __tzset 67 API calls 11097->11098 11098->11097 11099 7ff6c6f45997 11098->11099 11100 7ff6c6f36e14 _errno 45 API calls 11099->11100 11099->11101 11100->11101 11101->11057

      Executed Functions

      Function 00007FF6C6F35E94, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 247COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 0 7ff6c6f35e94-7ff6c6f35ec9 1 7ff6c6f35ef7-7ff6c6f35efa 0->1 2 7ff6c6f35ecb-7ff6c6f35ef2 call 7ff6c6f36e34 call 7ff6c6f36e14 call 7ff6c6f384e4 0->2 1->2 3 7ff6c6f35efc-7ff6c6f35f0b call 7ff6c6f36e9c 1->3 21 7ff6c6f36262 2->21 9 7ff6c6f35f0d-7ff6c6f35f20 call 7ff6c6f36e14 call 7ff6c6f36e34 3->9 10 7ff6c6f35f25-7ff6c6f35f2a 3->10 9->21 14 7ff6c6f35f2c-7ff6c6f35f33 10->14 15 7ff6c6f35f4b-7ff6c6f35f50 call 7ff6c6f3d158 10->15 19 7ff6c6f35f3c-7ff6c6f35f49 call 7ff6c6f3d150 14->19 20 7ff6c6f35f35-7ff6c6f35f3a 14->20 26 7ff6c6f35f53-7ff6c6f35f6e FindFirstFileW 15->26 19->26 20->9 20->19 27 7ff6c6f36265-7ff6c6f3628f call 7ff6c6f36a00 21->27 29 7ff6c6f35f74-7ff6c6f35f89 call 7ff6c6f36e9c 26->29 30 7ff6c6f36092-7ff6c6f36097 26->30 29->9 42 7ff6c6f35f8b-7ff6c6f35fb7 call 7ff6c6f36e14 * 2 call 7ff6c6f3d468 29->42 34 7ff6c6f36099-7ff6c6f3609e 30->34 35 7ff6c6f360a6-7ff6c6f360b9 FileTimeToLocalFileTime 30->35 34->35 39 7ff6c6f360a0-7ff6c6f360a4 34->39 36 7ff6c6f3624c-7ff6c6f3625c GetLastError call 7ff6c6f36e54 FindClose 35->36 37 7ff6c6f360bf-7ff6c6f360d2 FileTimeToSystemTime 35->37 36->21 37->36 40 7ff6c6f360d8-7ff6c6f36107 call 7ff6c6f3d6a8 37->40 43 7ff6c6f36110-7ff6c6f36115 39->43 49 7ff6c6f3610c 40->49 68 7ff6c6f35fb9-7ff6c6f35fc1 call 7ff6c6f36e14 42->68 69 7ff6c6f35fc3-7ff6c6f35fcb call 7ff6c6f36e14 42->69 45 7ff6c6f36117-7ff6c6f3611c 43->45 46 7ff6c6f36124-7ff6c6f36137 FileTimeToLocalFileTime 43->46 45->46 50 7ff6c6f3611e-7ff6c6f36122 45->50 46->36 51 7ff6c6f3613d-7ff6c6f36150 FileTimeToSystemTime 46->51 49->43 53 7ff6c6f3618a-7ff6c6f36193 50->53 51->36 54 7ff6c6f36156-7ff6c6f36185 call 7ff6c6f3d6a8 51->54 57 7ff6c6f36195-7ff6c6f3619a 53->57 58 7ff6c6f361a2-7ff6c6f361b5 FileTimeToLocalFileTime 53->58 54->53 57->58 60 7ff6c6f3619c-7ff6c6f361a0 57->60 58->36 62 7ff6c6f361bb-7ff6c6f361ce FileTimeToSystemTime 58->62 64 7ff6c6f36204-7ff6c6f3620b FindClose 60->64 62->36 63 7ff6c6f361d0-7ff6c6f361ff call 7ff6c6f3d6a8 62->63 63->64 67 7ff6c6f36211-7ff6c6f3624a call 7ff6c6f3d5b0 64->67 67->27 76 7ff6c6f35fec-7ff6c6f35fef 68->76 69->9 77 7ff6c6f35fd1-7ff6c6f35fe9 call 7ff6c6f36e14 call 7ff6c6f3d468 69->77 79 7ff6c6f3607c-7ff6c6f3607f 76->79 80 7ff6c6f35ff5-7ff6c6f36001 call 7ff6c6f342b8 76->80 77->76 79->9 82 7ff6c6f36085-7ff6c6f3608d call 7ff6c6f33a28 79->82 89 7ff6c6f36010-7ff6c6f3601c GetDriveTypeW 80->89 90 7ff6c6f36003-7ff6c6f3600e call 7ff6c6f35dd8 80->90 82->9 89->79 91 7ff6c6f3601e-7ff6c6f36021 89->91 90->79 90->89 94 7ff6c6f3602b-7ff6c6f36077 call 7ff6c6f3d6a8 91->94 95 7ff6c6f36023-7ff6c6f36026 call 7ff6c6f33a28 91->95 94->67 95->94
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: __doserrno_errno$DecodePointer
      • String ID: ./\
      • API String ID: 3911551546-3176372042
      • Opcode ID: 39f36bb0085d1c377e5a917e7848e06c4ec50267ee93517a53bc2af592be334a
      • Instruction ID: d0996a8f5e12cb03c950af2817435859fc1a01bb42ccf57638a2655acf0d36c8
      • Opcode Fuzzy Hash: 39f36bb0085d1c377e5a917e7848e06c4ec50267ee93517a53bc2af592be334a
      • Instruction Fuzzy Hash: DFB1C97290C24A86EB629F24E50017E77A2FB81B62F104131E6ED93AD5DF7ED450CB1A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F44158, Relevance: 36.5, APIs: 24, Instructions: 546fileCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$ErrorFileLast$CloseCreateHandle__doserrno_lseek_nolock$_close_nolock$Type
      • String ID:
      • API String ID: 3224512341-0
      • Opcode ID: cce571e701cf62988453a4a2073631fe82f1a1a7546ec7af1203d218e6340c6f
      • Instruction ID: 6404c4c8917b3f082ad041d9bbeb6117ae2b193509ddf7aabfe2d44c60e3d405
      • Opcode Fuzzy Hash: cce571e701cf62988453a4a2073631fe82f1a1a7546ec7af1203d218e6340c6f
      • Instruction Fuzzy Hash: A9321522A0C64A41FB668F28D64037D6652EF81766F104235DAFDD7FD5CEBEE8408B09
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F32A20, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 151fileCOMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$Find_errnomalloc$File$AllocateCloseFirstHeapNextcalloc
      • String ID: %s%c%s_*
      • API String ID: 3240083902-2802115005
      • Opcode ID: 7fedb0e86948e4cf237fd708d4eee5b649b4452f9b31897c3324b5c43c20307d
      • Instruction ID: a94205bec05f788f9e5c71f44000ce77c47018f5f208e382788463fac3075adb
      • Opcode Fuzzy Hash: 7fedb0e86948e4cf237fd708d4eee5b649b4452f9b31897c3324b5c43c20307d
      • Instruction Fuzzy Hash: A8812B2260DAC981EA71DF15E4943BEA366FBC4781F404132DADDC3BAADF2DD5418B04
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F41BD0, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 301COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 877 7ff6c6f41bd0-7ff6c6f41c19 call 7ff6c6f38370 call 7ff6c6f41bc8 call 7ff6c6f41b70 884 7ff6c6f41c1b-7ff6c6f41c2a call 7ff6c6f383bc 877->884 885 7ff6c6f41c2f-7ff6c6f41c3f call 7ff6c6f41af0 877->885 884->885 889 7ff6c6f41c41-7ff6c6f41c50 call 7ff6c6f383bc 885->889 890 7ff6c6f41c55-7ff6c6f41c65 call 7ff6c6f41b30 885->890 889->890 894 7ff6c6f41c67-7ff6c6f41c76 call 7ff6c6f383bc 890->894 895 7ff6c6f41c7b-7ff6c6f41cb2 call 7ff6c6f3b44c call 7ff6c6f456b8 890->895 894->895 901 7ff6c6f41cb8-7ff6c6f41cbb 895->901 902 7ff6c6f41d5b-7ff6c6f41d65 895->902 901->902 905 7ff6c6f41cc1-7ff6c6f41ccb 901->905 903 7ff6c6f41d67-7ff6c6f41d6c call 7ff6c6f33a28 902->903 904 7ff6c6f41d73-7ff6c6f41d83 GetTimeZoneInformation 902->904 903->904 907 7ff6c6f41d89-7ff6c6f41dab 904->907 908 7ff6c6f41eb5 904->908 909 7ff6c6f41ced-7ff6c6f41cf0 905->909 910 7ff6c6f41ccd-7ff6c6f41cdb call 7ff6c6f3bf60 905->910 915 7ff6c6f41dad-7ff6c6f41dc1 907->915 916 7ff6c6f41dc3 907->916 914 7ff6c6f41eba-7ff6c6f41ef1 call 7ff6c6f41bc0 call 7ff6c6f41bb0 call 7ff6c6f41bb8 call 7ff6c6f38270 908->914 911 7ff6c6f41cf7-7ff6c6f41d12 call 7ff6c6f3ca70 call 7ff6c6f399f4 909->911 912 7ff6c6f41cf2 call 7ff6c6f33a28 909->912 927 7ff6c6f41ce6 910->927 928 7ff6c6f41cdd-7ff6c6f41ce1 910->928 939 7ff6c6f41d1e-7ff6c6f41d3c call 7ff6c6f3ca70 call 7ff6c6f3bed8 911->939 940 7ff6c6f41d14-7ff6c6f41d19 911->940 912->911 951 7ff6c6f41ef7-7ff6c6f41f13 call 7ff6c6f3be00 914->951 952 7ff6c6f4205e-7ff6c6f4206d 914->952 921 7ff6c6f41dc9-7ff6c6f41dd1 915->921 916->921 925 7ff6c6f41df7-7ff6c6f41dff 921->925 926 7ff6c6f41dd3-7ff6c6f41ddc 921->926 932 7ff6c6f41e07-7ff6c6f41e42 WideCharToMultiByte 925->932 926->925 931 7ff6c6f41dde-7ff6c6f41df5 926->931 927->909 928->914 931->932 935 7ff6c6f41e58-7ff6c6f41e5c 932->935 936 7ff6c6f41e44-7ff6c6f41e4c 932->936 938 7ff6c6f41e5f-7ff6c6f41e96 WideCharToMultiByte 935->938 936->935 937 7ff6c6f41e4e-7ff6c6f41e56 936->937 937->938 942 7ff6c6f41e98-7ff6c6f41ea0 938->942 943 7ff6c6f41ead-7ff6c6f41eb2 938->943 939->914 955 7ff6c6f41d42-7ff6c6f41d56 call 7ff6c6f383bc 939->955 940->914 942->943 946 7ff6c6f41ea2-7ff6c6f41eab 942->946 943->908 946->908 959 7ff6c6f41f29-7ff6c6f41f2f 951->959 960 7ff6c6f41f15-7ff6c6f41f24 call 7ff6c6f383bc 951->960 955->914 962 7ff6c6f41f3a-7ff6c6f41f56 call 7ff6c6f427b0 959->962 963 7ff6c6f41f31-7ff6c6f41f37 959->963 960->959 966 7ff6c6f41f59-7ff6c6f41f5d 962->966 963->962 967 7ff6c6f42056-7ff6c6f42059 966->967 968 7ff6c6f41f63-7ff6c6f41f65 966->968 967->966 969 7ff6c6f41f67-7ff6c6f41f6a 968->969 970 7ff6c6f41f70-7ff6c6f41f73 968->970 969->967 969->970 971 7ff6c6f41fe1-7ff6c6f41fe4 970->971 972 7ff6c6f41f75-7ff6c6f41f9a call 7ff6c6f427b0 970->972 973 7ff6c6f41fe6-7ff6c6f41fe9 971->973 974 7ff6c6f41ff1-7ff6c6f41ffe 971->974 979 7ff6c6f41f9c-7ff6c6f41f9f 972->979 980 7ff6c6f41faa-7ff6c6f41fad 972->980 973->974 977 7ff6c6f42030-7ff6c6f42035 974->977 978 7ff6c6f42000-7ff6c6f42018 call 7ff6c6f3be00 974->978 981 7ff6c6f42038-7ff6c6f42054 call 7ff6c6f41bc0 call 7ff6c6f41bb0 977->981 978->981 989 7ff6c6f4201a-7ff6c6f4202e call 7ff6c6f383bc 978->989 979->980 983 7ff6c6f41fa1-7ff6c6f41fa8 979->983 980->971 984 7ff6c6f41faf-7ff6c6f41fd1 call 7ff6c6f427b0 980->984 981->952 983->979 983->980 984->971 994 7ff6c6f41fd3-7ff6c6f41fd6 984->994 989->981 994->971 996 7ff6c6f41fd8-7ff6c6f41fdf 994->996 996->971 996->994
      APIs
      • _lock.LIBCMT ref: 00007FF6C6F41BFB
      • free.LIBCMT ref: 00007FF6C6F41CF2
        • Part of subcall function 00007FF6C6F33A28: HeapFree.KERNEL32(?,?,00000000,00007FF6C6F37E2C,?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F33A3E
        • Part of subcall function 00007FF6C6F33A28: _errno.LIBCMT ref: 00007FF6C6F33A48
        • Part of subcall function 00007FF6C6F33A28: GetLastError.KERNEL32(?,?,00000000,00007FF6C6F37E2C,?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F33A50
      • ___lc_codepage_func.LIBCMT ref: 00007FF6C6F41C7B
        • Part of subcall function 00007FF6C6F383BC: RtlCaptureContext.KERNEL32 ref: 00007FF6C6F383FB
        • Part of subcall function 00007FF6C6F383BC: IsDebuggerPresent.KERNEL32 ref: 00007FF6C6F38499
        • Part of subcall function 00007FF6C6F383BC: SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6C6F384A3
        • Part of subcall function 00007FF6C6F383BC: UnhandledExceptionFilter.KERNEL32 ref: 00007FF6C6F384AE
        • Part of subcall function 00007FF6C6F383BC: GetCurrentProcess.KERNEL32 ref: 00007FF6C6F384C4
        • Part of subcall function 00007FF6C6F383BC: TerminateProcess.KERNEL32 ref: 00007FF6C6F384D2
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerErrorFreeHeapLastPresentTerminate___lc_codepage_func_lockfree
      • String ID: Pacific Daylight Time$Pacific Standard Time
      • API String ID: 178205154-1154798116
      • Opcode ID: 7233c75f312d55a8691537bf7af01122a5c629dbcc2d298c544cd6c031014258
      • Instruction ID: 3f461a043dd4a37ccd02e4fc953f5cccf5c9cf74510fc0b581f956158a1b0a3a
      • Opcode Fuzzy Hash: 7233c75f312d55a8691537bf7af01122a5c629dbcc2d298c544cd6c031014258
      • Instruction Fuzzy Hash: 44D1E432A0C28A85E732DF25965067A3697BB80742F404135DAEDD3F96CFBEE4429708
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3C7EC, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 161COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 997 7ff6c6f3c7ec-7ff6c6f3c81d call 7ff6c6f37e44 1000 7ff6c6f3c82b-7ff6c6f3c839 997->1000 1001 7ff6c6f3c81f-7ff6c6f3c826 997->1001 1003 7ff6c6f3c83b-7ff6c6f3c83e 1000->1003 1004 7ff6c6f3c855-7ff6c6f3c85f 1000->1004 1002 7ff6c6f3c90e-7ff6c6f3c917 GetUserDefaultLangID 1001->1002 1005 7ff6c6f3c91a-7ff6c6f3c91e 1002->1005 1003->1004 1006 7ff6c6f3c840-7ff6c6f3c850 call 7ff6c6f3c010 1003->1006 1007 7ff6c6f3c8ca-7ff6c6f3c8d1 1004->1007 1008 7ff6c6f3c861-7ff6c6f3c864 1004->1008 1009 7ff6c6f3ca37 1005->1009 1010 7ff6c6f3c924-7ff6c6f3c940 call 7ff6c6f3c0a8 1005->1010 1006->1004 1013 7ff6c6f3c907 1007->1013 1014 7ff6c6f3c8d3-7ff6c6f3c8d6 1007->1014 1008->1007 1012 7ff6c6f3c866-7ff6c6f3c86d 1008->1012 1018 7ff6c6f3ca39-7ff6c6f3ca53 1009->1018 1010->1009 1026 7ff6c6f3c946-7ff6c6f3c94b 1010->1026 1016 7ff6c6f3c86f-7ff6c6f3c872 1012->1016 1017 7ff6c6f3c87e-7ff6c6f3c881 call 7ff6c6f3c780 1012->1017 1013->1002 1014->1013 1019 7ff6c6f3c8d8-7ff6c6f3c8ff call 7ff6c6f3ca70 EnumSystemLocalesA 1014->1019 1016->1017 1023 7ff6c6f3c874-7ff6c6f3c87c call 7ff6c6f3c6ec 1016->1023 1024 7ff6c6f3c886-7ff6c6f3c88a 1017->1024 1019->1005 1029 7ff6c6f3c901-7ff6c6f3c905 1019->1029 1023->1024 1024->1010 1028 7ff6c6f3c890-7ff6c6f3c8a6 call 7ff6c6f3c010 1024->1028 1026->1009 1030 7ff6c6f3c951-7ff6c6f3c956 1026->1030 1028->1005 1036 7ff6c6f3c8a8-7ff6c6f3c8af 1028->1036 1029->1005 1030->1009 1033 7ff6c6f3c95c-7ff6c6f3c967 IsValidCodePage 1030->1033 1033->1009 1035 7ff6c6f3c96d-7ff6c6f3c97d IsValidLocale 1033->1035 1035->1009 1037 7ff6c6f3c983-7ff6c6f3c986 1035->1037 1038 7ff6c6f3c8b1-7ff6c6f3c8b4 1036->1038 1039 7ff6c6f3c8c0-7ff6c6f3c8c8 call 7ff6c6f3c780 1036->1039 1040 7ff6c6f3c988-7ff6c6f3c998 1037->1040 1041 7ff6c6f3c99c-7ff6c6f3c99f 1037->1041 1038->1039 1044 7ff6c6f3c8b6-7ff6c6f3c8be call 7ff6c6f3c6ec 1038->1044 1039->1005 1040->1041 1042 7ff6c6f3ca30-7ff6c6f3ca35 1041->1042 1043 7ff6c6f3c9a5-7ff6c6f3c9ae 1041->1043 1042->1018 1046 7ff6c6f3c9b0-7ff6c6f3c9c6 call 7ff6c6f3bed8 1043->1046 1047 7ff6c6f3c9df-7ff6c6f3c9f8 GetLocaleInfoA 1043->1047 1044->1005 1051 7ff6c6f3c9fa-7ff6c6f3ca15 GetLocaleInfoA 1046->1051 1055 7ff6c6f3c9c8-7ff6c6f3c9dd call 7ff6c6f383bc 1046->1055 1047->1009 1047->1051 1051->1009 1054 7ff6c6f3ca17-7ff6c6f3ca2b call 7ff6c6f42a78 1051->1054 1054->1042 1055->1051
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: Locale$InfoValid$CodeDefaultLangPageUser_getptd_itow_s
      • String ID: Norwegian-Nynorsk
      • API String ID: 926657232-461349085
      • Opcode ID: 7ff0974399a832ac8e76f8d152517f6fd010818402cdbb7f46a5b145d7612eaa
      • Instruction ID: 1d2d87c741cfe08cbbcbe8aa6ccbacbefb61f546d5be8580acbdcba4ee468c01
      • Opcode Fuzzy Hash: 7ff0974399a832ac8e76f8d152517f6fd010818402cdbb7f46a5b145d7612eaa
      • Instruction Fuzzy Hash: DE619462A4874A86FB269F21D5303B92792EF44B46F048035CAEDC76D4CF7EE940C30A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F36680, Relevance: 7.6, APIs: 5, Instructions: 92COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$DecodePointer
      • String ID:
      • API String ID: 2310398763-0
      • Opcode ID: 9001ec01307512f6005c3245dfabb65157091bd5d3477073366688a9cb22da91
      • Instruction ID: 568ba36c08304164a929b41579703fb2d26c5024abc3549b07567ec73337c0f6
      • Opcode Fuzzy Hash: 9001ec01307512f6005c3245dfabb65157091bd5d3477073366688a9cb22da91
      • Instruction Fuzzy Hash: 5D310B36A1824A42FB22AF35E90192F2153BF80795F504430E9DDC7B85DE3EE464971A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3D6A8, Relevance: 4.7, APIs: 3, Instructions: 201COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: __tzset_errno_isindst
      • String ID:
      • API String ID: 2776731402-0
      • Opcode ID: a144e9c8cb28964006e84db05e43291a8d387b4da8cccedbe6304c0d126b774e
      • Instruction ID: f1e1c58ebdde6239c20fde374f492ca6dfdbbe5993c2ecf3090653a89c2dea4e
      • Opcode Fuzzy Hash: a144e9c8cb28964006e84db05e43291a8d387b4da8cccedbe6304c0d126b774e
      • Instruction Fuzzy Hash: 93714673F1924A42E729CE14D965778A293E7D4346F448135DAAEC7AD8DF3EE401CA01
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F44958, Relevance: 4.6, APIs: 3, Instructions: 90COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$DecodePointer
      • String ID:
      • API String ID: 2310398763-0
      • Opcode ID: 1c425128edd9717f6f4c1b8876a5fecec9d432f856f0ec43f3c24770cca3715a
      • Instruction ID: 08b758f03bba25a18ce4c680aab1d3a033a1a552295aef1adaf20f75a904d4ab
      • Opcode Fuzzy Hash: 1c425128edd9717f6f4c1b8876a5fecec9d432f856f0ec43f3c24770cca3715a
      • Instruction Fuzzy Hash: 2731B232B1868A43E7668F25E50177A6652FF80751F148234EAEDD7ED5CF6ED8018B08
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F34E90, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 154COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • _getptd.LIBCMT ref: 00007FF6C6F34ECA
        • Part of subcall function 00007FF6C6F383BC: RtlCaptureContext.KERNEL32 ref: 00007FF6C6F383FB
        • Part of subcall function 00007FF6C6F383BC: IsDebuggerPresent.KERNEL32 ref: 00007FF6C6F38499
        • Part of subcall function 00007FF6C6F383BC: SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6C6F384A3
        • Part of subcall function 00007FF6C6F383BC: UnhandledExceptionFilter.KERNEL32 ref: 00007FF6C6F384AE
        • Part of subcall function 00007FF6C6F383BC: GetCurrentProcess.KERNEL32 ref: 00007FF6C6F384C4
        • Part of subcall function 00007FF6C6F383BC: TerminateProcess.KERNEL32 ref: 00007FF6C6F384D2
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate_errno_getptd
      • String ID: C
      • API String ID: 1583075380-1037565863
      • Opcode ID: 90169d63b95ef29e5a4ee078383e0d4fd096b9c193f4b96df77c56a0196f47e8
      • Instruction ID: 4cbc2357a80fa113d8483bc3ce4484050a4d7c19883d65aa4ed8de260bdfa274
      • Opcode Fuzzy Hash: 90169d63b95ef29e5a4ee078383e0d4fd096b9c193f4b96df77c56a0196f47e8
      • Instruction Fuzzy Hash: 6C51C752B1868B41FB629E62A5113BA6352FFC4B85F045031EEED87B85DE3FD041C74A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F46A38, Relevance: 24.3, APIs: 16, Instructions: 348COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 301 7ff6c6f46a38-7ff6c6f46a8b 302 7ff6c6f46a8d-7ff6c6f46aad CompareStringW 301->302 303 7ff6c6f46adc-7ff6c6f46ae6 301->303 304 7ff6c6f46ab9-7ff6c6f46ace GetLastError 302->304 305 7ff6c6f46aaf-7ff6c6f46ab7 302->305 306 7ff6c6f46ae8-7ff6c6f46aeb 303->306 307 7ff6c6f46b41-7ff6c6f46b47 303->307 310 7ff6c6f46ad2-7ff6c6f46ad6 304->310 305->310 311 7ff6c6f46aee-7ff6c6f46af6 306->311 308 7ff6c6f46b49-7ff6c6f46b4b 307->308 309 7ff6c6f46b0f-7ff6c6f46b19 307->309 314 7ff6c6f46ef5-7ff6c6f46f11 call 7ff6c6f36a00 308->314 312 7ff6c6f46b1b-7ff6c6f46b1e 309->312 313 7ff6c6f46b50-7ff6c6f46b53 309->313 310->303 315 7ff6c6f46af8-7ff6c6f46afd 311->315 316 7ff6c6f46b01-7ff6c6f46b08 311->316 317 7ff6c6f46b21-7ff6c6f46b26 312->317 313->308 318 7ff6c6f46b55-7ff6c6f46b58 313->318 315->311 320 7ff6c6f46aff 315->320 316->309 321 7ff6c6f46b28-7ff6c6f46b2d 317->321 322 7ff6c6f46b31-7ff6c6f46b3f 317->322 323 7ff6c6f46e0d-7ff6c6f46e16 318->323 324 7ff6c6f46b5e-7ff6c6f46b60 318->324 320->316 321->317 326 7ff6c6f46b2f 321->326 322->318 327 7ff6c6f46e18-7ff6c6f46e1f 323->327 328 7ff6c6f46e23-7ff6c6f46e2d 323->328 324->323 329 7ff6c6f46b66-7ff6c6f46b69 324->329 326->322 327->328 330 7ff6c6f46e36-7ff6c6f46e43 call 7ff6c6f42aa0 328->330 331 7ff6c6f46e2f-7ff6c6f46e32 328->331 329->308 332 7ff6c6f46b6b-7ff6c6f46b75 329->332 330->308 341 7ff6c6f46e49-7ff6c6f46e4c 330->341 331->330 334 7ff6c6f46b77-7ff6c6f46b7a 332->334 335 7ff6c6f46b7e-7ff6c6f46b81 332->335 334->335 337 7ff6c6f46b8c-7ff6c6f46b8f 335->337 338 7ff6c6f46b83-7ff6c6f46b86 335->338 339 7ff6c6f46b99-7ff6c6f46b9c 337->339 340 7ff6c6f46b91-7ff6c6f46b94 337->340 338->337 342 7ff6c6f46c37-7ff6c6f46c57 MultiByteToWideChar 338->342 343 7ff6c6f46ba6-7ff6c6f46ba9 339->343 344 7ff6c6f46b9e-7ff6c6f46ba1 339->344 340->314 346 7ff6c6f46e4e-7ff6c6f46e71 call 7ff6c6f42af4 341->346 347 7ff6c6f46eb3 341->347 342->308 345 7ff6c6f46c5d-7ff6c6f46c67 342->345 348 7ff6c6f46bab-7ff6c6f46bb0 343->348 349 7ff6c6f46bb5-7ff6c6f46bc4 GetCPInfo 343->349 344->314 351 7ff6c6f46c69-7ff6c6f46c76 345->351 352 7ff6c6f46ccd 345->352 346->308 366 7ff6c6f46e77-7ff6c6f46e9c call 7ff6c6f42af4 346->366 350 7ff6c6f46eb7-7ff6c6f46ee1 CompareStringA 347->350 348->314 349->308 354 7ff6c6f46bc6-7ff6c6f46bd0 349->354 355 7ff6c6f46ef3 350->355 356 7ff6c6f46ee3-7ff6c6f46eee call 7ff6c6f33a28 * 2 350->356 351->352 358 7ff6c6f46c78-7ff6c6f46c84 351->358 357 7ff6c6f46cd0-7ff6c6f46cd3 352->357 360 7ff6c6f46c04-7ff6c6f46c0a 354->360 361 7ff6c6f46bd2-7ff6c6f46bd6 354->361 355->314 356->355 357->308 363 7ff6c6f46cd9-7ff6c6f46cfb MultiByteToWideChar 357->363 364 7ff6c6f46c86-7ff6c6f46c8d 358->364 365 7ff6c6f46cb4-7ff6c6f46cbf call 7ff6c6f33a68 358->365 360->342 367 7ff6c6f46c0c-7ff6c6f46c10 360->367 361->348 369 7ff6c6f46bd8-7ff6c6f46bdb 361->369 371 7ff6c6f46d01-7ff6c6f46d28 MultiByteToWideChar 363->371 372 7ff6c6f46df5-7ff6c6f46dff 363->372 373 7ff6c6f46c8f 364->373 374 7ff6c6f46c92-7ff6c6f46ca6 call 7ff6c6f47620 364->374 365->357 389 7ff6c6f46cc1 365->389 386 7ff6c6f46eab-7ff6c6f46eb1 366->386 387 7ff6c6f46e9e-7ff6c6f46ea6 call 7ff6c6f33a28 366->387 367->344 379 7ff6c6f46c12-7ff6c6f46c15 367->379 381 7ff6c6f46bdf 369->381 371->372 383 7ff6c6f46d2e 371->383 376 7ff6c6f46e06-7ff6c6f46e08 372->376 377 7ff6c6f46e01 call 7ff6c6f33a28 372->377 373->374 374->308 394 7ff6c6f46cac-7ff6c6f46cb2 374->394 376->314 377->376 388 7ff6c6f46c19 379->388 381->348 390 7ff6c6f46be1-7ff6c6f46be4 381->390 391 7ff6c6f46d97 383->391 392 7ff6c6f46d30-7ff6c6f46d3d 383->392 386->350 387->308 388->344 396 7ff6c6f46c1b-7ff6c6f46c1e 388->396 397 7ff6c6f46cc7-7ff6c6f46ccb 389->397 390->348 399 7ff6c6f46be6-7ff6c6f46beb 390->399 398 7ff6c6f46d9a-7ff6c6f46d9d 391->398 392->391 400 7ff6c6f46d3f-7ff6c6f46d4b 392->400 394->397 396->344 402 7ff6c6f46c24-7ff6c6f46c28 396->402 397->357 398->372 403 7ff6c6f46d9f-7ff6c6f46dc4 MultiByteToWideChar 398->403 404 7ff6c6f46bed-7ff6c6f46bf0 399->404 405 7ff6c6f46bf2-7ff6c6f46bf8 399->405 406 7ff6c6f46d4d-7ff6c6f46d54 400->406 407 7ff6c6f46d7e-7ff6c6f46d89 call 7ff6c6f33a68 400->407 409 7ff6c6f46c2a-7ff6c6f46c2d 402->409 410 7ff6c6f46c2f-7ff6c6f46c35 402->410 411 7ff6c6f46dc6-7ff6c6f46de2 CompareStringW 403->411 412 7ff6c6f46de4-7ff6c6f46dee 403->412 404->405 413 7ff6c6f46bfa-7ff6c6f46bff 404->413 405->381 414 7ff6c6f46d56 406->414 415 7ff6c6f46d60-7ff6c6f46d74 call 7ff6c6f47620 406->415 407->398 420 7ff6c6f46d8b 407->420 409->410 409->413 410->388 411->412 412->372 418 7ff6c6f46df0 call 7ff6c6f33a28 412->418 413->314 414->415 415->372 422 7ff6c6f46d76-7ff6c6f46d7c 415->422 418->372 423 7ff6c6f46d91-7ff6c6f46d95 420->423 422->423 423->398
      APIs
      • CompareStringW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C6F46F7A), ref: 00007FF6C6F46AA5
      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C6F46F7A), ref: 00007FF6C6F46AB9
      • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C6F46F7A), ref: 00007FF6C6F46BBC
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: CompareErrorInfoLastString
      • String ID:
      • API String ID: 3723911898-0
      • Opcode ID: 4fef309759a332e5e78228dc9ae9cdacf75abd625977a99af39bf93bf1aada7f
      • Instruction ID: 6c5b7018263f0128d365c199dd2f4244dddb03f5b6b11e8156d24d2a4882ec15
      • Opcode Fuzzy Hash: 4fef309759a332e5e78228dc9ae9cdacf75abd625977a99af39bf93bf1aada7f
      • Instruction Fuzzy Hash: F9E1D422A082CA86EB329F1596401BD2793FB44796F544535E7AD87FC4DFBEE944C308
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F31190, Relevance: 22.7, APIs: 9, Strings: 6, Instructions: 236COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 424 7ff6c6f31190-7ff6c6f31256 call 7ff6c6f355fc call 7ff6c6f33a68 call 7ff6c6f34380 call 7ff6c6f34348 433 7ff6c6f31258-7ff6c6f3125f 424->433 434 7ff6c6f31262-7ff6c6f31293 call 7ff6c6f31670 call 7ff6c6f31940 424->434 433->434 439 7ff6c6f312af-7ff6c6f312be call 7ff6c6f31f10 434->439 440 7ff6c6f31295-7ff6c6f312ad call 7ff6c6f32060 434->440 444 7ff6c6f312c3 439->444 445 7ff6c6f312c7-7ff6c6f312cc 440->445 444->445 446 7ff6c6f312e0-7ff6c6f31300 call 7ff6c6f31780 445->446 447 7ff6c6f312ce-7ff6c6f312db call 7ff6c6f31780 445->447 451 7ff6c6f31320-7ff6c6f31328 446->451 452 7ff6c6f31302-7ff6c6f3131b call 7ff6c6f319c0 446->452 447->446 454 7ff6c6f3133d-7ff6c6f31347 call 7ff6c6f31b80 451->454 455 7ff6c6f3132a-7ff6c6f3133b call 7ff6c6f342d4 451->455 452->451 460 7ff6c6f3134c-7ff6c6f31388 call 7ff6c6f31aa0 call 7ff6c6f31c30 454->460 455->460 465 7ff6c6f31437-7ff6c6f3143f 460->465 466 7ff6c6f3138e-7ff6c6f31395 call 7ff6c6f31f00 460->466 467 7ff6c6f31441-7ff6c6f3144d call 7ff6c6f337d0 465->467 468 7ff6c6f31452-7ff6c6f31458 465->468 466->465 477 7ff6c6f3139b-7ff6c6f313ea call 7ff6c6f342b8 * 2 call 7ff6c6f33a68 call 7ff6c6f341f4 466->477 467->468 471 7ff6c6f314fa-7ff6c6f31516 call 7ff6c6f33810 468->471 472 7ff6c6f3145e-7ff6c6f314ad call 7ff6c6f342b8 * 2 call 7ff6c6f33a68 call 7ff6c6f341f4 468->472 482 7ff6c6f31518-7ff6c6f31530 471->482 483 7ff6c6f31532-7ff6c6f31539 471->483 511 7ff6c6f314af-7ff6c6f314bb call 7ff6c6f33620 472->511 512 7ff6c6f314c2-7ff6c6f314e1 call 7ff6c6f33fd0 call 7ff6c6f33f08 472->512 517 7ff6c6f313ec-7ff6c6f313fd call 7ff6c6f33620 477->517 518 7ff6c6f313ff-7ff6c6f3141e call 7ff6c6f33fd0 call 7ff6c6f33f08 477->518 494 7ff6c6f31580-7ff6c6f3159c call 7ff6c6f33810 482->494 486 7ff6c6f3153b-7ff6c6f3154e call 7ff6c6f33620 483->486 487 7ff6c6f31550-7ff6c6f31571 call 7ff6c6f33fd0 call 7ff6c6f33f08 483->487 500 7ff6c6f31576-7ff6c6f3157b call 7ff6c6f33e68 486->500 487->500 509 7ff6c6f315be-7ff6c6f315c5 494->509 510 7ff6c6f3159e-7ff6c6f315bc 494->510 500->494 514 7ff6c6f315c7-7ff6c6f315da call 7ff6c6f33620 509->514 515 7ff6c6f315dc-7ff6c6f315fd call 7ff6c6f33fd0 call 7ff6c6f33f08 509->515 526 7ff6c6f3160c-7ff6c6f31650 call 7ff6c6f337f0 call 7ff6c6f33a28 * 4 510->526 519 7ff6c6f314c0 511->519 527 7ff6c6f314e6-7ff6c6f314f5 call 7ff6c6f33a28 call 7ff6c6f33e68 512->527 533 7ff6c6f31602-7ff6c6f31607 call 7ff6c6f33e68 514->533 515->533 536 7ff6c6f31423-7ff6c6f31432 call 7ff6c6f33a28 call 7ff6c6f33e68 517->536 518->536 519->527 527->471 533->526 536->465
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$_errno$malloc$Heap$AddressAllocateErrorFreeLastMessageProc
      • String ID: %s:%s$%s:%s$%s:%s$%s:%s$runW$setInitialArgsW
      • API String ID: 601363308-1770921581
      • Opcode ID: 833ae90926bc19009da1be6bc201c345330405e6e993f3d5c75365387514064d
      • Instruction ID: 027429571c3e36c4cd3b16e5a0cf6893f80fa108747f11644ce33343b3096837
      • Opcode Fuzzy Hash: 833ae90926bc19009da1be6bc201c345330405e6e993f3d5c75365387514064d
      • Instruction Fuzzy Hash: C4D1536290CA4A85E612DF15E5513B973A2FF81786F001035E6EDC7BA6CFBEE440C70A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F32060, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 164COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: malloc$realloc$swscanf
      • String ID: %[^]
      • API String ID: 300293884-1511528883
      • Opcode ID: 71f4be30116a87db26c233eb0f6d87bcaea55527c1114bd669d981afa9d5aca4
      • Instruction ID: 5b4789fd19eb03491fdc06abb944c61d86e8b269a20b8758eeef490e9910d125
      • Opcode Fuzzy Hash: 71f4be30116a87db26c233eb0f6d87bcaea55527c1114bd669d981afa9d5aca4
      • Instruction Fuzzy Hash: F381297260CA8582DA61DF59E49032EB3A1FBC4B95F104132EADDC3B69DF7ED4418B05
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F32490, Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 303COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 613 7ff6c6f32490-7ff6c6f324af 614 7ff6c6f324e1-7ff6c6f32519 call 7ff6c6f342b8 call 7ff6c6f33a68 call 7ff6c6f3587c 613->614 615 7ff6c6f324b1-7ff6c6f324bf 613->615 631 7ff6c6f3292d-7ff6c6f3293e call 7ff6c6f35e94 614->631 615->614 616 7ff6c6f324c1-7ff6c6f324ce 615->616 619 7ff6c6f324d0-7ff6c6f324df 616->619 620 7ff6c6f3251e-7ff6c6f3252e call 7ff6c6f33600 616->620 619->614 619->620 626 7ff6c6f325e0-7ff6c6f325f7 call 7ff6c6f368cc 620->626 627 7ff6c6f32534-7ff6c6f3258d call 7ff6c6f342b8 call 7ff6c6f33a68 call 7ff6c6f35c64 call 7ff6c6f342b8 620->627 634 7ff6c6f325f9-7ff6c6f32600 626->634 635 7ff6c6f32605-7ff6c6f3267d call 7ff6c6f342b8 call 7ff6c6f33a68 call 7ff6c6f35c64 call 7ff6c6f342b8 call 7ff6c6f3587c 626->635 658 7ff6c6f325c9-7ff6c6f325db call 7ff6c6f35850 627->658 659 7ff6c6f3258f-7ff6c6f325a1 627->659 641 7ff6c6f32940-7ff6c6f3294c 631->641 642 7ff6c6f3294e-7ff6c6f32963 call 7ff6c6f342b8 631->642 634->635 681 7ff6c6f3268b-7ff6c6f326c9 call 7ff6c6f342b8 * 2 call 7ff6c6f33a68 635->681 682 7ff6c6f3267f-7ff6c6f32681 635->682 641->642 645 7ff6c6f32995-7ff6c6f3299f call 7ff6c6f35e94 641->645 642->645 654 7ff6c6f32965-7ff6c6f32982 call 7ff6c6f35a58 642->654 655 7ff6c6f329a4-7ff6c6f329a6 645->655 654->645 674 7ff6c6f32984-7ff6c6f32990 call 7ff6c6f35850 654->674 661 7ff6c6f329a8-7ff6c6f329b4 655->661 662 7ff6c6f329b6-7ff6c6f329ce call 7ff6c6f33a28 655->662 658->631 659->658 664 7ff6c6f325a3-7ff6c6f325c4 659->664 661->662 667 7ff6c6f329d0-7ff6c6f329d8 661->667 675 7ff6c6f32a0e-7ff6c6f32a16 662->675 664->658 671 7ff6c6f32a09 667->671 672 7ff6c6f329da-7ff6c6f329f3 call 7ff6c6f33870 667->672 671->675 672->671 683 7ff6c6f329f5-7ff6c6f32a04 call 7ff6c6f33a28 672->683 674->645 692 7ff6c6f326ce-7ff6c6f326d4 681->692 682->675 683->671 692->631 693 7ff6c6f326da-7ff6c6f326e4 692->693 693->631 694 7ff6c6f326ea-7ff6c6f32706 call 7ff6c6f34348 693->694 697 7ff6c6f32708-7ff6c6f32717 call 7ff6c6f3587c 694->697 698 7ff6c6f32719-7ff6c6f3275d call 7ff6c6f367c8 694->698 703 7ff6c6f32762-7ff6c6f3277d call 7ff6c6f34348 697->703 698->703 706 7ff6c6f32828-7ff6c6f32835 call 7ff6c6f342b8 703->706 707 7ff6c6f32783-7ff6c6f327a2 call 7ff6c6f342b8 703->707 712 7ff6c6f32837-7ff6c6f32842 706->712 713 7ff6c6f32880-7ff6c6f3288a call 7ff6c6f35c64 706->713 714 7ff6c6f327a7-7ff6c6f327b1 707->714 716 7ff6c6f3288f-7ff6c6f328b0 call 7ff6c6f342b8 712->716 717 7ff6c6f32844-7ff6c6f32852 call 7ff6c6f342b8 712->717 713->716 718 7ff6c6f32815-7ff6c6f32824 714->718 719 7ff6c6f327b3-7ff6c6f327e2 714->719 726 7ff6c6f328ec-7ff6c6f3290f call 7ff6c6f35850 call 7ff6c6f35e94 716->726 727 7ff6c6f328b2-7ff6c6f328c4 716->727 717->713 728 7ff6c6f32854-7ff6c6f32862 call 7ff6c6f342b8 717->728 718->706 720 7ff6c6f327e6-7ff6c6f32813 719->720 721 7ff6c6f327e4 719->721 720->714 721->714 738 7ff6c6f32928 726->738 739 7ff6c6f32911-7ff6c6f3291d 726->739 727->726 729 7ff6c6f328c6-7ff6c6f328e7 727->729 728->716 735 7ff6c6f32864-7ff6c6f32870 728->735 729->726 735->713 737 7ff6c6f32872-7ff6c6f3287e 735->737 737->713 737->716 738->692 739->738 740 7ff6c6f3291f 739->740 740->738
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: malloc$free$__except_validate_jump_buffer
      • String ID: .exe$.exe$PATH
      • API String ID: 1394753668-4238971936
      • Opcode ID: 005eb9812bb9f9bf2c7a28a61ffd215e65a4c4fdba6fa1ba0bfb3bd9a6ff8f25
      • Instruction ID: d0fba67aaa4e7385a3902e6ab8a6b043e3a99f749e0ce89fe34b324a0e694490
      • Opcode Fuzzy Hash: 005eb9812bb9f9bf2c7a28a61ffd215e65a4c4fdba6fa1ba0bfb3bd9a6ff8f25
      • Instruction Fuzzy Hash: 45F10C2260CB8981DA619F16E48037EB3A1FBC8B95F404132EADDC7B69DF6DD441CB05
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F31C30, Relevance: 16.6, APIs: 6, Strings: 5, Instructions: 132COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$malloc$__doserrno_errno
      • String ID: eclipse$eclipse$org.eclipse.equinox.launcher$org.eclipse.equinox.launcher$plugins
      • API String ID: 3299306392-1329844695
      • Opcode ID: 0d2d8010bbe24606e888a6769674a0d5955357583ec9c762be9c85dadd9ccb5d
      • Instruction ID: 43f7ef80e67b1394ea83cd8fe07752d50b893899f38a37a71e26c76a95960514
      • Opcode Fuzzy Hash: 0d2d8010bbe24606e888a6769674a0d5955357583ec9c762be9c85dadd9ccb5d
      • Instruction Fuzzy Hash: 5671FF2260CA8980EA62DF15E4913BA7362FBC4BC1F405132EAEDC7B69DF2DD585C705
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F33670, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 62windowlibraryCOMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: Load$Icon$ClassCreateHandleLibraryLongModuleWindow
      • String ID: STATIC
      • API String ID: 707653617-1882779555
      • Opcode ID: 436f30f6e0417e8058d5f85b2d871ca7db2401e1b0e9070417d23a5df567399b
      • Instruction ID: 8e41346ff8bf651040fcd51d3d892a194d6c169bd3ee29d57c56e80fc5b081c9
      • Opcode Fuzzy Hash: 436f30f6e0417e8058d5f85b2d871ca7db2401e1b0e9070417d23a5df567399b
      • Instruction Fuzzy Hash: E031D97691CB4986E351DF14F45832A76A1FB84785F200138E6ED87BA8CFBEE085CB44
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F470B8, Relevance: 13.8, APIs: 9, Instructions: 256COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1075 7ff6c6f470b8-7ff6c6f470de 1076 7ff6c6f470e0-7ff6c6f470ff call 7ff6c6f36e14 call 7ff6c6f384e4 1075->1076 1077 7ff6c6f47104-7ff6c6f4710a 1075->1077 1088 7ff6c6f471ee 1076->1088 1079 7ff6c6f47110-7ff6c6f47128 call 7ff6c6f475d0 1077->1079 1080 7ff6c6f471e3-7ff6c6f471e8 call 7ff6c6f36e14 1077->1080 1079->1080 1089 7ff6c6f4712e-7ff6c6f47131 1079->1089 1080->1088 1090 7ff6c6f471f1-7ff6c6f47208 1088->1090 1089->1080 1091 7ff6c6f47137-7ff6c6f47150 1089->1091 1092 7ff6c6f471c2-7ff6c6f471c5 1091->1092 1093 7ff6c6f47152-7ff6c6f4715b 1091->1093 1094 7ff6c6f471cb-7ff6c6f471ce 1092->1094 1095 7ff6c6f47254-7ff6c6f4725a 1092->1095 1096 7ff6c6f47168-7ff6c6f4716b 1093->1096 1097 7ff6c6f4715d-7ff6c6f47160 1093->1097 1101 7ff6c6f47209-7ff6c6f4720c 1094->1101 1102 7ff6c6f471d0-7ff6c6f471d7 1094->1102 1095->1088 1100 7ff6c6f4725c-7ff6c6f4726d 1095->1100 1098 7ff6c6f4716d-7ff6c6f47185 call 7ff6c6f39a60 1096->1098 1099 7ff6c6f47162-7ff6c6f47166 1096->1099 1103 7ff6c6f471b7-7ff6c6f471bb 1097->1103 1116 7ff6c6f47187-7ff6c6f47191 call 7ff6c6f33b20 1098->1116 1117 7ff6c6f471a6-7ff6c6f471ad 1098->1117 1099->1096 1105 7ff6c6f4726f-7ff6c6f47278 call 7ff6c6f4693c 1100->1105 1106 7ff6c6f472ae-7ff6c6f472b5 1100->1106 1107 7ff6c6f4720e-7ff6c6f47210 1101->1107 1108 7ff6c6f47212-7ff6c6f47226 call 7ff6c6f399f4 1101->1108 1102->1101 1109 7ff6c6f471d9-7ff6c6f471e1 call 7ff6c6f46944 1102->1109 1103->1092 1118 7ff6c6f4727d-7ff6c6f4727f 1105->1118 1114 7ff6c6f472b7-7ff6c6f472bd 1106->1114 1107->1090 1108->1088 1128 7ff6c6f47228-7ff6c6f47232 1108->1128 1109->1080 1122 7ff6c6f4724d 1109->1122 1120 7ff6c6f4734f-7ff6c6f47352 1114->1120 1121 7ff6c6f472c3-7ff6c6f472c7 1114->1121 1116->1117 1126 7ff6c6f471af-7ff6c6f471b2 1117->1126 1127 7ff6c6f47193-7ff6c6f471a2 call 7ff6c6f47468 1117->1127 1124 7ff6c6f4729b-7ff6c6f472a5 1118->1124 1125 7ff6c6f47281-7ff6c6f4728a 1118->1125 1129 7ff6c6f47458-7ff6c6f47460 call 7ff6c6f33a28 1120->1129 1130 7ff6c6f47358-7ff6c6f4735b 1120->1130 1121->1120 1131 7ff6c6f472cd-7ff6c6f472dd call 7ff6c6f33a28 1121->1131 1122->1095 1124->1105 1136 7ff6c6f472a7 1124->1136 1134 7ff6c6f47290-7ff6c6f47295 1125->1134 1135 7ff6c6f47332-7ff6c6f47340 1125->1135 1126->1103 1127->1117 1128->1122 1137 7ff6c6f47234-7ff6c6f47248 call 7ff6c6f399f4 1128->1137 1138 7ff6c6f4735d 1130->1138 1139 7ff6c6f4735f-7ff6c6f47364 1130->1139 1148 7ff6c6f472df-7ff6c6f472e4 1131->1148 1149 7ff6c6f47345-7ff6c6f4734d 1131->1149 1134->1124 1134->1135 1135->1114 1136->1106 1137->1088 1151 7ff6c6f4724a 1137->1151 1138->1139 1139->1088 1145 7ff6c6f4736a-7ff6c6f4737a 1139->1145 1145->1088 1147 7ff6c6f47380-7ff6c6f47388 call 7ff6c6f39b6c 1145->1147 1156 7ff6c6f4738d-7ff6c6f47390 1147->1156 1153 7ff6c6f472e6 1148->1153 1154 7ff6c6f47303-7ff6c6f47313 1148->1154 1155 7ff6c6f473ac-7ff6c6f473b1 1149->1155 1151->1122 1157 7ff6c6f472eb-7ff6c6f47301 1153->1157 1154->1155 1158 7ff6c6f47319-7ff6c6f4732e call 7ff6c6f39b6c 1154->1158 1159 7ff6c6f473b7-7ff6c6f473d3 call 7ff6c6f3ca70 call 7ff6c6f39a60 1155->1159 1160 7ff6c6f47441-7ff6c6f47444 1155->1160 1156->1088 1161 7ff6c6f47396-7ff6c6f473a2 1156->1161 1157->1154 1157->1157 1158->1155 1170 7ff6c6f47330 1158->1170 1159->1160 1174 7ff6c6f473d5-7ff6c6f473ef call 7ff6c6f3ca70 call 7ff6c6f3bed8 1159->1174 1164 7ff6c6f47446-7ff6c6f4744e call 7ff6c6f33a28 1160->1164 1165 7ff6c6f47451-7ff6c6f47453 1160->1165 1166 7ff6c6f473a5 1161->1166 1164->1165 1165->1090 1166->1155 1170->1166 1179 7ff6c6f473f1-7ff6c6f47400 call 7ff6c6f383bc 1174->1179 1180 7ff6c6f47405-7ff6c6f47429 SetEnvironmentVariableA 1174->1180 1179->1180 1182 7ff6c6f47439-7ff6c6f4743c call 7ff6c6f33a28 1180->1182 1183 7ff6c6f4742b-7ff6c6f47433 call 7ff6c6f36e14 1180->1183 1182->1160 1183->1182
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$_errno$DecodeEnvironmentPointerVariable__wtomb_environ
      • String ID:
      • API String ID: 3451773520-0
      • Opcode ID: 635371aa4bd84910a3ec74b0f0e5250c62adae22b29609ff47a1a7630e4d6539
      • Instruction ID: c68bf64e4961241f138de28970cf317a016849df2d521c05a3f0474f67a843c4
      • Opcode Fuzzy Hash: 635371aa4bd84910a3ec74b0f0e5250c62adae22b29609ff47a1a7630e4d6539
      • Instruction Fuzzy Hash: 79A1FC25F0D64A41FA12AF119A1023A2287FF80796F144535DEFEC7FC5DEBEA4858709
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F33CDC, Relevance: 13.6, APIs: 9, Instructions: 98COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: DecodePointer$_initterm$ExitProcess_lock
      • String ID:
      • API String ID: 2551688548-0
      • Opcode ID: 6aae837fb427203b975f66c309e5329f83957dee51cdb19c44dfbfa9fbc02cee
      • Instruction ID: f094e1edcf0f2c42a4ed9181b8ed1c665e445e0f369454adad5c0c21a2136392
      • Opcode Fuzzy Hash: 6aae837fb427203b975f66c309e5329f83957dee51cdb19c44dfbfa9fbc02cee
      • Instruction Fuzzy Hash: A5419022A0EA8E45E612DF01E9401396297BF847C6F040034EAEDC7B95DFBEE441830A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3F1F4, Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 215COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1221 7ff6c6f3f1f4-7ff6c6f3f236 1222 7ff6c6f3f238-7ff6c6f3f240 1221->1222 1223 7ff6c6f3f242-7ff6c6f3f24e 1221->1223 1222->1222 1222->1223 1224 7ff6c6f3f250-7ff6c6f3f253 1223->1224 1225 7ff6c6f3f28f 1223->1225 1227 7ff6c6f3f287-7ff6c6f3f28d 1224->1227 1228 7ff6c6f3f255-7ff6c6f3f258 1224->1228 1226 7ff6c6f3f294 1225->1226 1229 7ff6c6f3f297-7ff6c6f3f2a5 1226->1229 1227->1229 1230 7ff6c6f3f25a-7ff6c6f3f274 call 7ff6c6f36e14 call 7ff6c6f384e4 1228->1230 1231 7ff6c6f3f280-7ff6c6f3f285 1228->1231 1232 7ff6c6f3f2ab-7ff6c6f3f2ae 1229->1232 1233 7ff6c6f3f47a-7ff6c6f3f47e 1229->1233 1245 7ff6c6f3f279-7ff6c6f3f27b 1230->1245 1231->1226 1237 7ff6c6f3f3af-7ff6c6f3f3b2 1232->1237 1238 7ff6c6f3f2b4-7ff6c6f3f2ba 1232->1238 1235 7ff6c6f3f476 1233->1235 1236 7ff6c6f3f480-7ff6c6f3f484 1233->1236 1235->1233 1236->1230 1240 7ff6c6f3f48a-7ff6c6f3f4a0 call 7ff6c6f44a90 1236->1240 1237->1233 1243 7ff6c6f3f3b8 1237->1243 1241 7ff6c6f3f2bc 1238->1241 1242 7ff6c6f3f33a-7ff6c6f3f33d 1238->1242 1253 7ff6c6f3f4a5-7ff6c6f3f4a8 1240->1253 1247 7ff6c6f3f32d-7ff6c6f3f330 1241->1247 1248 7ff6c6f3f2be-7ff6c6f3f2c1 1241->1248 1249 7ff6c6f3f38f-7ff6c6f3f393 1242->1249 1250 7ff6c6f3f33f-7ff6c6f3f342 1242->1250 1251 7ff6c6f3f3be-7ff6c6f3f3c2 1243->1251 1252 7ff6c6f3f4d0-7ff6c6f3f4ec 1245->1252 1255 7ff6c6f3f395-7ff6c6f3f398 1247->1255 1256 7ff6c6f3f332-7ff6c6f3f338 1247->1256 1257 7ff6c6f3f2c7-7ff6c6f3f2ca 1248->1257 1258 7ff6c6f3f39e-7ff6c6f3f3a9 1248->1258 1254 7ff6c6f3f39a 1249->1254 1249->1255 1259 7ff6c6f3f381-7ff6c6f3f387 1250->1259 1260 7ff6c6f3f344-7ff6c6f3f347 1250->1260 1261 7ff6c6f3f3ba 1251->1261 1262 7ff6c6f3f3c4-7ff6c6f3f3dc call 7ff6c6f36d9c 1251->1262 1253->1245 1264 7ff6c6f3f4ae-7ff6c6f3f4cc 1253->1264 1254->1258 1255->1258 1256->1258 1265 7ff6c6f3f318-7ff6c6f3f31c 1257->1265 1266 7ff6c6f3f2cc-7ff6c6f3f2cf 1257->1266 1258->1232 1258->1237 1259->1255 1263 7ff6c6f3f389-7ff6c6f3f38d 1259->1263 1267 7ff6c6f3f349-7ff6c6f3f34c 1260->1267 1268 7ff6c6f3f373-7ff6c6f3f376 1260->1268 1261->1251 1262->1230 1277 7ff6c6f3f3e2-7ff6c6f3f3e6 1262->1277 1263->1258 1264->1252 1265->1255 1272 7ff6c6f3f31e-7ff6c6f3f32b 1265->1272 1273 7ff6c6f3f2d1-7ff6c6f3f2d4 1266->1273 1274 7ff6c6f3f313-7ff6c6f3f316 1266->1274 1275 7ff6c6f3f34e-7ff6c6f3f351 1267->1275 1276 7ff6c6f3f365-7ff6c6f3f368 1267->1276 1268->1255 1271 7ff6c6f3f378-7ff6c6f3f37f 1268->1271 1271->1258 1272->1258 1279 7ff6c6f3f2d6-7ff6c6f3f2d9 1273->1279 1280 7ff6c6f3f301-7ff6c6f3f305 1273->1280 1274->1255 1275->1230 1281 7ff6c6f3f357-7ff6c6f3f35d 1275->1281 1276->1255 1278 7ff6c6f3f36a-7ff6c6f3f371 1276->1278 1282 7ff6c6f3f3ec-7ff6c6f3f3f0 1277->1282 1278->1258 1284 7ff6c6f3f2f8-7ff6c6f3f2fc 1279->1284 1285 7ff6c6f3f2db-7ff6c6f3f2de 1279->1285 1280->1255 1283 7ff6c6f3f30b-7ff6c6f3f30e 1280->1283 1281->1255 1286 7ff6c6f3f35f-7ff6c6f3f363 1281->1286 1287 7ff6c6f3f3e8 1282->1287 1288 7ff6c6f3f3f2-7ff6c6f3f3f6 1282->1288 1283->1258 1284->1258 1285->1230 1289 7ff6c6f3f2e4-7ff6c6f3f2e7 1285->1289 1286->1258 1287->1282 1288->1230 1291 7ff6c6f3f3fc-7ff6c6f3f404 1288->1291 1289->1255 1290 7ff6c6f3f2ed-7ff6c6f3f2f3 1289->1290 1290->1258 1291->1291 1292 7ff6c6f3f406-7ff6c6f3f41e call 7ff6c6f44bf0 1291->1292 1295 7ff6c6f3f42a-7ff6c6f3f442 call 7ff6c6f44bf0 1292->1295 1296 7ff6c6f3f420-7ff6c6f3f428 1292->1296 1299 7ff6c6f3f44e-7ff6c6f3f466 call 7ff6c6f44bf0 1295->1299 1300 7ff6c6f3f444-7ff6c6f3f44c 1295->1300 1296->1233 1299->1230 1303 7ff6c6f3f46c-7ff6c6f3f474 1299->1303 1300->1233 1303->1233
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$_wsopen_s
      • String ID: =$UNICODE$UTF-16LE$UTF-8$ccs
      • API String ID: 586276568-31882262
      • Opcode ID: 5fc937fa530fa101b8cab47349414950ccbb0e48019be69f6e65dbeaac96068d
      • Instruction ID: 4b219e89ebb06d5468276d0952e49a8351e867addc3ed9d3c78242ecd857d232
      • Opcode Fuzzy Hash: 5fc937fa530fa101b8cab47349414950ccbb0e48019be69f6e65dbeaac96068d
      • Instruction Fuzzy Hash: 6871E426E0E20AC1FB764E15E50273A1293AF55742F554131CEEEE3AD4CE3FE881420B
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F31670, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 63COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$malloc$AllocateFileHeapModuleName_free_nolockfree
      • String ID: .exe$.exe
      • API String ID: 2786203957-1392631246
      • Opcode ID: 89bf050788bbb70a64b0589cb2c74ed4180642fa759755f5dbfc551fbb9531c8
      • Instruction ID: 048aa9de88070536c071003eecebd62311a27f9f58a6016bf888d0e480527013
      • Opcode Fuzzy Hash: 89bf050788bbb70a64b0589cb2c74ed4180642fa759755f5dbfc551fbb9531c8
      • Instruction Fuzzy Hash: 3A318D76A1CA4982DA61DF15E49013EB3A2FBC8B95F001132EADDC3B59CF7DD1408B05
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3387C, Relevance: 9.1, APIs: 6, Instructions: 99COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 1330 7ff6c6f3387c-7ff6c6f33892 1331 7ff6c6f338ea-7ff6c6f338ec 1330->1331 1332 7ff6c6f33894-7ff6c6f338ab 1330->1332 1335 7ff6c6f338f0-7ff6c6f338fe call 7ff6c6f38024 1331->1335 1333 7ff6c6f338ad-7ff6c6f338b3 1332->1333 1334 7ff6c6f338b5-7ff6c6f338be 1332->1334 1333->1335 1336 7ff6c6f338c8-7ff6c6f338cf 1334->1336 1337 7ff6c6f338c0-7ff6c6f338c6 1334->1337 1342 7ff6c6f33900-7ff6c6f33907 1335->1342 1343 7ff6c6f33922-7ff6c6f33929 call 7ff6c6f37fa0 1335->1343 1340 7ff6c6f338d9-7ff6c6f338e8 1336->1340 1341 7ff6c6f338d1-7ff6c6f338d7 1336->1341 1337->1335 1340->1335 1341->1335 1344 7ff6c6f33909 call 7ff6c6f37158 1342->1344 1345 7ff6c6f3390e-7ff6c6f3391d call 7ff6c6f36f30 call 7ff6c6f33b8c 1342->1345 1351 7ff6c6f3394d-7ff6c6f3395a call 7ff6c6f37c58 call 7ff6c6f37968 1343->1351 1352 7ff6c6f3392b-7ff6c6f33932 1343->1352 1344->1345 1345->1343 1364 7ff6c6f33966-7ff6c6f33985 GetCommandLineW call 7ff6c6f378d4 call 7ff6c6f377e4 1351->1364 1365 7ff6c6f3395c-7ff6c6f33961 call 7ff6c6f33b20 1351->1365 1355 7ff6c6f33939-7ff6c6f33948 call 7ff6c6f36f30 call 7ff6c6f33b8c 1352->1355 1356 7ff6c6f33934 call 7ff6c6f37158 1352->1356 1355->1351 1356->1355 1371 7ff6c6f33987-7ff6c6f3398c call 7ff6c6f33b20 1364->1371 1372 7ff6c6f33991-7ff6c6f33998 call 7ff6c6f37514 1364->1372 1365->1364 1371->1372 1376 7ff6c6f3399a-7ff6c6f3399f call 7ff6c6f33b20 1372->1376 1377 7ff6c6f339a4-7ff6c6f339ad call 7ff6c6f33c2c 1372->1377 1376->1377 1381 7ff6c6f339b6-7ff6c6f339d1 call 7ff6c6f31000 1377->1381 1382 7ff6c6f339af-7ff6c6f339b1 call 7ff6c6f33b20 1377->1382 1385 7ff6c6f339d6-7ff6c6f339de 1381->1385 1382->1381 1386 7ff6c6f339e7-7ff6c6f33a11 call 7ff6c6f33e80 1385->1386 1387 7ff6c6f339e0-7ff6c6f339e2 call 7ff6c6f33e68 1385->1387 1387->1386
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: CommandInitializeLine__create_locale_cinit
      • String ID:
      • API String ID: 899786927-0
      • Opcode ID: 099ae3a07c332bb2c585d7edec65833441fb8b131d0507388e79762aedd69517
      • Instruction ID: 4b6b9bfc7f42d83774c972279e9e2fdaed00e01b7088471bc9634328a58287d7
      • Opcode Fuzzy Hash: 099ae3a07c332bb2c585d7edec65833441fb8b131d0507388e79762aedd69517
      • Instruction Fuzzy Hash: 85414C62E0C68F86FA52AF64A5512792293AF40347F140039D7EDC76D7DEAFA840871F
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F355FC, Relevance: 6.1, APIs: 4, Instructions: 122COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _lock$DecodePointer_errno_getptd
      • String ID:
      • API String ID: 4201827665-0
      • Opcode ID: b214a0416cc190f90d6c8e026eb95d306f7565141d6b00d5f51af00543002440
      • Instruction ID: 48e3f16a375046fa1cfa697c75e5df1eb37e2d0e02f73196d75a1b56454d504a
      • Opcode Fuzzy Hash: b214a0416cc190f90d6c8e026eb95d306f7565141d6b00d5f51af00543002440
      • Instruction Fuzzy Hash: C551AC31A0964A82F746DF25E9407BA3292FF85782F104135EDED83792DE7EE800871A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F32686, Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 42COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$__doserrno_errno
      • String ID: .exe$.exe
      • API String ID: 13327527-1392631246
      • Opcode ID: 51931eef1e682aefba3e16cd104743b560ae62145aa1d14770ded707e4c36f38
      • Instruction ID: 6750e2e95d8f39c9a33547cfaa6ec5df88527b7cf2833aab6ec2f326cb766b85
      • Opcode Fuzzy Hash: 51931eef1e682aefba3e16cd104743b560ae62145aa1d14770ded707e4c36f38
      • Instruction Fuzzy Hash: 0C11462250CA4A80EA22DF11E54037AA352FBC43A6F400031E9DDC75A9DF6ED585D705
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F37FA0, Relevance: 4.5, APIs: 3, Instructions: 35memorythreadCOMMON
      Download Yara Rule
      APIs
        • Part of subcall function 00007FF6C6F33EA0: _initp_misc_winsig.LIBCMT ref: 00007FF6C6F33ED9
        • Part of subcall function 00007FF6C6F33EA0: EncodePointer.KERNEL32(?,?,00000000,00007FF6C6F37FAB,?,?,00000000,00007FF6C6F33927), ref: 00007FF6C6F33EF5
      • FlsAlloc.KERNEL32(?,?,00000000,00007FF6C6F33927), ref: 00007FF6C6F37FBB
        • Part of subcall function 00007FF6C6F39A60: Sleep.KERNEL32(?,?,00000000,00007FF6C6F37DF3,?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F39AA5
      • FlsSetValue.KERNEL32(?,?,00000000,00007FF6C6F33927), ref: 00007FF6C6F37FEC
      • GetCurrentThreadId.KERNEL32 ref: 00007FF6C6F38000
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _lock$AllocCurrentEncodePointerSleepThreadValue_initp_misc_winsig
      • String ID:
      • API String ID: 54287522-0
      • Opcode ID: b7123ba67d215fb6092044bae2c2c9933779e6912c19712fbe0f064f10f19147
      • Instruction ID: 1ba451fcd00171c6ff402a1dc2d16a1cc3cef63f30b224dcaf21ef4144fbe930
      • Opcode Fuzzy Hash: b7123ba67d215fb6092044bae2c2c9933779e6912c19712fbe0f064f10f19147
      • Instruction Fuzzy Hash: C5014B60E0960F41FB57AF75994517922939F44B32F181230D5FDC72E1EE6EE881D22A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F46FA0, Relevance: 3.1, APIs: 2, Instructions: 72COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$_getptd
      • String ID:
      • API String ID: 3432092939-0
      • Opcode ID: ff4fe4a15314d55cd44c9a9eb9755e010b3356c16205939f3b0cbbae4eff763b
      • Instruction ID: 33901329ef068eaa724347e04695c76fea976fa61dd4e726a0ffd23ecd0c6116
      • Opcode Fuzzy Hash: ff4fe4a15314d55cd44c9a9eb9755e010b3356c16205939f3b0cbbae4eff763b
      • Instruction Fuzzy Hash: D731B622A0D28582F7628F28D54037EA751FB847A5F144235EAFC87FD9DF6ED4418B08
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F40800, Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • _errno.LIBCMT ref: 00007FF6C6F40823
        • Part of subcall function 00007FF6C6F384E4: DecodePointer.KERNEL32 ref: 00007FF6C6F3850B
      • RtlAllocateHeap.NTDLL(?,?,?,?,00000000,00007FF6C6F39A93,?,?,00000000,00007FF6C6F37DF3,?,?,?,00007FF6C6F37E4F), ref: 00007FF6C6F4086C
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: AllocateDecodeHeapPointer_errno
      • String ID:
      • API String ID: 15861996-0
      • Opcode ID: 3a150d5caabfca685e044c64d3bc12d330369aec01c7c7f71b58062f87caa723
      • Instruction ID: 76cdd6d0dcf34ffb9b66f914b6f4f1bb606e151fbb327f3dd282c7a113a7120a
      • Opcode Fuzzy Hash: 3a150d5caabfca685e044c64d3bc12d330369aec01c7c7f71b58062f87caa723
      • Instruction Fuzzy Hash: 1811C421B0D24A85FF565F24E70077962936F80796F088630CABD83EC5DEBE94418648
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F408B0, Relevance: 3.0, APIs: 2, Instructions: 48COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: DecodePointer_errnorealloc
      • String ID:
      • API String ID: 1659991715-0
      • Opcode ID: 40d1447f9cb56b735b7fa2efafe4b8b5e1e93be9a069a78c3cc09aafea3fd532
      • Instruction ID: 6e711c955204f7d7d10eed279617e6e3c9a728dc449785b79304af9deacacfd8
      • Opcode Fuzzy Hash: 40d1447f9cb56b735b7fa2efafe4b8b5e1e93be9a069a78c3cc09aafea3fd532
      • Instruction Fuzzy Hash: 66014921F1D75A80FE169F26E60027DA2936F887C1B088431DFADC3F89DE7ED0118608
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F378D4, Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetEnvironmentStringsW.KERNEL32(?,?,?,00007FF6C6F36849,?,?,?,00007FF6C6F36955,?,?,?,?,?,00007FF6C6F325EC), ref: 00007FF6C6F378E8
      • FreeEnvironmentStringsW.KERNEL32(?,?,?,00007FF6C6F36849,?,?,?,00007FF6C6F36955,?,?,?,?,?,00007FF6C6F325EC), ref: 00007FF6C6F3793F
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: EnvironmentStrings$Free
      • String ID:
      • API String ID: 3328510275-0
      • Opcode ID: 28ce36d650e87c43a9e5cdd6ceeb2295ad0d0ee5a0dfc16f80b58ba6c24dd179
      • Instruction ID: 643ea17cb4ed0eada9fc8a56c3475215e4cf9f96a83dbab694bcf33b20e130a4
      • Opcode Fuzzy Hash: 28ce36d650e87c43a9e5cdd6ceeb2295ad0d0ee5a0dfc16f80b58ba6c24dd179
      • Instruction Fuzzy Hash: 5501D811F0D38985DE61AF52A54503963A2EF48BC1F484531DBEE83B49DE2DE5808309
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F33EA0, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
      Download Yara Rule
      APIs
      • _initp_misc_winsig.LIBCMT ref: 00007FF6C6F33ED9
        • Part of subcall function 00007FF6C6F387F8: EncodePointer.KERNEL32(?,?,?,?,00007FF6C6F33EEE,?,?,00000000,00007FF6C6F37FAB,?,?,00000000,00007FF6C6F33927), ref: 00007FF6C6F38803
      • EncodePointer.KERNEL32(?,?,00000000,00007FF6C6F37FAB,?,?,00000000,00007FF6C6F33927), ref: 00007FF6C6F33EF5
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: EncodePointer$_initp_misc_winsig
      • String ID:
      • API String ID: 190222155-0
      • Opcode ID: 4a98d4ad99af827c8750d7040cb2a7ed9ef8ab7550306bf797b381641462de66
      • Instruction ID: f403ec23f72ec04fba4540106b0a725a86df3b292e1cf396e9e96c2ff5df8e80
      • Opcode Fuzzy Hash: 4a98d4ad99af827c8750d7040cb2a7ed9ef8ab7550306bf797b381641462de66
      • Instruction Fuzzy Hash: E7F02811E8964F40ED4AFF6268620BD12525F96782F482030E8BF8B393DD6EE551835E
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F38024, Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: Heap$CreateInformation
      • String ID:
      • API String ID: 1774340351-0
      • Opcode ID: 3733050a6e88fbb8d062053ef85dd06d1548b4a5d7c7fbd25413876dbc148eff
      • Instruction ID: 980c5ab6b391932dc6ebb58b8fef2d36cdd58d09cf25c47d34bc96efdea1b83a
      • Opcode Fuzzy Hash: 3733050a6e88fbb8d062053ef85dd06d1548b4a5d7c7fbd25413876dbc148eff
      • Instruction Fuzzy Hash: 41E0D8B0A1578542E7499F2194057352151FB88345F805039EAAD43B84DF7DC041CA00
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F37514, Relevance: 2.6, APIs: 2, Instructions: 81COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • free.LIBCMT ref: 00007FF6C6F375FC
      • free.LIBCMT ref: 00007FF6C6F37639
        • Part of subcall function 00007FF6C6F33A28: HeapFree.KERNEL32(?,?,00000000,00007FF6C6F37E2C,?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F33A3E
        • Part of subcall function 00007FF6C6F33A28: _errno.LIBCMT ref: 00007FF6C6F33A48
        • Part of subcall function 00007FF6C6F33A28: GetLastError.KERNEL32(?,?,00000000,00007FF6C6F37E2C,?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F33A50
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$ErrorFreeHeapLast_errno
      • String ID:
      • API String ID: 1012874770-0
      • Opcode ID: e415b5c2b800d60a65acdd22561913b5507e8bdf46b5bf7b0ff8b0147edf17a3
      • Instruction ID: 1463ec4631ecddf7010e67a4d7e97bc05073ba40ecc9fccbfb57d3bf21267737
      • Opcode Fuzzy Hash: e415b5c2b800d60a65acdd22561913b5507e8bdf46b5bf7b0ff8b0147edf17a3
      • Instruction Fuzzy Hash: E2318122A0864A80EB569F29E50027933A6FF45B82F484535DAEDC3B95DF7EE451C30D
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F399F4, Relevance: 2.5, APIs: 2, Instructions: 30sleepCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • malloc.LIBCMT ref: 00007FF6C6F39A13
        • Part of subcall function 00007FF6C6F33A68: _FF_MSGBANNER.LIBCMT ref: 00007FF6C6F33A98
        • Part of subcall function 00007FF6C6F33A68: RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6C6F39A18,?,?,00000000,00007FF6C6F382E9,?,?,?,00007FF6C6F38393), ref: 00007FF6C6F33ABD
        • Part of subcall function 00007FF6C6F33A68: _errno.LIBCMT ref: 00007FF6C6F33AE1
        • Part of subcall function 00007FF6C6F33A68: _errno.LIBCMT ref: 00007FF6C6F33AEC
      • Sleep.KERNEL32(?,?,00000000,00007FF6C6F382E9,?,?,?,00007FF6C6F38393,?,?,?,?,?,?,00000000,00007FF6C6F37E18), ref: 00007FF6C6F39A2A
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$AllocateHeapSleepmalloc
      • String ID:
      • API String ID: 4275769124-0
      • Opcode ID: e56ad9ca86bcd53af0efd5e5a049cb7641f0c7afaa9fa1702f8ac1b5bb5fd424
      • Instruction ID: 6984e64895e265632406547c93e241c01d5a7165f6877bedd2922f84cb9b053c
      • Opcode Fuzzy Hash: e56ad9ca86bcd53af0efd5e5a049cb7641f0c7afaa9fa1702f8ac1b5bb5fd424
      • Instruction Fuzzy Hash: 99F0F632E0878E86EE129F16B44003DB262EB84F91F544234EAFD43B55DF3DE8928749
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F4682C, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno_getptd
      • String ID:
      • API String ID: 2021257665-0
      • Opcode ID: a71bbee57709a43b7d3bf57b8071eab6305aa7767ce688d8d0574177b21a0e0c
      • Instruction ID: 4f8c2fddae50692ad4f3ba745ce1001c9251df3c0f9afd0dfd3680dacc438c2f
      • Opcode Fuzzy Hash: a71bbee57709a43b7d3bf57b8071eab6305aa7767ce688d8d0574177b21a0e0c
      • Instruction Fuzzy Hash: 1B31B422A0878582E7628F15D54037DB761EB85BA5F284235EAEC87BD9CEBED8418704
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F456B8, Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: ByteCharMultiWide$__wtomb_environfree
      • String ID:
      • API String ID: 3717827047-0
      • Opcode ID: ef54c96346dcf029c30282142703527ad988e4bb431dda914704447c2bfc79f3
      • Instruction ID: b36042b98d0e36e2d548dfeb5685a5a3277e503d5b1fa51c072acb9522d87ea5
      • Opcode Fuzzy Hash: ef54c96346dcf029c30282142703527ad988e4bb431dda914704447c2bfc79f3
      • Instruction Fuzzy Hash: 4C114611E0D68E81FE53AF11974027952D69F45BC6F088031D9BDC7E85DE9EE4418609
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F33620, Relevance: 1.5, APIs: 1, Instructions: 16windowCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: HandleMessageModule
      • String ID:
      • API String ID: 2216695990-0
      • Opcode ID: 1a1730f39a4ca4e69405780b676626f8e3800921ed29e7f51602549e7ba76a56
      • Instruction ID: 391a1a883c9f9e614221f48fcddea008bdcffed6510c0064bc8b0e3fe257c2ac
      • Opcode Fuzzy Hash: 1a1730f39a4ca4e69405780b676626f8e3800921ed29e7f51602549e7ba76a56
      • Instruction Fuzzy Hash: F4E0D831E1868585E744EF21E9516363252FB80781F405035EAAE43F14CEBDD0508A04
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F386D0, Relevance: 1.5, APIs: 1, Instructions: 15COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • EncodePointer.KERNEL32(?,?,00000001,00007FF6C6F33C5F,?,?,00000001,00007FF6C6F339AB), ref: 00007FF6C6F386E9
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: EncodePointer
      • String ID:
      • API String ID: 2118026453-0
      • Opcode ID: 248a848f1f9c1dc392dfb65fb5eff8a535342491f906c638ff665f9bcdc7a251
      • Instruction ID: ac972b1a29f5e01677d0ba89322af10e0dcfb645daf0cd881c6db62a8e72517d
      • Opcode Fuzzy Hash: 248a848f1f9c1dc392dfb65fb5eff8a535342491f906c638ff665f9bcdc7a251
      • Instruction Fuzzy Hash: 93D02B33F1854982DB018F20F68027C23A1EB85784F588031D6AC03704DE3DD851C305
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F39B6C, Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • Sleep.KERNEL32(00000000,00000000,023E85E0,00007FF6C6F4738D), ref: 00007FF6C6F39BB8
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: Sleep_errno
      • String ID:
      • API String ID: 1068366078-0
      • Opcode ID: 28f774ad660b3f239ec59eb5075e021c9e0ef7c848656666a5e23842ee2fe05e
      • Instruction ID: 49baac21a87ef82c592e8766736d10ffae87dfd1600b4b48ef905c2e37356ddd
      • Opcode Fuzzy Hash: 28f774ad660b3f239ec59eb5075e021c9e0ef7c848656666a5e23842ee2fe05e
      • Instruction Fuzzy Hash: F801F722E0874985E6169F12B50007AB662BB44FD2F144134EEBC47B54DE3DE9808788
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F39A60, Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • Sleep.KERNEL32(?,?,00000000,00007FF6C6F37DF3,?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F39AA5
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: Sleep_errno
      • String ID:
      • API String ID: 1068366078-0
      • Opcode ID: 070eb01aa248df2bd45c3b3f83eba9cd2018183e53fbc119892e1053ba694b6b
      • Instruction ID: 204e043a1662b692197dc84fcca45951690082fb8e775f91846532ae79b17e40
      • Opcode Fuzzy Hash: 070eb01aa248df2bd45c3b3f83eba9cd2018183e53fbc119892e1053ba694b6b
      • Instruction Fuzzy Hash: 73012B32A24B4985EB468F169400039B762F788FD1F085131EEAD43B90CF3DE851CB48
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F31F10, Relevance: 1.3, APIs: 1, Instructions: 27COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free
      • String ID:
      • API String ID: 1294909896-0
      • Opcode ID: b4cd5405422bfb7b6c149535512612428fbe3e327d7ae1ad8fee52cc9ebc1492
      • Instruction ID: eecdb79da658285f72bc933aa7e26debb8daeee91f9551fa15de758250aafa32
      • Opcode Fuzzy Hash: b4cd5405422bfb7b6c149535512612428fbe3e327d7ae1ad8fee52cc9ebc1492
      • Instruction Fuzzy Hash: 6B01E47290CA8582D621DF28E44036AB7A2FBC9399F100235F6DC83AA9CF7DD5548B05
      Uniqueness

      Uniqueness Score: -1.00%

      Non-executed Functions

      Function 00007FF6C6F4094C, Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 468COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: __doserrno_errno
      • String ID: U
      • API String ID: 921712934-4171548499
      • Opcode ID: 4ff929d15d2477ac321ab4e51f47354186fe63010a99dcf498c3047be3f2d256
      • Instruction ID: 5f53003e21c75ccce760d7cb5e8d5f107984cbf9090a47fcfe693145f2a8efad
      • Opcode Fuzzy Hash: 4ff929d15d2477ac321ab4e51f47354186fe63010a99dcf498c3047be3f2d256
      • Instruction Fuzzy Hash: E9121522A1C64B86EB228F24E14437A7762FB84745F044135DAED83F95DFBEE449CB18
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3FC90, Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 130libraryloaderCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • LoadLibraryA.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FCCD
      • GetProcAddress.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FCE9
      • GetProcAddress.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FD11
      • EncodePointer.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FD1A
      • GetProcAddress.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FD30
      • EncodePointer.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FD39
      • GetProcAddress.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FD4F
      • EncodePointer.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FD58
      • GetProcAddress.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FD76
      • EncodePointer.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FD7F
      • DecodePointer.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FDB1
      • DecodePointer.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FDC0
      • DecodePointer.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FE18
      • DecodePointer.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FE38
      • DecodePointer.KERNEL32(?,?,00000000,?,00000000,000000FC,00000000,00007FF6C6F370F8,?,?,?,?,00000000,00007FF6C6F3718C), ref: 00007FF6C6F3FE51
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: Pointer$AddressDecodeProc$Encode$LibraryLoad
      • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
      • API String ID: 3085332118-232180764
      • Opcode ID: 1d93ecc68f554e04bdaf65efe74ad38e5abb5af4490d683007b3ad6cb3c9afab
      • Instruction ID: e884acdb416d7fe7c66c16580ad4bff25a0fbc188bc2993347dcfe949403f617
      • Opcode Fuzzy Hash: 1d93ecc68f554e04bdaf65efe74ad38e5abb5af4490d683007b3ad6cb3c9afab
      • Instruction Fuzzy Hash: 6C511C20A0EB5F80FE56EF56A91417822D26F44B82F444835DDBDC3B96EE7EE4428219
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F44D8C, Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 378COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$ByteCharMultiWide_errno$EnvironmentVariable$DecodeErrorLastPointerSleep__mbtow_environ
      • String ID: PATH
      • API String ID: 3366669060-1036084923
      • Opcode ID: bff926f39773a72747324f376fb3ed372db21cf63646ec9755756b9c95eaa03e
      • Instruction ID: 59c6bd24cf0ef57b046f43f23f11b666ed9f71daa4c62727b6b500e980644c14
      • Opcode Fuzzy Hash: bff926f39773a72747324f376fb3ed372db21cf63646ec9755756b9c95eaa03e
      • Instruction Fuzzy Hash: 09E1D431A0D64A41EB66EF25A64013A72D3FF84796F504534DAFED7F85EEBEA4408308
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F41518, Relevance: 28.9, APIs: 19, Instructions: 377COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: String$free$ByteCharMultiWidemalloc$ErrorLast
      • String ID:
      • API String ID: 1837315383-0
      • Opcode ID: 0a85e11711928d378cbb609f8a470e95faf3aa06bf991e71fe22a8672c89bfa7
      • Instruction ID: abc3b4f0971bbd26082ac78ea493606553747e0085edc07e6bf6464b1552db46
      • Opcode Fuzzy Hash: 0a85e11711928d378cbb609f8a470e95faf3aa06bf991e71fe22a8672c89bfa7
      • Instruction Fuzzy Hash: FDF11732A086898AE722CF25D5001BD7792FB4479AF144234DABD93FD4DFBEE9409708
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3DC94, Relevance: 24.0, APIs: 6, Strings: 7, Instructions: 1237COMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: DecodePointer_errno
      • String ID: *$F$I$L$N$h$w
      • API String ID: 3485708101-1147943917
      • Opcode ID: 04c87f6898ee3bda7fba989e0a89fdac9052d36863b4be1b16411cfc8572b701
      • Instruction ID: d0b8028fc8d42bb6d2471836ad16f25aeef3bd5dba88b131596e386efc272bd4
      • Opcode Fuzzy Hash: 04c87f6898ee3bda7fba989e0a89fdac9052d36863b4be1b16411cfc8572b701
      • Instruction Fuzzy Hash: 52B20B6690C68A86EB729F14904027E77A2FF80785F540136E7DD87B95DF3ED841CB0A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F46474, Relevance: 18.1, APIs: 12, Instructions: 115memoryfileCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$Heap$ErrorFileLastProcess__doserrno$AllocFreePointer
      • String ID:
      • API String ID: 3112900366-0
      • Opcode ID: 072ca6f3b166f9df5e542a363f15d2722490eaf1119615306fd4483e680ebf09
      • Instruction ID: 1c34791e07e800b208b78be5c6587e7733e6ac806861d84a71c297d390b3b2c2
      • Opcode Fuzzy Hash: 072ca6f3b166f9df5e542a363f15d2722490eaf1119615306fd4483e680ebf09
      • Instruction Fuzzy Hash: 40411621B18A5A45EA16AF39DB0417D2283AF45BF2F040330D9BD87BD6DEBEE445C209
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F38EE4, Relevance: 15.7, APIs: 10, Instructions: 726COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: DecodePointer$write_multi_char$_errno_getptdfreewrite_char
      • String ID:
      • API String ID: 2334620807-0
      • Opcode ID: d69f8d7bd9c6f19685121c1cd0dcd30b8878e6ab109697d1284962c48b5d94ef
      • Instruction ID: e43899cbdcae323fbbddf2c53a6f99092ec61992ac02f2c8d9a0093eadce34f3
      • Opcode Fuzzy Hash: d69f8d7bd9c6f19685121c1cd0dcd30b8878e6ab109697d1284962c48b5d94ef
      • Instruction Fuzzy Hash: EB52D732A0C68A86EB628F15D44427E67A2FB41782F145036D7EDC76D4EE7FE840CB46
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F46300, Relevance: 15.1, APIs: 10, Instructions: 106COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: __doserrno_errno
      • String ID:
      • API String ID: 921712934-0
      • Opcode ID: 1e4598dee6a357aea2a2a5b534fe70123c4abc1340a452faba74e4e6b75eee02
      • Instruction ID: e09982d6c851f35339bfcbb7302e030ed43f982881678e5196eb45c8077a1ec2
      • Opcode Fuzzy Hash: 1e4598dee6a357aea2a2a5b534fe70123c4abc1340a452faba74e4e6b75eee02
      • Instruction Fuzzy Hash: 9E412632A1829A81E712AF35D95213D3552BF80361F518234EABC87BD3CE7EE4418718
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F36F30, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 137fileCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetModuleFileNameA.KERNEL32(?,?,?,?,00000000,00007FF6C6F3718C,?,?,?,?,00007FF6C6F33A9D,?,?,00000000,00007FF6C6F39A18), ref: 00007FF6C6F36FF3
      • GetStdHandle.KERNEL32(?,?,?,?,00000000,00007FF6C6F3718C,?,?,?,?,00007FF6C6F33A9D,?,?,00000000,00007FF6C6F39A18), ref: 00007FF6C6F370FF
      • WriteFile.KERNEL32 ref: 00007FF6C6F37139
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: File$HandleModuleNameWrite
      • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
      • API String ID: 3784150691-4022980321
      • Opcode ID: 4859dd3b15ca44b4914ec39d5dd938afb070b33adea7dafd62e9f0a1873d9d6b
      • Instruction ID: 2a1189b6948b91cc6fce9b1a2e92864f08f70a44ca1d2517a51df54d2f534882
      • Opcode Fuzzy Hash: 4859dd3b15ca44b4914ec39d5dd938afb070b33adea7dafd62e9f0a1873d9d6b
      • Instruction Fuzzy Hash: FF51D162B1864B41FB22DF25AA6177A2253AF85386F404135DEFDC3AD1CF7EE005820E
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F43870, Relevance: 12.2, APIs: 8, Instructions: 228COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno
      • String ID:
      • API String ID: 2918714741-0
      • Opcode ID: a4dc2269901a5651ad8dcfc2262e9c7bfb0408b2b445ea56c7cf33b6f06dfa48
      • Instruction ID: 2666ed596c5a02534b821db78721fc75992373d691e610060ae54083258a4a6f
      • Opcode Fuzzy Hash: a4dc2269901a5651ad8dcfc2262e9c7bfb0408b2b445ea56c7cf33b6f06dfa48
      • Instruction Fuzzy Hash: 6A91C923A0CA8A85EA718F12A64023DA7A6FB41761F144635D7FD93ED4CFFED4418B09
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F40134, Relevance: 12.1, APIs: 8, Instructions: 136COMMON
      Download Yara Rule
      APIs
      • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6C6F4035E), ref: 00007FF6C6F4018E
      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6C6F4035E), ref: 00007FF6C6F401A0
      • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6C6F4035E), ref: 00007FF6C6F401EB
      • malloc.LIBCMT ref: 00007FF6C6F40250
        • Part of subcall function 00007FF6C6F33A68: _FF_MSGBANNER.LIBCMT ref: 00007FF6C6F33A98
        • Part of subcall function 00007FF6C6F33A68: RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6C6F39A18,?,?,00000000,00007FF6C6F382E9,?,?,?,00007FF6C6F38393), ref: 00007FF6C6F33ABD
        • Part of subcall function 00007FF6C6F33A68: _errno.LIBCMT ref: 00007FF6C6F33AE1
        • Part of subcall function 00007FF6C6F33A68: _errno.LIBCMT ref: 00007FF6C6F33AEC
      • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6C6F4035E), ref: 00007FF6C6F4027D
      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6C6F4035E), ref: 00007FF6C6F402B7
      • free.LIBCMT ref: 00007FF6C6F402CB
      • GetLocaleInfoA.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6C6F4035E), ref: 00007FF6C6F402E1
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: InfoLocale$_errno$AllocateByteCharErrorHeapLastMultiWidefreemalloc
      • String ID:
      • API String ID: 4202622830-0
      • Opcode ID: 333305acf3de38dad2a5cea814540686be6389dd6796037158923790addd2d0b
      • Instruction ID: bd5d83c002a2e545c41212674133bda87b802dbaf3dde650332ba770a6158168
      • Opcode Fuzzy Hash: 333305acf3de38dad2a5cea814540686be6389dd6796037158923790addd2d0b
      • Instruction Fuzzy Hash: 3D510C32A0864A86EB529F559A4057D3393FF447A9F540535DABE93FC4CFBEE9408308
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F36A00, Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
      • String ID:
      • API String ID: 3778485334-0
      • Opcode ID: 294248248e6ea2dcecfaaa187076693cccc5f5fd0778115a3d887ecf26f98c3d
      • Instruction ID: 25b33b1365123dce388c22d6b852497f14c4706b46982f3f87fa96c3400aca7e
      • Opcode Fuzzy Hash: 294248248e6ea2dcecfaaa187076693cccc5f5fd0778115a3d887ecf26f98c3d
      • Instruction Fuzzy Hash: 7631F435909B4A85EB129F14F94437973A2FB84356F508036EAED83B65DFBEE0458B08
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F4364C, Relevance: 10.6, APIs: 7, Instructions: 138COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$ByteCharErrorLastMultiWide
      • String ID:
      • API String ID: 3895584640-0
      • Opcode ID: b8ea9136630ce5355403cf0952ac0ae887c7ef490093564d9e0ed85c7c7c59ac
      • Instruction ID: 339c0140cbb5065f8b22f276f51b361fe911c55426ae3505d077cf3c96d4a6f2
      • Opcode Fuzzy Hash: b8ea9136630ce5355403cf0952ac0ae887c7ef490093564d9e0ed85c7c7c59ac
      • Instruction Fuzzy Hash: EA51D663A0C2CA85E7729F26E10067DB692AB81762F148135D7ECC3FC5CEEDD8418B09
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F383BC, Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
      • String ID:
      • API String ID: 1269745586-0
      • Opcode ID: 8d1a731cf550170dd24023532b3d158d1858887a524fe41fb85e4e670e14f1fa
      • Instruction ID: e1931684d6e89aae0bd24bddcf632f5a07693bc183080d17e040e56cfa17f74c
      • Opcode Fuzzy Hash: 8d1a731cf550170dd24023532b3d158d1858887a524fe41fb85e4e670e14f1fa
      • Instruction Fuzzy Hash: 5B312D32608B8A82EB259F54F4403AEB3A5FB88745F500136DBED83A55EF7DD144CB04
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3C0A8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetLocaleInfoA.KERNEL32(?,?,?,?,00000000,00007FF6C6F3C93C,?,?,?,?,00000000,00007FF6C6F34FD8), ref: 00007FF6C6F3C103
      • GetLocaleInfoA.KERNEL32(?,?,?,?,00000000,00007FF6C6F3C93C,?,?,?,?,00000000,00007FF6C6F34FD8), ref: 00007FF6C6F3C145
      • GetACP.KERNEL32(?,?,?,?,00000000,00007FF6C6F3C93C,?,?,?,?,00000000,00007FF6C6F34FD8), ref: 00007FF6C6F3C168
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: InfoLocale
      • String ID: ACP$OCP
      • API String ID: 2299586839-711371036
      • Opcode ID: c3cd847921d65e5be7eea410fe7bcdc4f9f5d37c501c10a2afb6f592cef33a52
      • Instruction ID: 423dc255110c9dd06869f327eafe9344e42b1058ccc0ed39cf1eddb2e73c2f96
      • Opcode Fuzzy Hash: c3cd847921d65e5be7eea410fe7bcdc4f9f5d37c501c10a2afb6f592cef33a52
      • Instruction Fuzzy Hash: 4221A431B4854F91FA22AF20E96017967A2BF44786F444030CAEDC7AA5EF6EF504C709
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F38070, Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
      • String ID:
      • API String ID: 1445889803-0
      • Opcode ID: 0e0b0daf2d3464fe0f2eb59402f8c4a834a875576d0d347859fd9322bf69f5c9
      • Instruction ID: 2826b855946a98c396481a55499aff70abc88989ee6ae98defc7cfa0ba8fe9b8
      • Opcode Fuzzy Hash: 0e0b0daf2d3464fe0f2eb59402f8c4a834a875576d0d347859fd9322bf69f5c9
      • Instruction Fuzzy Hash: 6701C822619A0D91F7418F21E9502752361FB44B92F447531DEFE87B54CF7ED9848304
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3C348, Relevance: 6.2, APIs: 4, Instructions: 152COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: InfoLocale$_getptd
      • String ID:
      • API String ID: 1743167714-0
      • Opcode ID: 3e4fd66511ad2bd683acb56c593ffb1c6717a694d8daae11eb80987bd1e6ffc0
      • Instruction ID: 327d6ab031bad583d637f555fbb72f14883b1c995db1d4425221f8ddddedab14
      • Opcode Fuzzy Hash: 3e4fd66511ad2bd683acb56c593ffb1c6717a694d8daae11eb80987bd1e6ffc0
      • Instruction Fuzzy Hash: DE618172B48A8A97EA6A9E25C9543FD7392FB88346F400136C7ADC7684CF3DE4648705
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3654C, Relevance: 4.6, APIs: 3, Instructions: 94COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$DecodePointer
      • String ID:
      • API String ID: 2310398763-0
      • Opcode ID: 7d0b1b20ad0c120295f1c780292606717f18c58f6ae3647ab39b5b96c40ae609
      • Instruction ID: 97be879036022c6714848a9fb09ce74da81f20c5b6599929ccccf4ef6a913da8
      • Opcode Fuzzy Hash: 7d0b1b20ad0c120295f1c780292606717f18c58f6ae3647ab39b5b96c40ae609
      • Instruction Fuzzy Hash: E3312935B1C64A82F6729F25A51143F6143BF4139AF104134EAEDCBB85CE3EE4558B0A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3FF30, Relevance: 4.5, APIs: 3, Instructions: 35COMMON
      Download Yara Rule
      APIs
      • RtlCaptureContext.KERNEL32 ref: 00007FF6C6F3FF6F
      • SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6C6F3FFB5
      • UnhandledExceptionFilter.KERNEL32 ref: 00007FF6C6F3FFC0
        • Part of subcall function 00007FF6C6F36F30: GetModuleFileNameA.KERNEL32(?,?,?,?,00000000,00007FF6C6F3718C,?,?,?,?,00007FF6C6F33A9D,?,?,00000000,00007FF6C6F39A18), ref: 00007FF6C6F36FF3
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: ExceptionFilterUnhandled$CaptureContextFileModuleName
      • String ID:
      • API String ID: 2731829486-0
      • Opcode ID: e88a5ea4125f983a330b36214773acc992e49d69ae17c0b8fea59f736f1f8ed2
      • Instruction ID: 9bba4d2e2a1816a579b36456a650b36427e2d327a6910ac9c68fb84aa6ab8805
      • Opcode Fuzzy Hash: e88a5ea4125f983a330b36214773acc992e49d69ae17c0b8fea59f736f1f8ed2
      • Instruction Fuzzy Hash: 7201842161DA8E41F6669F60F4143BA7392FF85306F000235EAEE87AD5DF6EE504C70A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3C5DC, Relevance: 3.1, APIs: 2, Instructions: 64COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: InfoLocale_getptd
      • String ID:
      • API String ID: 3731964398-0
      • Opcode ID: 132a7dd22cf8e5d1321647df7149a58a330ccb138cef8f5b31d0df4a95e2c780
      • Instruction ID: 53e50ae66f2671a10acf2708211d5a099955bc320a084450feef7c70bd10e02b
      • Opcode Fuzzy Hash: 132a7dd22cf8e5d1321647df7149a58a330ccb138cef8f5b31d0df4a95e2c780
      • Instruction Fuzzy Hash: B121C132B086CA96EB2A9F22D9103F97392FB89346F005035CBADC7281DF3DE4648605
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3C1AC, Relevance: 3.1, APIs: 2, Instructions: 56COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: InfoLocale_getptd
      • String ID:
      • API String ID: 3731964398-0
      • Opcode ID: 27bf1438532f6ff03f7f41338c943cd1d1bdb66fcb0791caa3c924ca9cd62dab
      • Instruction ID: 4a4e1b9b244ea7e810f3f57f2084d014a4856060c30a952e370845eae7157a5e
      • Opcode Fuzzy Hash: 27bf1438532f6ff03f7f41338c943cd1d1bdb66fcb0791caa3c924ca9cd62dab
      • Instruction Fuzzy Hash: 3B21C232B0868996EB29CF60D5553EA73A2F788B81F405131DAAD87744CF3EE454C744
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3C294, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: InfoLocale
      • String ID:
      • API String ID: 2299586839-0
      • Opcode ID: 57102eb5d20e823e1519ba91753b0142f498755b6d63a9952598f5a4c74cc382
      • Instruction ID: 025e68705d5396d409cce190b0db2b15fac7a7f37207eb1a8fc395881af5ae77
      • Opcode Fuzzy Hash: 57102eb5d20e823e1519ba91753b0142f498755b6d63a9952598f5a4c74cc382
      • Instruction Fuzzy Hash: 7311EB33A4868F49EB326F75D4613BD1352EB44785F440031DBEEC7686CE2EE546820A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3C6EC, Relevance: 1.5, APIs: 1, Instructions: 46COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • EnumSystemLocalesA.KERNEL32(?,?,00000140,00007FF6C6F3C8BE,?,?,?,?,00000000,00007FF6C6F34FD8), ref: 00007FF6C6F3C73C
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: EnumLocalesSystem
      • String ID:
      • API String ID: 2099609381-0
      • Opcode ID: 92816945e2fec6512b4728e887fd2165526d1921799207029cb566ac91c026f9
      • Instruction ID: bc0bdbb0e857971f3b456679bfec19a6f80fd26b5818219b05682813f48be494
      • Opcode Fuzzy Hash: 92816945e2fec6512b4728e887fd2165526d1921799207029cb566ac91c026f9
      • Instruction Fuzzy Hash: EB118272A4860D8AFB1A9F31C0253793292FB54B4AF044435CAAD83285CF7DD5A4868A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3C780, Relevance: 1.5, APIs: 1, Instructions: 35COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • EnumSystemLocalesA.KERNEL32(?,?,00000140,00007FF6C6F3C886,?,?,?,?,00000000,00007FF6C6F34FD8), ref: 00007FF6C6F3C7B5
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: EnumLocalesSystem
      • String ID:
      • API String ID: 2099609381-0
      • Opcode ID: c5fb755275880c70d477dd755342e0c44e9ff4b6ba81483ce6298fa39fd63029
      • Instruction ID: 8f8ab6c3b3a48b1f46078a7f023bd99bfa5b322141f56db32220260e9511d5a5
      • Opcode Fuzzy Hash: c5fb755275880c70d477dd755342e0c44e9ff4b6ba81483ce6298fa39fd63029
      • Instruction Fuzzy Hash: FDF0F462E4890E4AF7168E31D4353B92393AB80B06F188031CAAD832C6CF7ED591820A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F400D8, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: InfoLocale_getptd
      • String ID:
      • API String ID: 3731964398-0
      • Opcode ID: eb61ac9f7c34bb9e87256369d4af9d7af7afb46eff3103d38e234148170a4c4d
      • Instruction ID: 1af602ee9e473ceb5e348c798bb0bfe139398ab8159dc9b27ba2da71cfb1d7e8
      • Opcode Fuzzy Hash: eb61ac9f7c34bb9e87256369d4af9d7af7afb46eff3103d38e234148170a4c4d
      • Instruction Fuzzy Hash: DDF0B422A1868483D7118B05F40406AA761F7C4BE0F584220EAAD57B99CE6CC8418B04
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F42AA0, Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: InfoLocale
      • String ID:
      • API String ID: 2299586839-0
      • Opcode ID: bdbe706b0a2bb25a261b57c8222e226aa5ff7f36dce98d23560cfd8266eaf711
      • Instruction ID: afdc6ecc68c0253a72c24fb8bde2421e857268e0c9274c73e818682555348a37
      • Opcode Fuzzy Hash: bdbe706b0a2bb25a261b57c8222e226aa5ff7f36dce98d23560cfd8266eaf711
      • Instruction Fuzzy Hash: 51E06C61B1C58581F6319B10D51127A2752EF58759F800231D9ED87A95DE6DD1418704
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F36F18, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: ExceptionFilterUnhandled
      • String ID:
      • API String ID: 3192549508-0
      • Opcode ID: 57a8ea4ea7cf2b3958af0f0628e86b4596a0c983b14863412ee4e1df305efdd6
      • Instruction ID: 6c050adc1998ee5cc92abcd1f36a787d1541b8621c8abcdb1f17f5da22754cf0
      • Opcode Fuzzy Hash: 57a8ea4ea7cf2b3958af0f0628e86b4596a0c983b14863412ee4e1df305efdd6
      • Instruction Fuzzy Hash: 91B09210E2A50AC1D605AF21DD8606412A16B68312FC00430C26DC3520EEAD959A8718
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F42070, Relevance: .2, Instructions: 202COMMONLIBRARYCODE
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: f1663c57a7fe0ae7ccf6371ea137dc6896b28bfae64ece0ef38731e82d03764d
      • Instruction ID: 39fdff3195257bb06e3c900f175ed0b23261e0bc67528d8bcdc0d8718bc9b6af
      • Opcode Fuzzy Hash: f1663c57a7fe0ae7ccf6371ea137dc6896b28bfae64ece0ef38731e82d03764d
      • Instruction Fuzzy Hash: 6771E272F1C14A4BE31D8F18DA4167866D7E7E4306F489036DA9DCBF94EE7AEA008604
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3A6F4, Relevance: 53.8, APIs: 43, Instructions: 94COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$ErrorFreeHeapLast_errno
      • String ID:
      • API String ID: 1012874770-0
      • Opcode ID: ceb0a351ede683f57604ec992d06b2fd3cc5d871eff94823fad2b1ca851a9998
      • Instruction ID: 7e8e4470c1c8ef0d39af8f3e2782f4eedfc7d1c774d638436aaf4237c57e1bb5
      • Opcode Fuzzy Hash: ceb0a351ede683f57604ec992d06b2fd3cc5d871eff94823fad2b1ca851a9998
      • Instruction Fuzzy Hash: 1741D627A2448990EE42FF31D4512BC1326AFC5F47F445431FBADEB1A7CE55D8419316
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F45B80, Relevance: 30.5, APIs: 20, Instructions: 485COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: __doserrno_errno
      • String ID:
      • API String ID: 921712934-0
      • Opcode ID: a96054e113d08fdb33e306ec23310197f431bbd3992d752558d6e1544d851584
      • Instruction ID: a06e2dc96ef015afdf1a858038fe17ad0352b538aca48a1053ac829764149f92
      • Opcode Fuzzy Hash: a96054e113d08fdb33e306ec23310197f431bbd3992d752558d6e1544d851584
      • Instruction Fuzzy Hash: A7221822A0D6CA81EB63AF14D5842BC2A93BF41755F544531DAFE83FC5CEAEE445C30A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F37E68, Relevance: 18.1, APIs: 12, Instructions: 82COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$_lock$ErrorFreeHeapLast_errno
      • String ID:
      • API String ID: 1575098132-0
      • Opcode ID: f8afcf7035aa9411a6b822ef96bd34a7bdc5dd0887c6c2965ef470a85a2fd555
      • Instruction ID: c6619ffbffdcb2622e7c2ab391d45f3cf9243936b65571de91d501a4a14a86cc
      • Opcode Fuzzy Hash: f8afcf7035aa9411a6b822ef96bd34a7bdc5dd0887c6c2965ef470a85a2fd555
      • Instruction Fuzzy Hash: 40318F16B0A64A45FE56EF6190513BC2357AF81B43F441530EAAEC76C6CF1EE840935E
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3B028, Relevance: 15.3, APIs: 10, Instructions: 253COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$ErrorInfoLast
      • String ID:
      • API String ID: 189849726-0
      • Opcode ID: 37fd411cafc51dd6ae77dc9437cce5f96e4dce761e921224bd1d49a429c84a87
      • Instruction ID: a04c2b0edb27876e5eb1b487f9f98011bf9ab5add3268d52191419f9815ede40
      • Opcode Fuzzy Hash: 37fd411cafc51dd6ae77dc9437cce5f96e4dce761e921224bd1d49a429c84a87
      • Instruction Fuzzy Hash: 78B1DE32A086D686EB22CF25E4502AD77A6FB88B45F844136EBECC7781DF3AD441C705
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F42AF4, Relevance: 15.2, APIs: 10, Instructions: 177COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6C6F42B4A
      • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6C6F42B69
      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6C6F42C0E
      • malloc.LIBCMT ref: 00007FF6C6F42C25
      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6C6F42C6D
      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6C6F42CA8
      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6C6F42CE4
      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6C6F42D24
      • free.LIBCMT ref: 00007FF6C6F42D32
      • free.LIBCMT ref: 00007FF6C6F42D54
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: ByteCharMultiWide$Infofree$malloc
      • String ID:
      • API String ID: 1309074677-0
      • Opcode ID: 722f9fd91d5f463c635a3d5f6fcd1896b878e897b4ff861ca9f62c2f82444a75
      • Instruction ID: 2f27e0851bed24aaa27929d24a880a6fc7b0a7efbe28c4b4dee0cdc2ef106e83
      • Opcode Fuzzy Hash: 722f9fd91d5f463c635a3d5f6fcd1896b878e897b4ff861ca9f62c2f82444a75
      • Instruction Fuzzy Hash: F0611632A0C68A86EB228F15994017962E7FF447A6F144631DABDC7FD4CFBED5818308
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F35AEC, Relevance: 15.1, APIs: 10, Instructions: 108COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$FullNamePath__doserrno
      • String ID:
      • API String ID: 46980266-0
      • Opcode ID: 7d2cc5d7812354785611953985e6148ff6c9e9de23567e27ea527d31c8c91bd5
      • Instruction ID: b38d64b76e446bb0209d409e0310eb6b47655010f7797aa70d367f5b77a992aa
      • Opcode Fuzzy Hash: 7d2cc5d7812354785611953985e6148ff6c9e9de23567e27ea527d31c8c91bd5
      • Instruction Fuzzy Hash: 7B418012A1824E81FA635F60D44127D6293BFC4756F545031EAEECB795DE3EE840C71E
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3D468, Relevance: 15.1, APIs: 10, Instructions: 92COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$FullNamePathfree$ErrorLastcalloc
      • String ID:
      • API String ID: 1092050825-0
      • Opcode ID: 60149821ea5855547ab7a057b4be9b314ba054b9493587547247c09cee0ad84a
      • Instruction ID: 23c9d210709a09b436e0a91ed586447c5b39ba8084a7ae5d805737550cc37856
      • Opcode Fuzzy Hash: 60149821ea5855547ab7a057b4be9b314ba054b9493587547247c09cee0ad84a
      • Instruction Fuzzy Hash: 8331B815E1925E81FA626F69E40017D62C3AF84B96F144031DAFEC37C5CD7EA441922F
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F346B4, Relevance: 13.8, APIs: 11, Instructions: 90COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$ErrorFreeHeapLast_errno
      • String ID:
      • API String ID: 1012874770-0
      • Opcode ID: 697ee04297b807d0f0c1a743fefd7eb6bbff9d3d426448245321a28f7307c1f7
      • Instruction ID: 21e87a0d347bcabd17c2654646928ff955ef733530b109ae7a88b4f771c759b1
      • Opcode Fuzzy Hash: 697ee04297b807d0f0c1a743fefd7eb6bbff9d3d426448245321a28f7307c1f7
      • Instruction Fuzzy Hash: F6414036A1A58A84EF56DF21C4503BC2396EF45B47F040431EAEDCB6D5CF6EA8818316
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3CBF8, Relevance: 13.7, APIs: 9, Instructions: 173COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetStringTypeW.KERNEL32(?,?,?,?,00000000,0000000A,00000008,00007FF6C6F3CECA), ref: 00007FF6C6F3CC58
      • GetLastError.KERNEL32(?,?,?,?,00000000,0000000A,00000008,00007FF6C6F3CECA), ref: 00007FF6C6F3CC6A
      • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,0000000A,00000008,00007FF6C6F3CECA), ref: 00007FF6C6F3CCCA
      • malloc.LIBCMT ref: 00007FF6C6F3CD36
      • MultiByteToWideChar.KERNEL32(?,?,?,?,00000000,0000000A,00000008,00007FF6C6F3CECA), ref: 00007FF6C6F3CD80
      • GetStringTypeW.KERNEL32(?,?,?,?,00000000,0000000A,00000008,00007FF6C6F3CECA), ref: 00007FF6C6F3CD97
      • free.LIBCMT ref: 00007FF6C6F3CDA8
      • GetStringTypeA.KERNEL32(?,?,?,?,00000000,0000000A,00000008,00007FF6C6F3CECA), ref: 00007FF6C6F3CE25
      • free.LIBCMT ref: 00007FF6C6F3CE35
        • Part of subcall function 00007FF6C6F42AF4: GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6C6F42B4A
        • Part of subcall function 00007FF6C6F42AF4: GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6C6F42B69
        • Part of subcall function 00007FF6C6F42AF4: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6C6F42C6D
        • Part of subcall function 00007FF6C6F42AF4: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,?,00000000,?,00000000,?), ref: 00007FF6C6F42CA8
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: ByteCharMultiWide$StringType$Infofree$ErrorLastmalloc
      • String ID:
      • API String ID: 3804003340-0
      • Opcode ID: ca3837d9676ca9c6949ec9740481654c6b0cc80d705b1a1472469707800d0257
      • Instruction ID: a9cb31b2f3a8fe66fc22f093dc8b7dbe21ed3809e14f8e8c7d5ddd17de913150
      • Opcode Fuzzy Hash: ca3837d9676ca9c6949ec9740481654c6b0cc80d705b1a1472469707800d0257
      • Instruction Fuzzy Hash: 0E61E432B4868A86EB229F25D5504783B93FB44BE5B140235EEBD93BD4CE7EE8418345
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F332F0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errnomallocrealloc
      • String ID: %s%c%s
      • API String ID: 1851400379-2756932909
      • Opcode ID: 68a06ff830aed0209863df8710137a73456ab97b94e79bc4a37cef9557a98986
      • Instruction ID: 6e4faad80308ef069862a25f9f6141414362880a07f676d0ea7364bd72323207
      • Opcode Fuzzy Hash: 68a06ff830aed0209863df8710137a73456ab97b94e79bc4a37cef9557a98986
      • Instruction Fuzzy Hash: 9861182260DAC985EA71CF19E4813AEB3A1FB84781F104132EBDD87BA9DF6DD444CB05
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F410AC, Relevance: 12.1, APIs: 8, Instructions: 89COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: __doserrno_errno
      • String ID:
      • API String ID: 921712934-0
      • Opcode ID: 93c1dc8c4c97c4ab3ac1c81edadba6cb88abea897e6b1b3bee3be5b6a9d37608
      • Instruction ID: b477ca832c981a6dd6f87286a9636d2c19b977ff07b240ebba3e921131614bc9
      • Opcode Fuzzy Hash: 93c1dc8c4c97c4ab3ac1c81edadba6cb88abea897e6b1b3bee3be5b6a9d37608
      • Instruction Fuzzy Hash: 1C312432A1868A81E7139F25ED4123D3656BFC0761F214630EABD87BD2CEBED442971C
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F4138C, Relevance: 12.1, APIs: 8, Instructions: 89COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: __doserrno_errno
      • String ID:
      • API String ID: 921712934-0
      • Opcode ID: d2413592a799a71a90b66b24d24142031a5c85a30999cea13f508ec6782928b4
      • Instruction ID: affc2d1ad0620f507dea18f93fc83c17026185b4be4d0879a7eaff1776b9f6d5
      • Opcode Fuzzy Hash: d2413592a799a71a90b66b24d24142031a5c85a30999cea13f508ec6782928b4
      • Instruction Fuzzy Hash: 78312432A0868A81E713DF21E94123D2512BB817B5F214331EEBD87BD2CE7ED4429718
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3DA20, Relevance: 12.1, APIs: 8, Instructions: 79COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: __doserrno_errno
      • String ID:
      • API String ID: 921712934-0
      • Opcode ID: 23574dfab6ab80e158a865db2a714f61726ff419ec4cb443f513d51c8c3cde67
      • Instruction ID: 3ee373daaf8179923e066a704198122af6f76d2fe02439dfe68426639c23148a
      • Opcode Fuzzy Hash: 23574dfab6ab80e158a865db2a714f61726ff419ec4cb443f513d51c8c3cde67
      • Instruction Fuzzy Hash: 1531A43290868A85E7139F35E94113D2592BF80721F548635EABD87BD2CE7ED4418729
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F458CC, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 195COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$_getptd
      • String ID: +$-$0$0
      • API String ID: 3432092939-699404926
      • Opcode ID: 10033543220eb3e4309f04d8df9f6409899ccd7a08e5ec7c320dfe56c4eb2f84
      • Instruction ID: 0286b523e0ca2029b53c555a7638c92c15e3d4c32af4360ae54ddf43fc22fe6d
      • Opcode Fuzzy Hash: 10033543220eb3e4309f04d8df9f6409899ccd7a08e5ec7c320dfe56c4eb2f84
      • Instruction Fuzzy Hash: B5712722D1C68E45FBB76E15C64537A2693AF40766F154132CAFE83AC4DEAFE840C319
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F411E0, Relevance: 10.6, APIs: 7, Instructions: 79COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno
      • String ID:
      • API String ID: 2918714741-0
      • Opcode ID: 23ef31ce8a75920ceaac06aef46eb4bafbb2e813bad55bacb939581e1d39336a
      • Instruction ID: abd2b7c92ef5a58e995ea6d57b1deae1ec997f803f682e6f8d0603b9319b2d3a
      • Opcode Fuzzy Hash: 23ef31ce8a75920ceaac06aef46eb4bafbb2e813bad55bacb939581e1d39336a
      • Instruction Fuzzy Hash: 8E31D822F1868A41F7239F65DA4537D26536F82362F144238E6BDC7AD2CEBEE500961C
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F38288, Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • _FF_MSGBANNER.LIBCMT ref: 00007FF6C6F382AF
        • Part of subcall function 00007FF6C6F36F30: GetModuleFileNameA.KERNEL32(?,?,?,?,00000000,00007FF6C6F3718C,?,?,?,?,00007FF6C6F33A9D,?,?,00000000,00007FF6C6F39A18), ref: 00007FF6C6F36FF3
        • Part of subcall function 00007FF6C6F33B8C: ExitProcess.KERNEL32 ref: 00007FF6C6F33B9B
        • Part of subcall function 00007FF6C6F399F4: malloc.LIBCMT ref: 00007FF6C6F39A13
        • Part of subcall function 00007FF6C6F399F4: Sleep.KERNEL32(?,?,00000000,00007FF6C6F382E9,?,?,?,00007FF6C6F38393,?,?,?,?,?,?,00000000,00007FF6C6F37E18), ref: 00007FF6C6F39A2A
      • _errno.LIBCMT ref: 00007FF6C6F382F1
      • _lock.LIBCMT ref: 00007FF6C6F38305
      • free.LIBCMT ref: 00007FF6C6F38327
      • _errno.LIBCMT ref: 00007FF6C6F3832C
      • LeaveCriticalSection.KERNEL32(?,?,?,00007FF6C6F38393,?,?,?,?,?,?,00000000,00007FF6C6F37E18,?,?,?,00007FF6C6F37E4F), ref: 00007FF6C6F38352
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$CriticalExitFileLeaveModuleNameProcessSectionSleep_lockfreemalloc
      • String ID:
      • API String ID: 1024173049-0
      • Opcode ID: 4d04a333a7ee11d257e8f783972cab6ea25ea148697972bacd9eac67d5f7f4e2
      • Instruction ID: c6754922bc2e1e69cb34c101c0bab345a84ea06aa490583587d7bbbc03cb79da
      • Opcode Fuzzy Hash: 4d04a333a7ee11d257e8f783972cab6ea25ea148697972bacd9eac67d5f7f4e2
      • Instruction Fuzzy Hash: 45217C21A1D68E82F656AF10E51137D6296AF84792F045434E6FEC77C2CF7EE841831A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3BAC0, Relevance: 9.1, APIs: 6, Instructions: 122COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$_errno_getptd$ErrorFreeHeapLastSleep_lockmalloc
      • String ID:
      • API String ID: 2878544890-0
      • Opcode ID: 6a3b26f126ec00173afdbdec6d464518cb690c4548c0b4f3b0f3307c7a3451bb
      • Instruction ID: 2799e63eb8f241c3c7c68240fe7aee8ee05423665f36fdf96c7a1e77074cef55
      • Opcode Fuzzy Hash: 6a3b26f126ec00173afdbdec6d464518cb690c4548c0b4f3b0f3307c7a3451bb
      • Instruction Fuzzy Hash: AC51F531A0868A86E7229F21A450278B793FF90796F144236D6FDC73A5CF7EE401C71A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F455A4, Relevance: 9.1, APIs: 6, Instructions: 58COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide__initconout
      • String ID:
      • API String ID: 2210154019-0
      • Opcode ID: f37ada550cce15c27b79f0c66dcbd3cf8b066d4035b34aa65d438b3702186596
      • Instruction ID: 88efc8ad8720ac99d3196c8680a79f5186c93f524ff919ce7708bca650894a3a
      • Opcode Fuzzy Hash: f37ada550cce15c27b79f0c66dcbd3cf8b066d4035b34aa65d438b3702186596
      • Instruction Fuzzy Hash: C0312C21A1894A82FB229F20E51437972A2FF86776F500335E6BD87DD4CFBED5448B08
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F37DC0, Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetLastError.KERNEL32(?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F37DCA
      • FlsGetValue.KERNEL32(?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F37DD8
      • SetLastError.KERNEL32(?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F37E30
        • Part of subcall function 00007FF6C6F39A60: Sleep.KERNEL32(?,?,00000000,00007FF6C6F37DF3,?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F39AA5
      • FlsSetValue.KERNEL32(?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F37E04
      • free.LIBCMT ref: 00007FF6C6F37E27
      • GetCurrentThreadId.KERNEL32 ref: 00007FF6C6F37E18
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: ErrorLastValue_lock$CurrentSleepThreadfree
      • String ID:
      • API String ID: 3106088686-0
      • Opcode ID: feb53d8bade9d96a4b643fdf61d47b42e145bae36863b5c285b26daf9c9d1e9f
      • Instruction ID: 9360c11d77cf23c4c2257ef5a9c2d1d2d810e261536f9d0810680382d45700b1
      • Opcode Fuzzy Hash: feb53d8bade9d96a4b643fdf61d47b42e145bae36863b5c285b26daf9c9d1e9f
      • Instruction Fuzzy Hash: 1D018825E0874E82FF07AF7595540792293AF88B62F184234C9FD837C1DE3DE844C219
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3ABD0, Relevance: 8.8, APIs: 7, Instructions: 36COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$ErrorFreeHeapLast_errno
      • String ID:
      • API String ID: 1012874770-0
      • Opcode ID: 3970a2f4dd8e2bc9e63fd22e76b517ac89f75ecef42314953e98a84ac307ffa1
      • Instruction ID: 64bed277fad0267f52ebbe0bd5f3c7d0e768c536f33ee8f6b634d4c87e63d8c1
      • Opcode Fuzzy Hash: 3970a2f4dd8e2bc9e63fd22e76b517ac89f75ecef42314953e98a84ac307ffa1
      • Instruction Fuzzy Hash: 2D011E13A1844E92FE57DF62D5610382367AF80743F441431E5AEC7992CEAEF8C0932A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3AC68, Relevance: 7.7, APIs: 6, Instructions: 246COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free
      • String ID:
      • API String ID: 1294909896-0
      • Opcode ID: bd5a41a343740c7bdf7b0b579bedc9914df45a067c63497103451b1e68b6a53e
      • Instruction ID: 9ef6a37b034a62cd0017bc04236481819a3860e5bc73b74f4eb02565d02e1d45
      • Opcode Fuzzy Hash: bd5a41a343740c7bdf7b0b579bedc9914df45a067c63497103451b1e68b6a53e
      • Instruction Fuzzy Hash: 13B1B532B18B8985EB22CF62E0406A977A2FB85745F404135EEEE83785DF7DD105C745
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F37968, Relevance: 7.7, APIs: 5, Instructions: 199COMMON
      Download Yara Rule
      APIs
      • GetStartupInfoA.KERNEL32 ref: 00007FF6C6F3798D
        • Part of subcall function 00007FF6C6F39A60: Sleep.KERNEL32(?,?,00000000,00007FF6C6F37DF3,?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F39AA5
      • GetFileType.KERNEL32 ref: 00007FF6C6F37B0A
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: FileInfoSleepStartupType
      • String ID:
      • API String ID: 1527402494-0
      • Opcode ID: ce6658298909e3b97387a800a2ac03f89814e1ba9e231f68ba9387809d5c49b4
      • Instruction ID: ff64b9af3b9554258362861004e46ec16b4eaf40236b02e67cc20ffac4d25bba
      • Opcode Fuzzy Hash: ce6658298909e3b97387a800a2ac03f89814e1ba9e231f68ba9387809d5c49b4
      • Instruction Fuzzy Hash: D6919321A0868A81E7128F24D48863836A6FB05776F258735C6FD877D5DF7EE842C30E
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F31030, Relevance: 7.6, APIs: 6, Instructions: 78COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno$ByteCharMultiWidefreemalloc$AllocateHeap
      • String ID:
      • API String ID: 4228965069-0
      • Opcode ID: fea99d41eba0fec2b298fc5c1ee7f8ada5eed0359a22aad72f19de039a4819a5
      • Instruction ID: dab2cacc1f81106334d6cdc9948724c6eb1392588e4fc6906c316ad3ec66ba7c
      • Opcode Fuzzy Hash: fea99d41eba0fec2b298fc5c1ee7f8ada5eed0359a22aad72f19de039a4819a5
      • Instruction Fuzzy Hash: 8341E572629A8487DB50DF19E48162EB7A1FB88B95F101126FADE87B68DF7DD0408F04
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F385B0, Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • DecodePointer.KERNEL32(?,?,?,00007FF6C6F386C1,?,?,?,?,00007FF6C6F33C82,?,?,00000001,00007FF6C6F339AB), ref: 00007FF6C6F385D9
      • DecodePointer.KERNEL32(?,?,?,00007FF6C6F386C1,?,?,?,?,00007FF6C6F33C82,?,?,00000001,00007FF6C6F339AB), ref: 00007FF6C6F385E8
      • EncodePointer.KERNEL32(?,?,?,00007FF6C6F386C1,?,?,?,?,00007FF6C6F33C82,?,?,00000001,00007FF6C6F339AB), ref: 00007FF6C6F38665
        • Part of subcall function 00007FF6C6F39AE4: realloc.LIBCMT ref: 00007FF6C6F39B0F
        • Part of subcall function 00007FF6C6F39AE4: Sleep.KERNEL32(?,?,00000000,00007FF6C6F38655,?,?,?,00007FF6C6F386C1,?,?,?,?,00007FF6C6F33C82,?,?,00000001), ref: 00007FF6C6F39B2B
      • EncodePointer.KERNEL32(?,?,?,00007FF6C6F386C1,?,?,?,?,00007FF6C6F33C82,?,?,00000001,00007FF6C6F339AB), ref: 00007FF6C6F38674
      • EncodePointer.KERNEL32(?,?,?,00007FF6C6F386C1,?,?,?,?,00007FF6C6F33C82,?,?,00000001,00007FF6C6F339AB), ref: 00007FF6C6F38680
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: Pointer$Encode$Decode$Sleep_errnorealloc
      • String ID:
      • API String ID: 1310268301-0
      • Opcode ID: 4d22ffa4449150b0b015ac8b093a21fede078953f29259b97c946d1038f5740b
      • Instruction ID: 2f2f001b83070558d36d34882a0319dbb53b04b85d7409062a74cc583447d4aa
      • Opcode Fuzzy Hash: 4d22ffa4449150b0b015ac8b093a21fede078953f29259b97c946d1038f5740b
      • Instruction Fuzzy Hash: FA217711F1A68E41EA12AF11E5440796393BF857C2B444835DAEDCB796DE7EF441830E
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3D158, Relevance: 7.6, APIs: 5, Instructions: 60COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: CurrentDirectory_errno$Sleepfree
      • String ID:
      • API String ID: 3152075348-0
      • Opcode ID: 9f796aca54aaff8974af517f3cdb31ed6d199b2d69ea6536cfd613a4bcf2111e
      • Instruction ID: ea7bba58dd1067b5e09f185af57af9db8abd4e76ad31bd2813c07a5d0f8a04f4
      • Opcode Fuzzy Hash: 9f796aca54aaff8974af517f3cdb31ed6d199b2d69ea6536cfd613a4bcf2111e
      • Instruction Fuzzy Hash: 4821C136A0878E86F6229F10D5402BE33A2EB48B81F414534DEAC87745DF7EE9448769
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F43BEC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _errno
      • String ID: P
      • API String ID: 2918714741-3110715001
      • Opcode ID: bc9f5d428828e86c1e118f2ef8fc997163de7334b4ed4da3adfd847a41bc8a10
      • Instruction ID: 24e411e5397123dc9aa415ef28ebeab6183d7b255c5e4885ee078355dbf8c8f3
      • Opcode Fuzzy Hash: bc9f5d428828e86c1e118f2ef8fc997163de7334b4ed4da3adfd847a41bc8a10
      • Instruction Fuzzy Hash: 1D21E863A0C7AA41FA578E16960027962D2AF557E1F084A30DFFC87FC5DEFEA4508708
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F33B50, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetModuleHandleW.KERNEL32(?,?,000000FF,00007FF6C6F33B99,?,?,00000028,00007FF6C6F33AB1,?,?,00000000,00007FF6C6F39A18,?,?,00000000,00007FF6C6F382E9), ref: 00007FF6C6F33B5F
      • GetProcAddress.KERNEL32(?,?,000000FF,00007FF6C6F33B99,?,?,00000028,00007FF6C6F33AB1,?,?,00000000,00007FF6C6F39A18,?,?,00000000,00007FF6C6F382E9), ref: 00007FF6C6F33B74
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: AddressHandleModuleProc
      • String ID: CorExitProcess$mscoree.dll
      • API String ID: 1646373207-1276376045
      • Opcode ID: 314d6f858e88a6480d3f4ef31ac68a81fb78dd61469ae465a1ffa7c973a3a161
      • Instruction ID: 4245468b718b48cf4c9169faba8c1129208241d4f15cbef873cfd3daf05cab70
      • Opcode Fuzzy Hash: 314d6f858e88a6480d3f4ef31ac68a81fb78dd61469ae465a1ffa7c973a3a161
      • Instruction Fuzzy Hash: 40E01251F1A64E81FE1BEF50A99523823926F48752B48143CC5BE8B790DEADE548C318
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F34CA8, Relevance: 6.4, APIs: 5, Instructions: 134COMMONLIBRARYCODE
      Download Yara Rule
      APIs
        • Part of subcall function 00007FF6C6F399F4: malloc.LIBCMT ref: 00007FF6C6F39A13
        • Part of subcall function 00007FF6C6F399F4: Sleep.KERNEL32(?,?,00000000,00007FF6C6F382E9,?,?,?,00007FF6C6F38393,?,?,?,?,?,?,00000000,00007FF6C6F37E18), ref: 00007FF6C6F39A2A
      • free.LIBCMT ref: 00007FF6C6F34DF1
      • free.LIBCMT ref: 00007FF6C6F34E0D
        • Part of subcall function 00007FF6C6F383BC: RtlCaptureContext.KERNEL32 ref: 00007FF6C6F383FB
        • Part of subcall function 00007FF6C6F383BC: IsDebuggerPresent.KERNEL32 ref: 00007FF6C6F38499
        • Part of subcall function 00007FF6C6F383BC: SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6C6F384A3
        • Part of subcall function 00007FF6C6F383BC: UnhandledExceptionFilter.KERNEL32 ref: 00007FF6C6F384AE
        • Part of subcall function 00007FF6C6F383BC: GetCurrentProcess.KERNEL32 ref: 00007FF6C6F384C4
        • Part of subcall function 00007FF6C6F383BC: TerminateProcess.KERNEL32 ref: 00007FF6C6F384D2
      • free.LIBCMT ref: 00007FF6C6F34E22
        • Part of subcall function 00007FF6C6F33A28: HeapFree.KERNEL32(?,?,00000000,00007FF6C6F37E2C,?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F33A3E
        • Part of subcall function 00007FF6C6F33A28: _errno.LIBCMT ref: 00007FF6C6F33A48
        • Part of subcall function 00007FF6C6F33A28: GetLastError.KERNEL32(?,?,00000000,00007FF6C6F37E2C,?,?,?,00007FF6C6F37E4F,?,?,?,00007FF6C6F3564E), ref: 00007FF6C6F33A50
      • free.LIBCMT ref: 00007FF6C6F34E41
      • free.LIBCMT ref: 00007FF6C6F34E5D
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free$ExceptionFilterProcessUnhandled_errno$CaptureContextCurrentDebuggerErrorFreeHeapLastPresentSleepTerminatemalloc
      • String ID:
      • API String ID: 2327265721-0
      • Opcode ID: 280b089678f42c366018b0d496c1d0d0c7e55a009609946cafb1c0c59ea9af18
      • Instruction ID: 5353253fcdf56d95b7ff24da4b4694cabfa7b62aebcdb8054242b847f8f12e57
      • Opcode Fuzzy Hash: 280b089678f42c366018b0d496c1d0d0c7e55a009609946cafb1c0c59ea9af18
      • Instruction Fuzzy Hash: 2851B136604A8982EB22DF25E84016D3357FB84BAAF584035DEEDC7795DE3DD881C349
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F350D0, Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: _getptd
      • String ID:
      • API String ID: 3186804695-0
      • Opcode ID: 499d4c99a389790061ed60ce893507ab4218f50be3f7d41f4bf3cd1659de1a0e
      • Instruction ID: d377023d85444cbd0132c77bbd810e01b468c8e9f5f627d8da8d7a1c31bb95b3
      • Opcode Fuzzy Hash: 499d4c99a389790061ed60ce893507ab4218f50be3f7d41f4bf3cd1659de1a0e
      • Instruction Fuzzy Hash: 2681B072A1978A96DB22DF25E1803AA73A2FB84785F504135DBAD83B54DF7EE440CB04
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F4322C, Relevance: 6.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: CriticalSection_lock$EnterLeave
      • String ID:
      • API String ID: 2641352136-0
      • Opcode ID: b97964ea8a3072e94c36babdd14444813bb812038066c4283b874c534c1602dc
      • Instruction ID: f6746e3df59973e3a989fd9af342a3f2e81eb89ce70d19947733400d18541410
      • Opcode Fuzzy Hash: b97964ea8a3072e94c36babdd14444813bb812038066c4283b874c534c1602dc
      • Instruction Fuzzy Hash: 2C51F623A0878A82EB128F16D5453797696FF9076AF044635DABE83BD0CFBEE440C705
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F33090, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 89COMMONLIBRARYCODE
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID:
      • String ID: .jar$.zip
      • API String ID: 0-1338640362
      • Opcode ID: b673739174c04974da84a1a31118cba48eb53f8125a5138903a687a7c53895e3
      • Instruction ID: ea7d37e55c1ac587bcc6e30fe0dfdb080cd1ea2fd64d9135d35d40b949e8e414
      • Opcode Fuzzy Hash: b673739174c04974da84a1a31118cba48eb53f8125a5138903a687a7c53895e3
      • Instruction Fuzzy Hash: D041133291CA8A81DA52EF55E44017EB3A2FBC4795F000531FADDC7B69DFAED5408B09
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F37CE4, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
      Download Yara Rule
      APIs
      • FlsFree.KERNEL32(?,?,?,?,00007FF6C6F38019,?,?,00000000,00007FF6C6F33927), ref: 00007FF6C6F37CF3
      • DeleteCriticalSection.KERNEL32(?,?,?,00000001,?,?,?,?,?,?,?,?,?,00007FF6C6F38019), ref: 00007FF6C6F38222
      • free.LIBCMT ref: 00007FF6C6F3822B
      • DeleteCriticalSection.KERNEL32(?,?,?,00000001,?,?,?,?,?,?,?,?,?,00007FF6C6F38019), ref: 00007FF6C6F3824B
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: CriticalDeleteSection$Freefree
      • String ID:
      • API String ID: 1250194111-0
      • Opcode ID: 207915d49a2fce4c78ddee3ac80dee0017ea51e28601dd82261419c285bc90b7
      • Instruction ID: 480991941bee7ad510b2ccc215baa58d491e8a9001737837ff7cb869131064af
      • Opcode Fuzzy Hash: 207915d49a2fce4c78ddee3ac80dee0017ea51e28601dd82261419c285bc90b7
      • Instruction Fuzzy Hash: 73119132E09A4E82FA169F15E6501387362EF41B92F584131D6FD83B95CF7EE492C709
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F36290, Relevance: 6.0, APIs: 4, Instructions: 42COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: DecodePointer_errno_flush_freebuf
      • String ID:
      • API String ID: 1889905870-0
      • Opcode ID: b408d893756a2f9fdde779e28b60f08a0badfaa3c05bc1974da565a8fbe3b4e9
      • Instruction ID: 0b9d23b96da7462775cdb71647169b5db75e5aefa90f5f7d809641b1291ed520
      • Opcode Fuzzy Hash: b408d893756a2f9fdde779e28b60f08a0badfaa3c05bc1974da565a8fbe3b4e9
      • Instruction Fuzzy Hash: 4A01F922E1864A41FF169F75941137C11939F85775F250330DABDC72D2CE3ED401520A
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F430D8, Relevance: 6.0, APIs: 4, Instructions: 36COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: __doserrno_errno
      • String ID:
      • API String ID: 921712934-0
      • Opcode ID: ca73a6a791f24fecc173a2ec0f5fec00ebdd981fdf3bdbfac392b3851e4186f2
      • Instruction ID: 43016085e5c6edc46cca619109de4c28e8cea0d52addd412c349a295eee6487c
      • Opcode Fuzzy Hash: ca73a6a791f24fecc173a2ec0f5fec00ebdd981fdf3bdbfac392b3851e4186f2
      • Instruction Fuzzy Hash: 6301F563E1864E81FB165F15C94133C22525F90733F508731D7BE83BD1CFAE68018119
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3D238, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMONLIBRARYCODE
      Download Yara Rule
      APIs
      • GetDriveTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6C6F35B1B), ref: 00007FF6C6F3D262
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: DriveType
      • String ID: :$\
      • API String ID: 338552980-1166558509
      • Opcode ID: b9e4c16f2b95b07270ecc6f9f5b3d7bd76e356bb68da26bd8caa8756811a2de9
      • Instruction ID: a246f4153cd0a5d87cda4d3501e8c1d930f3714146900955957f981afe147791
      • Opcode Fuzzy Hash: b9e4c16f2b95b07270ecc6f9f5b3d7bd76e356bb68da26bd8caa8756811a2de9
      • Instruction Fuzzy Hash: 7DE06814E2C2C686FB974A10428073F16D0DBA2302F001034F6EEC3AC1CE4ED0498727
      Uniqueness

      Uniqueness Score: -1.00%

      Function 00007FF6C6F3A9C4, Relevance: 5.1, APIs: 4, Instructions: 148COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.219908185.00007FF6C6F31000.00000020.00020000.sdmp, Offset: 00007FF6C6F30000, based on PE: true
      • Associated: 00000000.00000002.219904310.00007FF6C6F30000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219920875.00007FF6C6F48000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219926388.00007FF6C6F4C000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.219937426.00007FF6C6F50000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219945454.00007FF6C6F5D000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.219977661.00007FF6C6F98000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_7ff6c6f30000_dbeaver.jbxd
      Similarity
      • API ID: free
      • String ID:
      • API String ID: 1294909896-0
      • Opcode ID: 70334a6b60f72a026b29da2252e4a2bdba9f0307f2537794f22995d7955fb69d
      • Instruction ID: abd09a0a3b854fc5da203220622d667e1abd5c894d5d3630799963ee8d7078e4
      • Opcode Fuzzy Hash: 70334a6b60f72a026b29da2252e4a2bdba9f0307f2537794f22995d7955fb69d
      • Instruction Fuzzy Hash: EF51C532B0968E86EB629F12A4401B977A2FB44B86F444535DFFE87781CE7EE542C305
      Uniqueness

      Uniqueness Score: -1.00%