Play interactive tour

Edit tour

Windows Analysis Report SecuriteInfo.com.Trojan.BrowseBan.32054.8200

Overview

General Information

Sample Name:	SecuriteInfo.com.Trojan.BrowseBan.32054.8200 (renamed file extension from 8200 to exe)
Analysis ID:	492347
MD5:	7a61d4434b48575332c6d4227b5ed14f
SHA1:	3dc79fb21dc1c58a3f9fb3fd5a94b5a4eb5cfd36
SHA256:	44d9fb3b4faeb07506a95eaf45e7d9d40dac2830f2004bb6ca061167aa9a67e4
Tags:	exe
Infos:
Most interesting Screenshot:

Detection

Score:	8
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Uses 32bit PE files

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

PE file contains strange resources

Tries to load missing DLLs

Deletes files inside the Windows folder

Contains functionality to shutdown / reboot the system

Creates files inside the system directory

Detected potential crypto function

Potential key logger detected (key state polling based)

Contains functionality to query CPU information (cpuid)

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality to record screenshots

Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook

Process Tree

System is w10x64

SecuriteInfo.com.Trojan.BrowseBan.32054.exe (PID: 4192 cmdline: 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe' MD5: 7A61D4434B48575332C6D4227B5ED14F)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_00468FC0 FindFirstFileA,FindFirstFileA,FindClose,	0_2_00468FC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_0046DB90 lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcpynA,FindFirstFileA,lstrcpynA,lstrcpynA,FindClose,	0_2_0046DB90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004E3A20 FindFirstFileA,FindNextFileA,FindClose,	0_2_004E3A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_00469980 FindFirstFileA,	0_2_00469980

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_0047C0D0 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_0047C0D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004C9B00 GetCursorPos,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_004C9B00

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004DD080 GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,

0_2_004DD080

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004A9170 GetDeviceCaps,GetDC,GetDC,CreateCompatibleBitmap,CreateCompatibleBitmap,CreateCompatibleDC,SelectObject,BitBlt,SelectObject,DeleteDC,DeleteObject,ReleaseDC,

0_2_004A9170

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Static PE information: No import functions for PE file found

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Section loaded: qtim32.dll

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

File deleted: C:\Windows\A6W_DATA\SecuriteInfo.com.Trojan.BrowseBan.32054.rec

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_00435DA0 DestroyWindow,GetCurrentProcess,OpenProcessToken,GetLastError,GetLastError,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,ExitWindowsEx,

0_2_00435DA0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

File created: C:\Windows\A6W_DATA

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004EC150	0_2_004EC150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004A4280	0_2_004A4280
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_0045C400	0_2_0045C400
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004A4650	0_2_004A4650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004F87B0	0_2_004F87B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004C8980	0_2_004C8980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_00498B6C	0_2_00498B6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004ECF90	0_2_004ECF90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004A5380	0_2_004A5380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004F5430	0_2_004F5430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_00489550	0_2_00489550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004A55E0	0_2_004A55E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004E9640	0_2_004E9640

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Jump to behavior

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_00435DA0 DestroyWindow,GetCurrentProcess,OpenProcessToken,GetLastError,GetLastError,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,ExitWindowsEx,

0_2_00435DA0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_00401280 DefDlgProcA,LockResource,GetDC,SetMapMode,GetClientRect,GetClientRect,SetWindowExtEx,SetWindowExtEx,SetViewportExtEx,SetViewportExtEx,LPtoDP,ReleaseDC,ReleaseDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,MoveWindow,SetTimer,SetTimer,GetTickCount,FreeResource,KillTimer,BeginPaint,BeginPaint,GetClientRect,LockResource,SelectPalette,RealizePalette,SetRect,GetStockObject,FillRect,StretchDIBits,SelectPalette,DeleteObject,FreeResource,SetBkMode,SetTextAlign,lstrlenA,lstrlenA,TextOutA,TextOutA,lstrlenA,TextOutA,lstrlenA,lstrlenA,DrawTextA,EndPaint,GetClientRect,GetClientRect,GetStockObject,FillRect,EndDialog,

0_2_00401280

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	String found in binary or memory: Failure occured while loading Xtras. Please remove some Xtras from the Xtras directory and try to re-launch application again.
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	String found in binary or memory: Continue%mA duplicate Xtra has been encountered in your Xtras folder(s). Please quit and remove the duplicate to avoid a possible conflict.Failure occured while loading Xtras. Please remove some Xtras from the Xtras directory and try to re-launch application again.

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

File written: C:\Windows\A6W.INI

Jump to behavior

Source: classification engine

Classification label: clean8.winEXE@1/2@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

File read: C:\Windows\A6W.INI

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_0046C520 GetSystemDirectoryA,GetSystemDirectoryA,CharPrevA,CharPrevA,lstrcpyA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,GetLastError,GetDriveTypeA,

0_2_0046C520

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Static file information: File size 1570477 > 1048576

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004FB570 LoadLibraryA,GetProcAddress,

0_2_004FB570

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004828B0 DefWindowProcA,PostQuitMessage,DefWindowProcA,GetLastActivePopup,IsWindowVisible,SetActiveWindow,SendMessageA,SendMessageA,SendMessageA,PostMessageA,IsIconic,DefWindowProcA,DefWindowProcA,DefWindowProcA,GlobalGetAtomNameA,IsIconic,	0_2_004828B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004828B0 DefWindowProcA,PostQuitMessage,DefWindowProcA,GetLastActivePopup,IsWindowVisible,SetActiveWindow,SendMessageA,SendMessageA,SendMessageA,PostMessageA,IsIconic,DefWindowProcA,DefWindowProcA,DefWindowProcA,GlobalGetAtomNameA,IsIconic,	0_2_004828B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004D9960 IsWindow,RemovePropA,GetWindow,IsIconic,GetPropA,ShowWindow,IsWindowVisible,ShowWindow,SendMessageA,SetPropA,RemovePropA,RemovePropA,ShowWindow,DefWindowProcA,	0_2_004D9960

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+0eh], cx and CTI: jne 004EFEF7h	0_2_004EFE90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+0ch], ax and CTI: jne 004EFEF7h	0_2_004EFE90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+0ah], ax and CTI: jne 004EFEF7h	0_2_004EFE90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+06h], ax and CTI: jne 004EFEF7h	0_2_004EFE90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+04h], ax and CTI: jne 004EFEF7h	0_2_004EFE90

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004A9540 GetSystemInfo,

0_2_004A9540

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_00468FC0 FindFirstFileA,FindFirstFileA,FindClose,	0_2_00468FC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_0046DB90 lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcpynA,FindFirstFileA,lstrcpynA,lstrcpynA,FindClose,	0_2_0046DB90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004E3A20 FindFirstFileA,FindNextFileA,FindClose,	0_2_004E3A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_00469980 FindFirstFileA,	0_2_00469980

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	File Volume queried: C:\Windows\A6W_DATA FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	File Volume queried: C:\Windows FullSizeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004FB570 LoadLibraryA,GetProcAddress,

0_2_004FB570

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004A9540 cpuid

0_2_004A9540

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004F4520 GetTimeZoneInformation,

0_2_004F4520

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004F1340 EntryPoint,GetVersion,GetCommandLineA,GetStartupInfoA,GetModuleHandleA,

0_2_004F1340

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004EFE90 GetLocalTime,GetSystemTime,GetTimeZoneInformation,

0_2_004EFE90

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Command and Scripting Interpreter2	DLL Side-Loading1	Access Token Manipulation1	Masquerading1	Input Capture21	System Time Discovery12	Remote Services	Screen Capture1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	System Shutdown/Reboot1
Default Accounts	Native API1	Boot or Logon Initialization Scripts	DLL Side-Loading1	Access Token Manipulation1	LSASS Memory	Application Window Discovery1	Remote Desktop Protocol	Input Capture21	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	DLL Side-Loading1	Security Account Manager	File and Directory Discovery3	SMB/Windows Admin Shares	Archive Collected Data1	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	File Deletion1	NTDS	System Information Discovery26	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Link
SecuriteInfo.com.Trojan.BrowseBan.32054.exe	3%	Virustotal	Browse
SecuriteInfo.com.Trojan.BrowseBan.32054.exe	5%	Metadefender	Browse
SecuriteInfo.com.Trojan.BrowseBan.32054.exe	2%	ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	492347
Start date:	28.09.2021
Start time:	16:11:05
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	SecuriteInfo.com.Trojan.BrowseBan.32054.8200 (renamed file extension from 8200 to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean8.winEXE@1/2@0/0
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 77 Number of non-executed functions: 188
Cookbook Comments:	Adjust boot time Enable AMSI Stop behavior analysis, all processes terminated
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 20.82.210.154, 80.67.82.211, 80.67.82.235, 209.197.3.8, 20.54.110.249, 20.199.120.151, 40.112.88.60, 20.199.120.182 Excluded domains from analysis (whitelisted): client.wns.windows.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, cds.d2s7q6s2.hwcdn.net, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Windows\A6W.INI Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.307714802597438
Encrypted:	false
SSDEEP:	3:ExLzdCwpA6jOYp:ENzoLSOI
MD5:	D94D1652055EDF8F49C7991664AFEE1A
SHA1:	97B41753CF7CF84A886E094217BFA850F9D474F8
SHA-256:	6B6D4B0D139E08A0773CF7A591D64DD88825210CE184226423D50DC2BC20F19E
SHA-512:	58B734C2B16339C39ED01B106931AFF9DB41FCEF3435F8E5149F847C028F28C67F171B7711B00242A1BC14C6ED3503F247C01BAFE3184C44F8049ABB91B2EA5B
Malicious:	false
Reputation:	low
Preview:	[MMXTechnology]..MMXEnableCheck=1..

C:\Windows\Run32A60.mch Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe
File Type:	data
Category:	dropped
Size (bytes):	288
Entropy (8bit):	4.686889438956984
Encrypted:	false
SSDEEP:	6:t10rm+aX2qyzwWSXmXlBhMGvqjt/al6wnKfRBm0opzlLNlv8uFRxjw3:707H02XkR0LXphNlv8uFg3
MD5:	DDBD22FCBC5FC8DD7E120DBF85CA9519
SHA1:	877C624A1829038173D8BF1B898ABA3EDD99BF81
SHA-256:	E0C5778E7BFEC2EB403609850616FFA2ADD712AED5616D5B1F6891B99C6CB8F3
SHA-512:	F699679FEAC9364186BEEA2FBEAC3541F44280BD42FF3A716F384EBE27AAF2674858F86941CF2F756EAB28E13DDC18F83999F42A0CC802A0D09666D65DB9DF9B
Malicious:	false
Reputation:	low
Preview:	MoaCacheWin32_32..........OsType.......XtraClassInfo.......DirSpec......._rt_KeepInCache.......AlwaysCallRegister......._rt_RegDictList.......FileName......._rt_XtraDictList......._rt_XtraRef......._rt_FileDictList......._rt_NeedsRegistration.......Date.......FileHasXtraEntriesAdded.....

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.267914993120473
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Trojan.BrowseBan.32054.exe
File size:	1570477
MD5:	7a61d4434b48575332c6d4227b5ed14f
SHA1:	3dc79fb21dc1c58a3f9fb3fd5a94b5a4eb5cfd36
SHA256:	44d9fb3b4faeb07506a95eaf45e7d9d40dac2830f2004bb6ca061167aa9a67e4
SHA512:	f51b4a93a2aebdbe89dc31d53363497d9d50cc178c530b7a25c0baa9770e01e7430ceb4365034e4fc6209aa3411e6b1d4fa4f79184f0de3735956278943dc668
SSDEEP:	24576:rjGjEneWcf3c+rkqPGIwLqyz6phJLxwpX16ON/+vxM1fVQLcmOZ4WM7:fGnf3wOl0HgMpVQLMZM7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c.;............................@.............@.....................................................................5..

File Icon


Icon Hash:	f2ecd4b2f6f4c4ec

Static PE Info

General
Entrypoint:	0x4f1340
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
DLL Characteristics:
Time Stamp:	0x3B8363CE [Wed Aug 22 07:48:30 2001 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
mov eax, dword ptr fs:[00000000h]
push ebp
mov ebp, esp
push FFFFFFFFh
push 004FF220h
push 004F7084h
push eax
mov dword ptr fs:[00000000h], esp
sub esp, 60h
push ebx
push esi
push edi
mov dword ptr [ebp-18h], esp
call dword ptr [0050FACCh]
mov dword ptr [00505140h], eax
xor eax, eax
mov al, byte ptr [00505141h]
mov dword ptr [0050514Ch], eax
mov eax, dword ptr [00505140h]
shr dword ptr [00505140h], 10h
and eax, 000000FFh
mov dword ptr [00505148h], eax
shl eax, 08h
add eax, dword ptr [0050514Ch]
mov dword ptr [00505144h], eax
call 00007FD7FC9A99CFh
test eax, eax
jne 00007FD7FC9A3D3Ch
push 0000001Ch
call 00007FD7FC9A3E64h
add esp, 04h
mov dword ptr [ebp-04h], 00000000h
call 00007FD7FC9A97D5h
call 00007FD7FC9A4E80h
call dword ptr [0050F998h]
mov dword ptr [0050E070h], eax
call 00007FD7FC9A9630h
mov dword ptr [00505120h], eax
test eax, eax
je 00007FD7FC9A3D3Bh
cmp dword ptr [0050E070h], 00000000h
jne 00007FD7FC9A3D3Ch
push FFFFFFFFh
call 00007FD7FC9A3F77h
add esp, 04h
call 00007FD7FC9A938Fh
call 00007FD7FC9A929Ah
call 00007FD7FC9A3F35h
mov esi, dword ptr [0050E070h]
mov al, byte ptr [esi]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xfffe0	0x35	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x10f000	0xf0	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x112000	0x5c490	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x16f000	0xa130	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x10f784	0x694	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xfb3f6	0xfb400	False	0.512184196206	data	6.37515393741	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0xfd000	0x3015	0x3200	False	0.435078125	data	5.40448218626	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x101000	0xd074	0x5e00	False	0.400556848404	data	4.46430466957	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.idata	0x10f000	0x28f8	0x2a00	False	0.407087053571	data	5.53322081171	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x112000	0x5c490	0x5c600	False	0.179288417625	data	4.12178722438	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x16f000	0xba6a	0xbc00	False	0.625020777926	data	6.2745480459	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_CURSOR	0x15e2f4	0x134	data	English	United States
RT_CURSOR	0x15e43c	0x134	data	English	United States
RT_CURSOR	0x15e584	0x134	data	English	United States
RT_CURSOR	0x15e6cc	0x134	data	English	United States
RT_CURSOR	0x15e814	0x134	data	English	United States
RT_CURSOR	0x15e95c	0x134	data	English	United States
RT_CURSOR	0x15eaa4	0x134	data	English	United States
RT_CURSOR	0x15ebec	0x134	AmigaOS bitmap font	English	United States
RT_BITMAP	0x155cf8	0xec	data	English	United States
RT_BITMAP	0x1244c0	0xa458	data	English	United States
RT_BITMAP	0x12e918	0x5080	data	English	United States
RT_BITMAP	0x155de4	0x29a	data	English	United States
RT_BITMAP	0x156080	0x2d2	data	English	United States
RT_BITMAP	0x133998	0x16c94	data	English	United States
RT_BITMAP	0x14a62c	0xb670	data	English	United States
RT_BITMAP	0x157dbc	0x192	data	English	United States
RT_BITMAP	0x157f50	0x192	data	English	United States
RT_BITMAP	0x157c28	0x192	data	English	United States
RT_BITMAP	0x156df4	0x192	data	English	United States
RT_BITMAP	0x156f88	0x192	data	English	United States
RT_BITMAP	0x15711c	0x192	data	English	United States
RT_BITMAP	0x1572b0	0x192	data	English	United States
RT_BITMAP	0x157444	0x192	data	English	United States
RT_BITMAP	0x1575d8	0x192	data	English	United States
RT_BITMAP	0x15776c	0x192	data	English	United States
RT_BITMAP	0x157900	0x192	data	English	United States
RT_BITMAP	0x157a94	0x192	data	English	United States
RT_BITMAP	0x15bd74	0x150	data	English	United States
RT_BITMAP	0x15bec4	0x168	data	English	United States
RT_BITMAP	0x15c02c	0x150	data	English	United States
RT_BITMAP	0x15c17c	0x168	data	English	United States
RT_BITMAP	0x156354	0xa8	data	English	United States
RT_BITMAP	0x1563fc	0x54	data	English	United States
RT_BITMAP	0x156450	0x54	data	English	United States
RT_BITMAP	0x1564a4	0x58	data	English	United States
RT_BITMAP	0x1564fc	0x1e0	data	English	United States
RT_BITMAP	0x1566dc	0x29a	data	English	United States
RT_BITMAP	0x156978	0x2d2	data	English	United States
RT_BITMAP	0x158540	0x45a	data	English	United States
RT_BITMAP	0x15899c	0x45a	data	English	United States
RT_BITMAP	0x1580e4	0x45a	data	English	United States
RT_BITMAP	0x158df8	0x87a	data	English	United States
RT_BITMAP	0x159674	0x87a	data	English	United States
RT_BITMAP	0x159ef0	0x45a	data	English	United States
RT_BITMAP	0x15a34c	0x45a	data	English	United States
RT_BITMAP	0x15a7a8	0x45a	data	English	United States
RT_BITMAP	0x15ac04	0x45a	data	English	United States
RT_BITMAP	0x15b060	0x45a	data	English	United States
RT_BITMAP	0x15b4bc	0x45a	data	English	United States
RT_BITMAP	0x15b918	0x45a	data	English	United States
RT_BITMAP	0x15c2e4	0x2a8	data	English	United States
RT_BITMAP	0x15c58c	0x2d8	data	English	United States
RT_BITMAP	0x15c864	0x2a8	data	English	United States
RT_BITMAP	0x15cb0c	0x2d8	data	English	United States
RT_BITMAP	0x15d09c	0x150	data	English	United States
RT_BITMAP	0x15d1ec	0x168	data	English	United States
RT_BITMAP	0x15cf4c	0x150	data	English	United States
RT_BITMAP	0x15cde4	0x168	data	English	United States
RT_BITMAP	0x156c4c	0xa8	data	English	United States
RT_BITMAP	0x156cf4	0x54	data	English	United States
RT_BITMAP	0x156d48	0x54	data	English	United States
RT_BITMAP	0x156d9c	0x58	data	English	United States
RT_BITMAP	0x15d354	0x168	data	English	United States
RT_ICON	0x116330	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x116458	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x1169c0	0x2e8	data	English	United States
RT_ICON	0x116ca8	0x8a8	data	English	United States
RT_ICON	0x117590	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x1176b8	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x117c20	0x2e8	data	English	United States
RT_ICON	0x117f08	0x8a8	data	English	United States
RT_ICON	0x1187f0	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x118918	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x118e80	0x2e8	data	English	United States
RT_ICON	0x119168	0x8a8	data	English	United States
RT_ICON	0x119a50	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x119b78	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x11a0e0	0x2e8	data	English	United States
RT_ICON	0x11a3c8	0x8a8	data	English	United States
RT_ICON	0x11acb0	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x11add8	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x11b340	0x2e8	data	English	United States
RT_ICON	0x11b628	0x8a8	data	English	United States
RT_ICON	0x11bf10	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x11c038	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x11c5a0	0x2e8	data	English	United States
RT_ICON	0x11c888	0x8a8	data	English	United States
RT_ICON	0x11d170	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x11d298	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x11d800	0x2e8	data	English	United States
RT_ICON	0x11dae8	0x8a8	data	English	United States
RT_ICON	0x11e3d0	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x11e4f8	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x11ea60	0x2e8	data	English	United States
RT_ICON	0x11ed48	0x8a8	data	English	United States
RT_ICON	0x11f630	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x11f758	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x11fcc0	0x2e8	data	English	United States
RT_ICON	0x11ffa8	0x8a8	data	English	United States
RT_ICON	0x120890	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x1209b8	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x120f20	0x2e8	data	English	United States
RT_ICON	0x121208	0x8a8	data	English	United States
RT_ICON	0x121af0	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x121c18	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x122180	0x2e8	data	English	United States
RT_ICON	0x122468	0x8a8	data	English	United States
RT_ICON	0x122d50	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x122e78	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x1233e0	0x2e8	data	English	United States
RT_ICON	0x1236c8	0x8a8	data	English	United States
RT_ICON	0x123fb0	0x130	data	English	United States
RT_ICON	0x1240f4	0x130	data	English	United States
RT_ICON	0x124238	0x130	data	English	United States
RT_ICON	0x12437c	0x130	data	English	United States
RT_DIALOG	0x15ff38	0x19e	data	English	United States
RT_DIALOG	0x1602c0	0x1aa	data	English	United States
RT_DIALOG	0x1604ec	0x6e	data	English	United States
RT_DIALOG	0x15f40c	0x216	data	English	United States
RT_DIALOG	0x15f354	0xb6	data	English	United States
RT_DIALOG	0x15f1bc	0xd0	data	English	United States
RT_DIALOG	0x162b60	0xc2	data	English	United States
RT_DIALOG	0x15f28c	0xc8	data	English	United States
RT_DIALOG	0x15f65c	0x238	data	English	United States
RT_DIALOG	0x15f92c	0x294	data	English	United States
RT_DIALOG	0x155c9c	0x26	data	English	United States
RT_DIALOG	0x15fbc0	0xd6	data	English	United States
RT_DIALOG	0x15f624	0x36	data	English	United States
RT_DIALOG	0x15f894	0x96	data	English	United States
RT_DIALOG	0x15fd64	0x1d4	data	English	United States
RT_DIALOG	0x1600d8	0x1e8	data	English	United States
RT_DIALOG	0x16046c	0x80	data	English	United States
RT_STRING	0x1657bc	0x76	data	English	United States
RT_STRING	0x165834	0x4a	data	English	United States
RT_STRING	0x165904	0x68	data	English	United States
RT_STRING	0x165a20	0x8e	data	English	United States
RT_STRING	0x169814	0xfc	data	English	United States
RT_STRING	0x169910	0x92	data	English	United States
RT_STRING	0x16a8d8	0x2d8	data	English	United States
RT_STRING	0x16abb0	0xe4	data	English	United States
RT_STRING	0x16596c	0xb4	data	English	United States
RT_STRING	0x165880	0x84	data	English	United States
RT_STRING	0x1691a0	0x9e	data	English	United States
RT_STRING	0x169240	0xc2	data	English	United States
RT_STRING	0x169304	0x38	data	English	United States
RT_STRING	0x1699a4	0xb8	data	English	United States
RT_STRING	0x169a5c	0x60	data	English	United States
RT_STRING	0x169abc	0xbc	data	English	United States
RT_STRING	0x169b78	0xb0	data	English	United States
RT_STRING	0x169c28	0x48	data	English	United States
RT_STRING	0x169c70	0x2a	Hitachi SH big-endian COFF object file, not stripped, 17152 sections, symbol offset=0x25006400	English	United States
RT_STRING	0x169d1c	0x62	data	English	United States
RT_STRING	0x169d80	0x26	data	English	United States
RT_STRING	0x169da8	0x122	data	English	United States
RT_STRING	0x16a094	0xa6	data	English	United States
RT_STRING	0x16a13c	0x56	data	English	United States
RT_STRING	0x16a194	0x14e	data	English	United States
RT_STRING	0x16a034	0x60	data	English	United States
RT_STRING	0x169ecc	0x58	data	English	United States
RT_STRING	0x169c9c	0x5a	data	English	United States
RT_STRING	0x169cf8	0x24	data	English	United States
RT_STRING	0x16933c	0x21c	data	English	United States
RT_STRING	0x169558	0x274	data	English	United States
RT_STRING	0x1697cc	0x46	data	English	United States
RT_STRING	0x16a2e4	0x7c	data	English	United States
RT_STRING	0x16a360	0x72	data	English	United States
RT_STRING	0x16a3d4	0x110	data	English	United States
RT_STRING	0x16a4e4	0x390	data	English	United States
RT_STRING	0x16a874	0x64	data	English	United States
RT_STRING	0x169f24	0x5a	data	English	United States
RT_STRING	0x169f80	0xb2	data	English	United States
RT_STRING	0x16bb8c	0x6e	data	English	United States
RT_STRING	0x16bbfc	0x142	data	English	United States
RT_STRING	0x16ac94	0xc2	data	English	United States
RT_STRING	0x16ad58	0x396	data	English	United States
RT_STRING	0x16b0f0	0x44a	data	English	United States
RT_STRING	0x16b53c	0x32a	data	English	United States
RT_STRING	0x16bdf0	0x58	data	English	United States
RT_STRING	0x16b868	0x62	data	English	United States
RT_STRING	0x16b8cc	0x11a	data	English	United States
RT_STRING	0x16bd40	0xb0	data	English	United States
RT_STRING	0x16b9e8	0x62	data	English	United States
RT_STRING	0x16ba4c	0x106	data	English	United States
RT_STRING	0x16bb54	0x36	data	English	United States
RT_STRING	0x16be48	0x38	data	English	United States
RT_STRING	0x16be80	0x282	data	English	United States
RT_STRING	0x16c104	0xf0	data	English	United States
RT_STRING	0x16c1f4	0xae	data	English	United States
RT_STRING	0x16c2a4	0x186	data	English	United States
RT_STRING	0x16c42c	0x11e	data	English	United States
RT_STRING	0x16c54c	0xda	data	English	United States
RT_STRING	0x16c628	0x148	data	English	United States
RT_STRING	0x16c904	0x322	data	English	United States
RT_STRING	0x16cc28	0x314	data	English	United States
RT_STRING	0x16c770	0x194	data	English	United States
RT_STRING	0x16cf3c	0x1ac	data	English	United States
RT_STRING	0x16d0e8	0xb8	data	English	United States
RT_STRING	0x16d1a0	0x32	data	English	United States
RT_STRING	0x16d1d4	0x1b2	data	English	United States
RT_STRING	0x16d388	0x62	data	English	United States
RT_STRING	0x16d3ec	0x48	data	English	United States
RT_STRING	0x16d434	0x38	data	English	United States
RT_STRING	0x16d46c	0x7e	data	English	United States
RT_STRING	0x16d4ec	0x84	data	English	United States
RT_STRING	0x16d570	0x4e	data	English	United States
RT_STRING	0x16d5c0	0x3a	data	English	United States
RT_STRING	0x16d5fc	0xca	data	English	United States
RT_STRING	0x16d6c8	0xe6	data	English	United States
RT_STRING	0x16d7b0	0xb2	data	English	United States
RT_STRING	0x16d864	0x34	data	English	United States
RT_STRING	0x16d898	0x46	data	English	United States
RT_STRING	0x16d8e0	0x364	data	English	United States
RT_STRING	0x16dc44	0x4fe	data	English	United States
RT_STRING	0x16e144	0x154	data	English	United States
RT_STRING	0x16e298	0x1f8	data	English	United States
RT_STRING	0x165ab0	0x9a	data	English	United States
RT_STRING	0x165b4c	0x12c	data	English	United States
RT_STRING	0x165c78	0xf4	data	English	United States
RT_STRING	0x165d6c	0x11c	data	English	United States
RT_STRING	0x165e88	0x146	data	English	United States
RT_STRING	0x165fd0	0x14e	data	English	United States
RT_STRING	0x166120	0x160	data	English	United States
RT_STRING	0x166280	0x17e	data	English	United States
RT_STRING	0x166400	0x19c	data	English	United States
RT_STRING	0x16659c	0x198	data	English	United States
RT_STRING	0x166734	0x182	data	English	United States
RT_STRING	0x1668b8	0x160	data	English	United States
RT_STRING	0x166a18	0x1ac	data	English	United States
RT_STRING	0x166bc4	0x16e	data	English	United States
RT_STRING	0x166d34	0xf8	data	English	United States
RT_STRING	0x166e2c	0x198	data	English	United States
RT_STRING	0x166fc4	0x17e	data	English	United States
RT_STRING	0x167144	0x1a8	data	English	United States
RT_STRING	0x1672ec	0x234	data	English	United States
RT_STRING	0x167520	0x1c0	data	English	United States
RT_STRING	0x1676e0	0x188	data	English	United States
RT_STRING	0x167868	0x1ee	data	English	United States
RT_STRING	0x167a58	0x62	data	English	United States
RT_STRING	0x167abc	0x144	data	English	United States
RT_STRING	0x167c00	0x1a2	data	English	United States
RT_STRING	0x167da4	0x154	data	English	United States
RT_STRING	0x167ef8	0x128	data	English	United States
RT_STRING	0x168020	0x124	data	English	United States
RT_STRING	0x168144	0x14e	data	English	United States
RT_STRING	0x168294	0x12a	data	English	United States
RT_STRING	0x1683c0	0x18c	AmigaOS bitmap font	English	United States
RT_STRING	0x16854c	0x19a	data	English	United States
RT_STRING	0x16880c	0x1c6	data	English	United States
RT_STRING	0x1689d4	0x182	data	English	United States
RT_STRING	0x168b58	0x186	data	English	United States
RT_STRING	0x168ce0	0x194	data	English	United States
RT_STRING	0x168e74	0x1ba	data	English	United States
RT_STRING	0x169030	0x16e	data	English	United States
RT_STRING	0x1686e8	0x122	data	English	United States
RT_RCDATA	0x15d4bc	0x120	data	English	United States
RT_RCDATA	0x16055c	0x1734	data	English	United States
RT_RCDATA	0x161c90	0xed0	data	English	United States
RT_GROUP_CURSOR	0x15e428	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x15e570	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x15e6b8	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x15e800	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x15e948	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x15ea90	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x15ebd8	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x15ed20	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_ICON	0x117550	0x3e	data	English	United States
RT_GROUP_ICON	0x1187b0	0x3e	data	English	United States
RT_GROUP_ICON	0x119a10	0x3e	data	English	United States
RT_GROUP_ICON	0x11ac70	0x3e	data	English	United States
RT_GROUP_ICON	0x11bed0	0x3e	data	English	United States
RT_GROUP_ICON	0x11d130	0x3e	data	English	United States
RT_GROUP_ICON	0x11e390	0x3e	data	English	United States
RT_GROUP_ICON	0x11f5f0	0x3e	data	English	United States
RT_GROUP_ICON	0x120850	0x3e	data	English	United States
RT_GROUP_ICON	0x121ab0	0x3e	data	English	United States
RT_GROUP_ICON	0x122d10	0x3e	data	English	United States
RT_GROUP_ICON	0x123f70	0x3e	data	English	United States
RT_GROUP_ICON	0x1240e0	0x14	data	English	United States
RT_GROUP_ICON	0x124224	0x14	data	English	United States
RT_GROUP_ICON	0x124368	0x14	data	English	United States
RT_GROUP_ICON	0x1244ac	0x14	data	English	United States
RT_VERSION	0x1654dc	0x2de	data	English	United States
None	0x163034	0x2a1	data	English	United States
None	0x164928	0xc9	data	English	United States
None	0x1632d8	0x69	data	English	United States
None	0x1649f4	0xd3	data	English	United States
None	0x162f60	0x59	data	English	United States
None	0x163f80	0x111	data	English	United States
None	0x1635ac	0x51	data	English	United States
None	0x163adc	0x15b	data	English	United States
None	0x164ac8	0x35	data	English	United States
None	0x164b00	0x32	data	English	United States
None	0x163600	0x21c	data	English	United States
None	0x164b34	0x1a4	data	English	United States
None	0x163930	0x43	data	English	United States
None	0x162d8c	0xb2	data	English	United States
None	0x164cd8	0x4e	data	English	United States
None	0x1633a8	0x91	data	English	United States
None	0x163478	0x9f	data	English	United States
None	0x162c34	0x81	data	English	United States
None	0x162e40	0x90	data	English	United States
None	0x162cb8	0xd4	data	English	United States
None	0x162ed0	0x8d	data	English	United States
None	0x162fbc	0x77	data	English	United States
None	0x16343c	0x3c	data	English	United States
None	0x16381c	0xc5	data	English	United States
None	0x164d28	0x44	data	English	United States
None	0x163c38	0x292	data	English	United States
None	0x163ecc	0x39	data	English	United States
None	0x163f08	0x3e	data	English	United States
None	0x163518	0x93	data	English	United States
None	0x164d6c	0x34	data	English	United States
None	0x164da0	0x3d6	data	English	United States
None	0x163a4c	0x64	data	English	United States
None	0x162c24	0x10	data	English	United States
None	0x1638e4	0x49	data	English	United States
None	0x163974	0x57	data	English	United States
None	0x163344	0x64	data	English	United States
None	0x1639cc	0x7f	data	English	United States
None	0x163ab0	0x2a	data	English	United States
None	0x163f48	0x35	data	English	United States
None	0x164094	0xd0	data	English	United States
None	0x165178	0x53	data	English	United States
None	0x164164	0x3f	data	English	United States
None	0x1641a4	0x4ab	data	English	United States
None	0x164650	0x7b	data	English	United States
None	0x1646cc	0x58	data	English	United States
None	0x164724	0x75	data	English	United States
None	0x16479c	0xab	data	English	United States
None	0x164848	0x92	data	English	United States
None	0x1648dc	0x4a	data	English	United States
None	0x15fc98	0x16	data	English	United States
None	0x15fcb0	0x16	data	English	United States
None	0x15fd0c	0x16	data	English	United States
None	0x15fcdc	0x16	data	English	United States
None	0x15fcf4	0x16	data	English	United States
None	0x15fcc8	0x12	data	English	United States
None	0x15fd24	0x1f	data	English	United States
None	0x15fd44	0x1f	data	English	United States
None	0x1651cc	0x30c	data	English	United States
None	0x1654d8	0x4	data	English	United States
None	0x155cc4	0x34	data	English	United States
None	0x15d5dc	0x100	data	English	United States
None	0x15d6dc	0x8	data	English	United States
None	0x15d6e4	0x400	data	English	United States
None	0x15dae4	0x10	data	English	United States
None	0x15daf4	0x800	data	English	United States
None	0x15ed34	0x64	RIFF (little-endian) data, palette, version 68, 0 entries	English	United States
None	0x15ed98	0x424	RIFF (little-endian) data, palette, version 1028, 0 entries	English	United States

Version Infos

Description	Data
Translation	0x0409 0x04b0
LegalCopyright	1987-1998, Macromedia, Inc.
CompanyName	Macromedia, Inc.
LegalTrademarks	Macromedia, the Macromedia Logo and Authorware are registered trademarks of Macromedia, Inc.
FileVersion	6.0
FileDescription	Authorware Runtime

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2021 16:12:25.662106991 CEST	57459	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:25.681663990 CEST	53	57459	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:32.004306078 CEST	57875	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:32.023658037 CEST	53	57875	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:47.941556931 CEST	54154	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:47.960385084 CEST	53	54154	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:49.861414909 CEST	52806	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:49.870047092 CEST	53910	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:49.885335922 CEST	53	52806	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:49.889545918 CEST	53	53910	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:50.316499949 CEST	64021	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:50.336370945 CEST	53	64021	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:50.866606951 CEST	60784	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:50.883982897 CEST	53	60784	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:51.208616018 CEST	51143	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:51.228117943 CEST	53	51143	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:51.651036024 CEST	56009	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:51.670914888 CEST	53	56009	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:51.766568899 CEST	59026	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:51.794857025 CEST	53	59026	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:52.171520948 CEST	49572	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:52.191257954 CEST	53	49572	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:52.760643959 CEST	60823	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:52.795089006 CEST	53	60823	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:53.160218000 CEST	52130	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:53.188272953 CEST	53	52130	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:53.533149004 CEST	55102	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:53.553311110 CEST	53	55102	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:54.226035118 CEST	56236	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:54.246094942 CEST	53	56236	8.8.8.8	192.168.2.3
Sep 28, 2021 16:12:54.888566017 CEST	56527	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:12:54.906147003 CEST	53	56527	8.8.8.8	192.168.2.3
Sep 28, 2021 16:13:01.458327055 CEST	49559	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:13:01.477133989 CEST	53	49559	8.8.8.8	192.168.2.3
Sep 28, 2021 16:13:13.235512972 CEST	52650	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:13:13.258397102 CEST	53	52650	8.8.8.8	192.168.2.3
Sep 28, 2021 16:13:30.183695078 CEST	63297	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:13:30.204565048 CEST	53	63297	8.8.8.8	192.168.2.3
Sep 28, 2021 16:13:49.759965897 CEST	58361	53	192.168.2.3	8.8.8.8
Sep 28, 2021 16:13:49.779611111 CEST	53	58361	8.8.8.8	192.168.2.3

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: SecuriteInfo.com.Trojan.BrowseBan.32054.exe PID: 4192 Parent PID: 5020

General

Start time:	16:12:02
Start date:	28/09/2021
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe'
Imagebase:	0x400000
File size:	1570477 bytes
MD5 hash:	7A61D4434B48575332C6D4227B5ED14F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: SecuriteInfo.com.Trojan.BrowseBan.32054.exe PID: 4192 Parent PID: 5020 SecuriteInfo.com.Trojan.BrowseBan.32054.exeCOMMON

Executed Functions

Function 00401280, Relevance: 66.5, APIs: 44, Instructions: 487timeCOMMON

Download Yara Rule

APIs

DefDlgProcA.USER32(?,?,?,?), ref: 004012C2
LockResource.KERNEL32(00000000), ref: 00401340
GetDC.USER32(?), ref: 00401399
SetMapMode.GDI32(00000000,00000007), ref: 004013A8
GetClientRect.USER32 ref: 004013BA
SetWindowExtEx.GDI32(00000000,?,?,00000000), ref: 004013CF
SetViewportExtEx.GDI32(00000000,?,?,00000000), ref: 004013E4
LPtoDP.GDI32(00000000,?,00000001), ref: 004013F1
ReleaseDC.USER32 ref: 004013FF
GetSystemMetrics.USER32 ref: 00401409
GetSystemMetrics.USER32 ref: 0040140F
GetSystemMetrics.USER32 ref: 00401435
GetSystemMetrics.USER32 ref: 00401453
MoveWindow.USER32(?,00000000), ref: 00401470
SetTimer.USER32 ref: 00401486
GetTickCount.KERNEL32 ref: 0040148D

Part of subcall function 004DAFB0: SetFocus.USER32(?,?,?,004126F1,00000000), ref: 004DAFBC

FreeResource.KERNEL32(00555CC4), ref: 004014C3
KillTimer.USER32(?,00000001), ref: 004014E0
BeginPaint.USER32(?,?), ref: 0040150D
GetClientRect.USER32 ref: 00401527
LockResource.KERNEL32(00000000), ref: 0040158E
SetRect.USER32 ref: 0040163B
GetStockObject.GDI32(00000000), ref: 00401643
FillRect.USER32 ref: 00401650
EndDialog.USER32(?,00000000), ref: 00401904

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: MetricsRectSystem$Resource$ClientLockTimerWindow$BeginCountDialogFillFocusFreeKillModeMoveObjectPaintProcReleaseStockTickViewport
String ID:
API String ID: 2914393667-0
Opcode ID: a1e0c2d9e959a93f5479df24eb568a57cae8f2ad02c91dfb0dd4dcb404186c06
Instruction ID: 7de144beaf3049064aa67e78bcad2ff43ead2ab291e2ea6757129069627e1c07
Opcode Fuzzy Hash: a1e0c2d9e959a93f5479df24eb568a57cae8f2ad02c91dfb0dd4dcb404186c06
Instruction Fuzzy Hash: A102BFB1104300AFE324DF24DC89FAF77E8EB94305F04492EFA45962A1D778E949DB56

Uniqueness

Uniqueness Score: -1.00%

Function 004828B0, Relevance: 28.5, APIs: 15, Strings: 1, Instructions: 479windowCOMMON

Download Yara Rule

APIs

PostQuitMessage.USER32(00000000), ref: 00482A85
DefWindowProcA.USER32(?,?,00000000,?), ref: 00482AD2
GetLastActivePopup.USER32(00000000), ref: 00482BC4
IsWindowVisible.USER32 ref: 00482BCF
SetActiveWindow.USER32(00000000), ref: 00482BDA

Strings

y, xrefs: 00482D06

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$Active$LastMessagePopupPostProcQuitVisible
String ID: y
API String ID: 158409250-4225443349
Opcode ID: 2daa2149b48764d0489ad227aad6e14258c9bc7894271657686cf2396c195c51
Instruction ID: b1ade047f981195c5b7663785716fcbec876ccd67cd15b43167cc73571cb9e17
Opcode Fuzzy Hash: 2daa2149b48764d0489ad227aad6e14258c9bc7894271657686cf2396c195c51
Instruction Fuzzy Hash: 08F1D2706042419AE638FB24CA45BAF72E8EF98704F140C2BF98586391E7BCD945D76F

Uniqueness

Uniqueness Score: -1.00%

Function 0046C520, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 150stringCOMMON

Download Yara Rule

APIs

GetSystemDirectoryA.KERNEL32 ref: 0046C551
CharPrevA.USER32(?,?), ref: 0046C57F
lstrcpyA.KERNEL32(?,?), ref: 0046C649
GetDiskFreeSpaceExA.KERNELBASE(?,?,?,?), ref: 0046C666
GetDiskFreeSpaceA.KERNELBASE(?,?,?,?,?), ref: 0046C6C7
GetLastError.KERNEL32 ref: 0046C6D6
GetDriveTypeA.KERNEL32(?), ref: 0046C6E6

Strings

\, xrefs: 0046C58E

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: DiskFreeSpace$CharDirectoryDriveErrorLastPrevSystemTypelstrcpy
String ID: \
API String ID: 3781072133-2967466578
Opcode ID: e3a89031f4184032ba3cd2bb8805e735e8ad8c00a563055e78146c17a48dfd5f
Instruction ID: b73eea371865ce7e014aa3083dbb60415d43425c496a0f5e89d958ee89a220cd
Opcode Fuzzy Hash: e3a89031f4184032ba3cd2bb8805e735e8ad8c00a563055e78146c17a48dfd5f
Instruction Fuzzy Hash: A15141712043459BD731EB64C8C4BAF77E8AB98354F04092EE589C3251FB78E944CB67

Uniqueness

Uniqueness Score: -1.00%

Function 0046DB90, Relevance: 9.1, APIs: 6, Instructions: 98stringfileCOMMON

Download Yara Rule

APIs

lstrcmpiA.KERNEL32(00000000,00502C90,00000000), ref: 0046DBC4
lstrcmpiA.KERNEL32(00000000,00502CE0), ref: 0046DBD0
lstrcpynA.KERNEL32(?,?,?), ref: 0046DBE7
FindFirstFileA.KERNELBASE(?,?,00000000), ref: 0046DC00
lstrcpynA.KERNEL32(?,?,?), ref: 0046DCA0
FindClose.KERNEL32(00000000), ref: 0046DCA7

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Findlstrcmpilstrcpyn$CloseFileFirst
String ID:
API String ID: 3537251059-0
Opcode ID: c3ab203071f952ed72be8a807ead013a6cc64ea0f407896d01e0f6509e3bd4cf
Instruction ID: 3047fd6e39d4a2ea1c69678316dea523833bd94f47964ccffab9849021a9bd0f
Opcode Fuzzy Hash: c3ab203071f952ed72be8a807ead013a6cc64ea0f407896d01e0f6509e3bd4cf
Instruction Fuzzy Hash: 1D319171B043889BD3319B15DC48FEF77ACFBC6354F14082AE94982241E779A909C7A7

Uniqueness

Uniqueness Score: -1.00%

Function 004F4520, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 213timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNELBASE(0050CBF8,?,?,004EFF79,?,?,?,?,?,?,00000001), ref: 004F4557

Strings

Pacific Standard Time, xrefs: 004F45EC
pPP, xrefs: 004F45FA, 004F460F, 004F4618, 004F479D, 004F47AC, 004F47BA
0PP, xrefs: 004F45E7, 004F461D, 004F46CF, 004F46E1
Pacific Daylight Time, xrefs: 004F4601

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: InformationTimeZone
String ID: 0PP$Pacific Daylight Time$Pacific Standard Time$pPP
API String ID: 565725191-1630129757
Opcode ID: ddb6be8374ccb98f6b1c6e0cae9c49fb9935ac07339c860758a31af28dc9c3ca
Instruction ID: c0c921771d1584a96f7d11f76d19ddb82e7eaaf3782f4263e65886749581413e
Opcode Fuzzy Hash: ddb6be8374ccb98f6b1c6e0cae9c49fb9935ac07339c860758a31af28dc9c3ca
Instruction Fuzzy Hash: 3771E9749002489FE710DF29EC69B7B3BD0F7A2314F44425AE6048B3A2EB79990DDB45

Uniqueness

Uniqueness Score: -1.00%

Function 004E3A20, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 204fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNELBASE(?,?,?,00000000,?,00000000), ref: 004E3ADD

Strings

,P, xrefs: 004E3B15
*.*, xrefs: 004E3A8C

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFindFirst
String ID: *.*$,P
API String ID: 1974802433-2593330398
Opcode ID: a389458f77c419bb5ff4910a420b3c71feeffa0cae7b7740d73928246eefd683
Instruction ID: f406d6c8bc7350d5415d4d01cb00f32e2faaec2182e16ddbd6560ecf5a5d02a5
Opcode Fuzzy Hash: a389458f77c419bb5ff4910a420b3c71feeffa0cae7b7740d73928246eefd683
Instruction Fuzzy Hash: 1261D5722082854BD739CE399808AAFB7D5EBC4326F540B2DF999D32C0DA78DE08C755

Uniqueness

Uniqueness Score: -1.00%

Function 004FB570, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(QTIM32.DLL,004FB521), ref: 004FB57E
GetProcAddress.KERNEL32(00000000,_EntryPoint), ref: 004FB593

Strings

QTIM32.DLL, xrefs: 004FB579
_EntryPoint, xrefs: 004FB58D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressLibraryLoadProc
String ID: QTIM32.DLL$_EntryPoint
API String ID: 2574300362-1510637392
Opcode ID: 97d8fdf10adb06dc3f604af28db68fec86ff74281ef8ec1e5a8bca0f060563eb
Instruction ID: ad2dacfdc94890c19984ae5fd275019609578ce68281c9ad6b4190308192e7e3
Opcode Fuzzy Hash: 97d8fdf10adb06dc3f604af28db68fec86ff74281ef8ec1e5a8bca0f060563eb
Instruction Fuzzy Hash: 9FF0C2F0A00609DBDB109F24ED7832E3EA4F321329F40406AD505C6BA1E7BDC66CEB48

Uniqueness

Uniqueness Score: -1.00%

Function 004F1340, Relevance: 6.1, APIs: 4, Instructions: 67COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32 ref: 004F1366

Part of subcall function 004F7040: HeapCreate.KERNELBASE(00000001,00001000,00000000,004F13A6), ref: 004F7049

GetCommandLineA.KERNEL32 ref: 004F13C5

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CommandCreateHeapLineVersion
String ID:
API String ID: 2406672466-0
Opcode ID: 4a3c961bc81b102c2696c3601c65fa8c5d5c7e5c35f0ae23eb215decc64fd053
Instruction ID: 799bb13eec5d43cc8cc30f976ae8e21b3104debbde8722660e2cdc1199a62f09
Opcode Fuzzy Hash: 4a3c961bc81b102c2696c3601c65fa8c5d5c7e5c35f0ae23eb215decc64fd053
Instruction Fuzzy Hash: 632129B0800648AFE721EF75DC0A77F3BA4EB25304F14052AFA90D22A1E77C4448DF55

Uniqueness

Uniqueness Score: -1.00%

Function 00468FC0, Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 45372cd57f2d8ebcf2ab7b386bc571053747c5d01d059eeebd9266780fe96b0b
Instruction ID: b0b48b68235eebec2ee92db4c54b5e7ba3ecb29d0b916ac1ae2a2397ac9ecda3
Opcode Fuzzy Hash: 45372cd57f2d8ebcf2ab7b386bc571053747c5d01d059eeebd9266780fe96b0b
Instruction Fuzzy Hash: E2119D7661420057D620A675AC49ABF339CD7D0335F04053AFD1982281FA7D99199767

Uniqueness

Uniqueness Score: -1.00%

Function 004EFE90, Relevance: 4.6, APIs: 3, Instructions: 74timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?,?), ref: 004EFE9C
GetSystemTime.KERNEL32(?), ref: 004EFEA7
GetTimeZoneInformation.KERNELBASE(?), ref: 004EFEFC

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Time$InformationLocalSystemZone
String ID:
API String ID: 2475273158-0
Opcode ID: b2282abf8d7e7e4616d58c3537a1a375baece193f88d298228cc20947bb4fc3f
Instruction ID: d877d5960844ed16d2b9a52991408d05348dfad2ee746f6ed173d516533927ee
Opcode Fuzzy Hash: b2282abf8d7e7e4616d58c3537a1a375baece193f88d298228cc20947bb4fc3f
Instruction Fuzzy Hash: 7F215E795042819EC310DF68D801A6B77E5FF99308F908A2EF499C3B90E338D949DB56

Uniqueness

Uniqueness Score: -1.00%

Function 004A9540, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,80040001,?,00000000,004845F7,?,0047CBA2), ref: 004A95AD

Strings

0, xrefs: 004A95A3

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoSystem
String ID: 0
API String ID: 31276548-4108050209
Opcode ID: 8ef8002d37b1a60755c0d88272e89a712aa79490bcfb47bbf6aa053176922d70
Instruction ID: a3efb1498882931dd4221db28394b3ac756e086052bd573762d4ed04b1d9bda7
Opcode Fuzzy Hash: 8ef8002d37b1a60755c0d88272e89a712aa79490bcfb47bbf6aa053176922d70
Instruction Fuzzy Hash: 82112E32D58349BAE721D794CC0A7EF7B7CAB11358F44815AE450961D3D3B9CB08DB54

Uniqueness

Uniqueness Score: -1.00%

Function 00403D60, Relevance: 44.1, APIs: 1, Strings: 24, Instructions: 368COMMON

Download Yara Rule

Strings

imStartUp, xrefs: 00403E7E
imImageNew, xrefs: 0040408A
imGcBlitImage, xrefs: 0040404C
imGcSetITable, xrefs: 0040402D
imMemHandleLock, xrefs: 00403EDB
imGcDispose, xrefs: 00403F35
imGcBlitQuad, xrefs: 0040406B
imGcSetCTable, xrefs: 0040400E
imSetMoaContext, xrefs: 00403EBC
imImageDispose, xrefs: 004040A9
imGcPush, xrefs: 00403F54
imCTableDispose, xrefs: 004040E7
imShutDown, xrefs: 00403E9D
bdWinCopyBits, xrefs: 00404144
imGcGetImageInfo, xrefs: 00403FD0
imGcPop, xrefs: 00403F73
imGcNew, xrefs: 00403F16
imITableDispose, xrefs: 00404125
imGcSetImage, xrefs: 00403F92
imITableNew, xrefs: 00404106
imCTableNew, xrefs: 004040C8
imGcClipAreaIntersect, xrefs: 00403FEF
imMemHandleUnlock, xrefs: 00403EFA
imGcGetImage, xrefs: 00403FB1

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: bdWinCopyBits$imCTableDispose$imCTableNew$imGcBlitImage$imGcBlitQuad$imGcClipAreaIntersect$imGcDispose$imGcGetImage$imGcGetImageInfo$imGcNew$imGcPop$imGcPush$imGcSetCTable$imGcSetITable$imGcSetImage$imITableDispose$imITableNew$imImageDispose$imImageNew$imMemHandleLock$imMemHandleUnlock$imSetMoaContext$imShutDown$imStartUp
API String ID: 0-1063070624
Opcode ID: 4577e83a6bfd3fefc89e41071edb936409667a39335c53bff0e8197005a59c38
Instruction ID: 3ae23351821b5ecb8b74458294de96f879212a8960a66935663e36c546082850
Opcode Fuzzy Hash: 4577e83a6bfd3fefc89e41071edb936409667a39335c53bff0e8197005a59c38
Instruction Fuzzy Hash: 05B195F464430A6BE324BE54DC82E67775CDF94305F50083EFE04A62C3FAB9DA548699

Uniqueness

Uniqueness Score: -1.00%

Function 00478030, Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 153stringCOMMON

Download Yara Rule

APIs

GetProfileStringA.KERNEL32(intl,sDecimal,00502C90,005090CE,0000002B), ref: 0047804D
GetProfileStringA.KERNEL32(intl,sThousand,0050211C,005090F9,0000002B), ref: 00478097
GetProfileStringA.KERNEL32(intl,sList,0050211C,00509124,0000002B), ref: 004780E1
lstrlenA.KERNEL32(005090CE), ref: 00478120
lstrlenA.KERNEL32(005090F9), ref: 00478142
lstrlenA.KERNEL32(00509124), ref: 00478164
lstrlenA.KERNEL32(005090CE), ref: 004781C4
lstrlenA.KERNEL32(005090F9), ref: 004781E6

Part of subcall function 004C2720: CharNextA.USER32(74E391C0,74E391C0,004780FB,00509124), ref: 004C2726

Part of subcall function 004C1690: CharNextA.USER32(?,?,?,74E06980,?,00502C90,0000002B), ref: 004C16CD

lstrlenA.KERNEL32(00509124), ref: 00478208
lstrlenA.KERNEL32(005090A3), ref: 0047822A
lstrlenA.KERNEL32(0123456789), ref: 0047824C

Strings

.,,+-, xrefs: 00478073
0123456789, xrefs: 00478197
sThousand, xrefs: 0047808D
sDecimal, xrefs: 00478043
0123456789, xrefs: 0047819C, 00478247, 00478255
intl, xrefs: 00478048, 00478092, 004780DC
sList, xrefs: 004780D7

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrlen$ProfileString$CharNext
String ID: .,,+-$0123456789$0123456789$intl$sDecimal$sList$sThousand
API String ID: 907922253-3864085320
Opcode ID: 8e64afbb8ba100fe16e737b91103084a3548004618ceb2c9f8519b28a085ea02
Instruction ID: 14f4cd4b1e6aa9a68caac1fd4a2c018f8502ff0f738964592edd2022814527f1
Opcode Fuzzy Hash: 8e64afbb8ba100fe16e737b91103084a3548004618ceb2c9f8519b28a085ea02
Instruction Fuzzy Hash: B341C5A5BC434137D7143775AC2FF6F2EE8B729744F08002E7504A22EBE9DE8549C6A6

Uniqueness

Uniqueness Score: -1.00%

Function 004676A0, Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 157COMMON

Download Yara Rule

APIs

CreateICA.GDI32(DISPLAY,00000000,00000000,00000000,?,?,0000003A,?), ref: 004676DD

Part of subcall function 004C1690: CharNextA.USER32(?,?,?,74E06980,?,00502C90,0000002B), ref: 004C16CD

CreateFontIndirectA.GDI32(?), ref: 00467747
SelectObject.GDI32(00000000,00000000), ref: 0046775B
GetTextMetricsA.GDI32(00000000,?), ref: 0046776B
GetOutlineTextMetricsA.GDI32(00000000,00000000,00000000), ref: 0046777E

Part of subcall function 00484100: GlobalAlloc.KERNELBASE(?,i,L6}Gy&H,004AF11D,00000810,00000042,?,00000000,00000008,00000008,004C29D5,00000008,00000000,?,?), ref: 00484118

GlobalLock.KERNEL32 ref: 004677A0
GetOutlineTextMetricsA.GDI32(00000000,?,00000000), ref: 004677AB

Part of subcall function 00484210: GlobalFree.KERNELBASE ref: 00484219

SelectObject.GDI32(00000000,?), ref: 00467803
DeleteObject.GDI32(?), ref: 0046780E
CreateFontIndirectA.GDI32(FFFFFFDC), ref: 0046782B
SelectObject.GDI32(00000000,00000000), ref: 00467839
GetTextMetricsA.GDI32(00000000,?), ref: 00467849
SelectObject.GDI32(00000000,?), ref: 00467863
DeleteObject.GDI32(00000000), ref: 0046786A
DeleteDC.GDI32(00000000), ref: 00467871

Strings

DISPLAY, xrefs: 004676D4

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Object$MetricsSelectText$CreateDeleteGlobal$FontIndirectOutline$AllocCharFreeLockNext
String ID: DISPLAY
API String ID: 2410918003-865373369
Opcode ID: f9498c968fbae94ea547c731e046fcf6e5f835b30a51f4056fb1dd9996dc4eb2
Instruction ID: 455cbde637f6a8f765284f2c56172fd2f75cc3567263d5b834437b39c9f01ca4
Opcode Fuzzy Hash: f9498c968fbae94ea547c731e046fcf6e5f835b30a51f4056fb1dd9996dc4eb2
Instruction Fuzzy Hash: 95517171508380AFD711DF659888AAFBBE8EF55308F44482EF98983211D739D908D767

Uniqueness

Uniqueness Score: -1.00%

Function 00488E80, Relevance: 19.7, APIs: 13, Instructions: 164windowCOMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 00488ECB
LoadIconA.USER32 ref: 00488EF8
SendDlgItemMessageA.USER32(?,00000065,00000170,00000000,00000000), ref: 00488F0D
SetDlgItemTextA.USER32 ref: 00488F1E
GlobalUnlock.KERNEL32(00000000), ref: 00488F71
GetSystemMenu.USER32(?,00000000), ref: 00488F7A
DeleteMenu.USER32(00000000,0000F060,00000000), ref: 00488F8C
GetWindowRect.USER32 ref: 00488F98
GetSystemMetrics.USER32 ref: 00488FA6
GetSystemMetrics.USER32 ref: 00488FB4

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: System$GlobalItemMenuMetrics$DeleteIconLoadLockMessageRectSendTextUnlockWindow
String ID:
API String ID: 3376378608-0
Opcode ID: d74e209fa544c7010f014924ff479740f473f8e925b0e48244950c418a4c1210
Instruction ID: 85deb80b6860b45df4690653bcb1d65d37432160a5fc96b0e880eca77f207dc3
Opcode Fuzzy Hash: d74e209fa544c7010f014924ff479740f473f8e925b0e48244950c418a4c1210
Instruction Fuzzy Hash: FC4119727002107BE321AB25EC4AFAF335DEF85704F04082AFA01D6281DA69DD09D7B6

Uniqueness

Uniqueness Score: -1.00%

Function 00469F00, Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 220filestringCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000001,?,?,?,?,80040001), ref: 00469F94
CreateFileA.KERNELBASE(?,00000000,00000000,00000000,?,?,?,?,80040001), ref: 00469FD9
lstrcpynA.KERNEL32(?,?,00000080,?,?,?,?,80040001), ref: 00469FF8
CreateFileA.KERNELBASE(?,00000000,00000000,?,?,?,?,?,?,?,80040001), ref: 0046A030
CreateFileA.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,80040001), ref: 0046A064
CloseHandle.KERNEL32(00000000), ref: 0046A070
SetErrorMode.KERNELBASE(?), ref: 0046A07C

Part of subcall function 00469E30: SetLastError.KERNEL32(00468FE9,00000000,00468FE9,0000045E,80040001), ref: 00469E36

Strings

0bt@Mt, xrefs: 00469F94, 0046A07C

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CreateErrorFile$Mode$CloseHandleLastlstrcpyn
String ID: 0bt@Mt
API String ID: 1588114131-2323819115
Opcode ID: 4036f2694b9c816e99877b5430ac47e1e7e1713719f6b7c4be6534eb6cce6c0b
Instruction ID: 244d54635a98935145a8059a824340c90f3299da36d97090623c8ea3e787a8ca
Opcode Fuzzy Hash: 4036f2694b9c816e99877b5430ac47e1e7e1713719f6b7c4be6534eb6cce6c0b
Instruction Fuzzy Hash: 057182B56043006BD320DF25EC45B6FB7E8EBD4718F04092EF94992241F779DA198B9B

Uniqueness

Uniqueness Score: -1.00%

Function 0048263B, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 171stringCOMMON

Download Yara Rule

APIs

__setjmp3.LIBCMT ref: 00482688
DestroyWindow.USER32(00000000), ref: 004826EE
SetForegroundWindow.USER32(00000000), ref: 0048271F
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000003), ref: 0048273A
lstrcpynA.KERNEL32(?,?,00000200), ref: 004827BC
CharUpperA.USER32(?), ref: 004827C9
KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000,00000001), ref: 004827FD
KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00482869

Part of subcall function 004C3370: MessageBoxA.USER32 ref: 004C33B6
Part of subcall function 004C3370: GetKeyState.USER32(00000011), ref: 004C33C4
Part of subcall function 004C3370: GetKeyState.USER32(00000012), ref: 004C33CD
Part of subcall function 004C3370: DebugBreak.KERNEL32(?,?,?,?,?,?), ref: 004C33D4

Strings

-Embedding, xrefs: 0048263B
main2_w, xrefs: 004826C4, 0048275D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$CallbackDispatcherStateUser$BreakCharDebugDestroyForegroundMessageUpper__setjmp3lstrcpyn
String ID: -Embedding$main2_w
API String ID: 3821530121-1157357610
Opcode ID: 0f870374cdbe392f96d364ef873b22c42c83c9ed09db89bd850b60d499f8d1dc
Instruction ID: 8283807853965bc34369c328bb29735ec3339261c4ea41fef5ad21488c5a9354
Opcode Fuzzy Hash: 0f870374cdbe392f96d364ef873b22c42c83c9ed09db89bd850b60d499f8d1dc
Instruction Fuzzy Hash: 8951A875A00305ABDB10FFA5EE55B9E37A4AF24304F04042AF905D63D2EBB9D948CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0046C720, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetSystemDirectoryA.KERNEL32 ref: 0046C753
CharPrevA.USER32(?,?,?,00000000), ref: 0046C788
SetErrorMode.KERNELBASE(00008001,?,?,?,?,00000000), ref: 0046C7D9
SetErrorMode.KERNELBASE(00000000,?,?,?,?,?,00000000), ref: 0046C811

Strings

GetDiskFreeSpaceExA, xrefs: 0046C7EE
KERNEL32.DLL, xrefs: 0046C7AE
\, xrefs: 0046C79B
0bt@Mt, xrefs: 0046C7CE

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorMode$CharDirectoryPrevSystem
String ID: 0bt@Mt$GetDiskFreeSpaceExA$KERNEL32.DLL$\
API String ID: 2069423404-1334067418
Opcode ID: ee9481c62e49dd1e1b273a817155358d74c6ef90a14aaab6b54e28f7f669a9f8
Instruction ID: 5faf0a1e2dc4599abd37b0f817ae9d8e03e7eab2ad9f1e4a90b16d588011a465
Opcode Fuzzy Hash: ee9481c62e49dd1e1b273a817155358d74c6ef90a14aaab6b54e28f7f669a9f8
Instruction Fuzzy Hash: 5721B471904306ABE720EF64ED49BAF77D8AB54709F00082AE584D2252F778D94C8BA7

Uniqueness

Uniqueness Score: -1.00%

Function 004609F0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 69registryCOMMON

Download Yara Rule

APIs

GetClassInfoA.USER32 ref: 00460A05
LoadCursorA.USER32 ref: 00460A38
RegisterClassA.USER32 ref: 00460A57
GetWindowRect.USER32 ref: 00460A73
CreateWindowExA.USER32 ref: 00460AB5
ShowWindow.USER32(00000000,00000008,?,?,?,?,?,?,?,?,?,?,?,?,0044F4D7,00000000), ref: 00460AC0

Strings

p)P, xrefs: 00460A4B
APW_COVER, xrefs: 004609FF, 00460AAE

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$Class$CreateCursorInfoLoadRectRegisterShow
String ID: APW_COVER$p)P
API String ID: 3709709455-1424223134
Opcode ID: a2116532c187938d3875c5514b08bb0a768b545c417e09f00dc2d660c6b2a234
Instruction ID: 68ee1d71dab0f1c1d0725287b3cfecb60e91fb9e88dcf5dbcfa05c2ba19d0455
Opcode Fuzzy Hash: a2116532c187938d3875c5514b08bb0a768b545c417e09f00dc2d660c6b2a234
Instruction Fuzzy Hash: D2215EB1618351AFD310CF54DC49F6F7BE8FB98B44F00091DF98596290D770A948CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0046B3C0, Relevance: 10.6, APIs: 7, Instructions: 115shareCOMMON

Download Yara Rule

APIs

WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,00000000), ref: 0046B429
GlobalLock.KERNEL32 ref: 0046B455
WNetEnumResourceA.MPR(?,?,?,?), ref: 0046B487
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0046B498
GlobalLock.KERNEL32 ref: 0046B4AF
WNetCloseEnum.MPR(?), ref: 0046B4F8
GlobalUnlock.KERNEL32(00000000,?,?,00000000), ref: 0046B4FE

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$Enum$LockUnlock$CloseOpenResource
String ID:
API String ID: 590266997-0
Opcode ID: c88b4e1edfe8ab64d9ef55739427946484c7e9ec646d598332c1632d796527cc
Instruction ID: 944d385ddde1920046048cf006ac98fa55d3d56e093cab77df3fd91cd45ef1d6
Opcode Fuzzy Hash: c88b4e1edfe8ab64d9ef55739427946484c7e9ec646d598332c1632d796527cc
Instruction Fuzzy Hash: 4A418FB1604301ABD310DF51D885B7F77A8EB84748F04082EF585D6282EB78D9898BEB

Uniqueness

Uniqueness Score: -1.00%

Function 004EEEE0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48COMMON

Download Yara Rule

APIs

SetCurrentDirectoryA.KERNELBASE(?), ref: 004EEEEB
GetCurrentDirectoryA.KERNEL32(00000105,?), ref: 004EEEFF
SetEnvironmentVariableA.KERNELBASE(0000005C,?), ref: 004EEF56
GetLastError.KERNEL32 ref: 004EEF69

Strings

:, xrefs: 004EEF43
/, xrefs: 004EEF10

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentDirectory$EnvironmentErrorLastVariable
String ID: /$:
API String ID: 373561786-4222935259
Opcode ID: d6a511fec5c91550726db89eb0b3ada8fce5e147124f7f273e102370c1ca7ec7
Instruction ID: e99a6225c946deb528c4c16268920c46bf71467177b40824f50c46448fa6972b
Opcode Fuzzy Hash: d6a511fec5c91550726db89eb0b3ada8fce5e147124f7f273e102370c1ca7ec7
Instruction Fuzzy Hash: D0018E605083C1BEE7118776980876B7BD85B91B04F48CD6DF4D8C2282E7BCC948E763

Uniqueness

Uniqueness Score: -1.00%

Function 00469AE0, Relevance: 9.1, APIs: 6, Instructions: 123COMMON

Download Yara Rule

APIs

Part of subcall function 00469760: SetErrorMode.KERNELBASE(00000001,?,?,80040001,00469AF7,?,?,?,?,80040001), ref: 0046976B
Part of subcall function 00469760: SetErrorMode.KERNELBASE(00000000,80040001), ref: 00469780

CharPrevA.USER32(?,00000000,?,?,?,?,?,?,?,?,80040001), ref: 00469B90
CharPrevA.USER32(?,00000000,?,?,?,?,?,?,?,?,80040001), ref: 00469BBD
GetFileAttributesA.KERNELBASE(?,?,?,?,?,?,?,?,?,80040001), ref: 00469BCC
CharNextA.USER32(00000000,?,?,?,?,?,?,80040001), ref: 00469BEA
CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,80040001), ref: 00469BFA

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Char$ErrorModePrev$AttributesCreateDirectoryFileNext
String ID:
API String ID: 1001287445-0
Opcode ID: 9748c51920f8f08e2c1afd38be208464318e3737516dea863c555036e4e4618e
Instruction ID: fedaef6c17281a438a1c039a5b5505d5cd57a9ab04b354d69aba1b042b5fc68f
Opcode Fuzzy Hash: 9748c51920f8f08e2c1afd38be208464318e3737516dea863c555036e4e4618e
Instruction Fuzzy Hash: E831C2316082499BD710EA68BC41AAB739CFB51715F44087BE941C2181FBBDEE0D9BA7

Uniqueness

Uniqueness Score: -1.00%

Function 004D7340, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82stringCOMMON

Download Yara Rule

APIs

lstrcpynA.KERNEL32(?,?,00000200), ref: 004D7374
CharUpperA.USER32(?), ref: 004D7381

Part of subcall function 00483050: lstrlenA.KERNEL32(?), ref: 0048306F

Strings

-TARGETWINDOW, xrefs: 004D73B2
-TARGETICON, xrefs: 004D73D4
-CMD, xrefs: 004D7416

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CharUpperlstrcpynlstrlen
String ID: -CMD$-TARGETICON$-TARGETWINDOW
API String ID: 2845111740-1795257689
Opcode ID: ee1c89dc151170855c5dbff46c2986ee087d512f39ca9a18981b60c3837a4f1e
Instruction ID: e62b0c4a8bb67ef58cac2401d12e8154c346f56bab63db311182518deca9319a
Opcode Fuzzy Hash: ee1c89dc151170855c5dbff46c2986ee087d512f39ca9a18981b60c3837a4f1e
Instruction Fuzzy Hash: 9531F6B1504340AFE300DF64D985A9FBBE4FB99304F44496EF48887262E775DA0CCB62

Uniqueness

Uniqueness Score: -1.00%

Function 00481E10, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 00481E21
CreateWindowExA.USER32 ref: 00481EA7
ShowWindow.USER32(00000000,?), ref: 00481ECE
UpdateWindow.USER32(00000000), ref: 00481EDB

Strings

APWMainClass, xrefs: 00481E7A, 00481EA0

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$CreateDestroyShowUpdate
String ID: APWMainClass
API String ID: 3891081243-109158154
Opcode ID: a580c71598e655eb03e0336018b002b34b062a287910ccf4e7f643c118933008
Instruction ID: e1d4a718dea25427fe6c3ebcd176061e77dd3b3b991d3cfdf484b1b0566b6fc4
Opcode Fuzzy Hash: a580c71598e655eb03e0336018b002b34b062a287910ccf4e7f643c118933008
Instruction Fuzzy Hash: B8116071B54301ABF324DB24EC5AFBF366CBB24700F44041AFD85DA2E1EAA59C08D796

Uniqueness

Uniqueness Score: -1.00%

Function 00469C30, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55stringCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000001,00000000,00000000), ref: 00469C40
SetErrorMode.KERNELBASE(00000000), ref: 00469C68
lstrlenA.KERNEL32(?), ref: 00469C6F

Strings

\, xrefs: 00469CAF

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorMode$lstrlen
String ID: \
API String ID: 3075946784-2967466578
Opcode ID: e2dda7bb5f11686c64cd2ef99de0ab35b69fc8e3a281c524b3d8fc96d02c961e
Instruction ID: 6d384afae55ebc3df3c77032a31d8074e9eb976b58494a40bbf281824ae164e9
Opcode Fuzzy Hash: e2dda7bb5f11686c64cd2ef99de0ab35b69fc8e3a281c524b3d8fc96d02c961e
Instruction Fuzzy Hash: 56118231508355AAE324E725DC45BAFBBDC9B90308F044C2EE985C2251FA79D949CB97

Uniqueness

Uniqueness Score: -1.00%

Function 004011C0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetClassInfoA.USER32 ref: 004011D5
LoadCursorA.USER32 ref: 00401201
RegisterClassA.USER32 ref: 00401230
DialogBoxParamA.USER32 ref: 0040126B

Strings

AWAbout, xrefs: 004011CF, 004011F0

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Class$CursorDialogInfoLoadParamRegister
String ID: AWAbout
API String ID: 380290588-3700187910
Opcode ID: c2bfad6e5eed91667e21850ab6a3c42834016ea72173ea32f901d4a6a9b23b9c
Instruction ID: 3648f114092c7ec87e88f2d74e613dc72eed711951edc3d8f996f1e99f914ad3
Opcode Fuzzy Hash: c2bfad6e5eed91667e21850ab6a3c42834016ea72173ea32f901d4a6a9b23b9c
Instruction Fuzzy Hash: A2118F70604301AFD710EF15DD88B5F7BE4BFA8704F40851EF984AA2A1D7759948DF86

Uniqueness

Uniqueness Score: -1.00%

Function 00478290, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 24stringCOMMON

Download Yara Rule

APIs

GetProfileStringA.KERNEL32(intl,sShortDate,M/d/yy,?,00000064), ref: 004782AA
lstrlenA.KERNEL32(?), ref: 004782CD

Strings

sShortDate, xrefs: 004782A0
intl, xrefs: 004782A5
M/d/yy, xrefs: 0047829B

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ProfileStringlstrlen
String ID: M/d/yy$intl$sShortDate
API String ID: 1372419434-3820931362
Opcode ID: d7cef6a2d8f9d48f00aad5966cea8345b86b1161d651f9d8146a157affec720e
Instruction ID: 92f8047ba018db67696d7dda21641d237a92f190a121b4d336039e8753953630
Opcode Fuzzy Hash: d7cef6a2d8f9d48f00aad5966cea8345b86b1161d651f9d8146a157affec720e
Instruction Fuzzy Hash: A0E0DF71548B00BBD320A7149C4ADAF7BF8FF98B04F04480CFA4893190D631A909CBAB

Uniqueness

Uniqueness Score: -1.00%

Function 004690A0, Relevance: 7.6, APIs: 5, Instructions: 117fileCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000001,?,?,?,?,?,?), ref: 00469117
CreateFileA.KERNELBASE(?,C0000000,00000001,00000000,00000002,00000080,00000000,?,?,?,?,?,?), ref: 00469136
SetErrorMode.KERNELBASE(?,?,?,?,?,?,?), ref: 00469144
GetLastError.KERNEL32 ref: 0046914D

Part of subcall function 00469E30: SetLastError.KERNEL32(00468FE9,00000000,00468FE9,0000045E,80040001), ref: 00469E36

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Error$LastMode$CreateFile
String ID:
API String ID: 1894716359-0
Opcode ID: 916ffea8811d71dd6c3bc8c155c8c161f08fc0eb7580b10244c394a456ea6b9e
Instruction ID: dac0a01a87c9d5bd79fdfd902156a6af034d406739035a6d1874fbec49dec59c
Opcode Fuzzy Hash: 916ffea8811d71dd6c3bc8c155c8c161f08fc0eb7580b10244c394a456ea6b9e
Instruction Fuzzy Hash: 6B31B6B5A407012BF610E665EC46BEF32D89FD0318F44093AF95887281F6B9D90987E7

Uniqueness

Uniqueness Score: -1.00%

Function 0041B120, Relevance: 7.6, APIs: 5, Instructions: 71filelibraryCOMMON

Download Yara Rule

APIs

OpenFile.KERNEL32 ref: 0041B15E
SetErrorMode.KERNELBASE(00000001), ref: 0041B1AF
LoadLibraryA.KERNEL32(?), ref: 0041B1B8
SetErrorMode.KERNELBASE(00000000), ref: 0041B1C1
GetLastError.KERNEL32 ref: 0041B1C7

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Error$Mode$FileLastLibraryLoadOpen
String ID:
API String ID: 2604906259-0
Opcode ID: 72ec4b5435d98246602b34f7ede954b350cd0138b6a45e2bccd3c7071d53138d
Instruction ID: ad111bfc0743c42a03ca7feaff40fca5d2858931f312abb83fef8fff1fa81b8b
Opcode Fuzzy Hash: 72ec4b5435d98246602b34f7ede954b350cd0138b6a45e2bccd3c7071d53138d
Instruction Fuzzy Hash: D61105B6A003006FD3209B25EC45BDB779CEB54364F00443AFD54C2241F779D44E8BA6

Uniqueness

Uniqueness Score: -1.00%

Function 00489190, Relevance: 7.6, APIs: 5, Instructions: 61stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00489520: lstrlenA.KERNEL32(?,00000000,?,00000002,004892DE,00000002), ref: 00489537

CharNextA.USER32(00000000,00000001,?), ref: 004891E3
lstrlenA.KERNEL32(00000000,00000001,?), ref: 004891EC
SetDlgItemTextA.USER32 ref: 004891FD

Part of subcall function 004C2720: CharNextA.USER32(74E391C0,74E391C0,004780FB,00509124), ref: 004C2726

GetDlgItem.USER32 ref: 00489211
ShowWindow.USER32(00000000,00000000), ref: 0048921E

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CharItemNextlstrlen$ShowTextWindow
String ID:
API String ID: 551136911-0
Opcode ID: 0ebf4aee309dfee776880fc9e2bda6c61d87bc28c7ca306698244d473170b32e
Instruction ID: c1d5991d6aaeae1bee805c18959b387f4c61bc8d6cffc30632017df7d6cd4301
Opcode Fuzzy Hash: 0ebf4aee309dfee776880fc9e2bda6c61d87bc28c7ca306698244d473170b32e
Instruction Fuzzy Hash: 1F11C2396085026BE6207766BC0CB7F3BA8EB95365F084C36F805C2210DB78CC86DB65

Uniqueness

Uniqueness Score: -1.00%

Function 00481F00, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registrywindowCOMMON

Download Yara Rule

APIs

GetClassInfoA.USER32 ref: 00481F15
LoadIconA.USER32 ref: 00481F4D
RegisterClassA.USER32 ref: 00481F6C

Strings

APWMainClass, xrefs: 00481F0F, 00481F60

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Class$IconInfoLoadRegister
String ID: APWMainClass
API String ID: 374448644-109158154
Opcode ID: da6856a2f910c176a657a4c4e2880b80b05c6fdf3a6e23bd5ad89e73737b3f31
Instruction ID: aa0e6a0fd13f53afc4b57c18e8b737d8a18b421adeffbed631019cf4b1507a4a
Opcode Fuzzy Hash: da6856a2f910c176a657a4c4e2880b80b05c6fdf3a6e23bd5ad89e73737b3f31
Instruction Fuzzy Hash: 02018CB0918301AFD710EF65DC48A5FBBE8FB98744F008D0EF588D6250D37986498F86

Uniqueness

Uniqueness Score: -1.00%

Function 004F73A0, Relevance: 6.4, APIs: 5, Instructions: 111memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00400000,00002000,00000004,?,?,?,?,004F7060), ref: 004F73C6
VirtualAlloc.KERNELBASE(00000000,00010000,00001000,00000004,?,?,?,?,004F7060), ref: 004F73DF
HeapAlloc.KERNEL32(?,00000000,00000814,?,?,?,?,004F7060), ref: 004F7426
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,004F7060), ref: 004F74EC
HeapFree.KERNEL32(?,00000000,00000000,?,?,?,?,004F7060), ref: 004F7503

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual$FreeHeap
String ID:
API String ID: 714016831-0
Opcode ID: b813665bc4dea2bae92106943e68a6de23549c040605a28ea6ce3e43db0d047e
Instruction ID: f2828d900f5abe51cf0e0b9f7a03c95eb4c35953bf527d5532eedb701cd588e3
Opcode Fuzzy Hash: b813665bc4dea2bae92106943e68a6de23549c040605a28ea6ce3e43db0d047e
Instruction Fuzzy Hash: 3F31C07224474A9BD7208F58DC89B6B7BD4FB14710F10843BF3569B781D7BCA8489B98

Uniqueness

Uniqueness Score: -1.00%

Function 00469360, Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(004ACA69,00000000,00000000,00000000,00000000,00000001,?,?,?,?,?,?,?,?,00000000,?), ref: 0046939D
SetEndOfFile.KERNELBASE(004ACA69,?,?,?,?,?,?,00000000,?,?), ref: 004693A6
SetFilePointer.KERNELBASE(004ACA69,?,00000000,00000000,?,?,?,?,?,?,00000000,?,?), ref: 004693AE
SetEndOfFile.KERNELBASE(004ACA69,?,?,?,?,?,?,00000000,?,?), ref: 004693C2

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: File$Pointer
String ID:
API String ID: 1339342385-0
Opcode ID: c473eb35d484af874b8af576d1fc304a7db7db7b3b2cc6aba68a5f4130df255b
Instruction ID: 946913ea65106afb91698c9e1744fd863c8ef306ca84ff9e6e8a0da403613408
Opcode Fuzzy Hash: c473eb35d484af874b8af576d1fc304a7db7db7b3b2cc6aba68a5f4130df255b
Instruction Fuzzy Hash: 283105B270431167D60096A9AC02B2B735C9B80B35F14073BFA14C73C2EAB9EC0587EB

Uniqueness

Uniqueness Score: -1.00%

Function 00469850, Relevance: 6.1, APIs: 4, Instructions: 59fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNELBASE(?,?,?,?,?,00000000), ref: 004698AE
GetFileAttributesA.KERNEL32(?,?,?,?,?,00000000), ref: 004698BD
RemoveDirectoryA.KERNEL32(?,?,?,?,?,00000000), ref: 004698D1

Part of subcall function 00469E30: SetLastError.KERNEL32(00468FE9,00000000,00468FE9,0000045E,80040001), ref: 00469E36

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: File$AttributesDeleteDirectoryErrorLastRemove
String ID:
API String ID: 1000165283-0
Opcode ID: 1f9023433ddcabb6c28284c6dc9c698b74ce23ef619114492a6caf3d55fa1a97
Instruction ID: 856ce7717f5c1e1f28dfea741e691b370a4dececfa642db18a61bc63f7075e3e
Opcode Fuzzy Hash: 1f9023433ddcabb6c28284c6dc9c698b74ce23ef619114492a6caf3d55fa1a97
Instruction Fuzzy Hash: 2D01847691421057EE20FA79AD466DB338C6F51718F840836E89CC2281F6BEDA58919B

Uniqueness

Uniqueness Score: -1.00%

Function 00469470, Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00469290: SetFilePointer.KERNELBASE(?,?,00000000,?,?,?), ref: 004692B0

ReadFile.KERNELBASE(?,?), ref: 004694DF

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: File$PointerRead
String ID:
API String ID: 3154509469-0
Opcode ID: c401e770c410aa3fde84d73dee77c3e6df6e721d270b6d98aee79d3e3b69fdb9
Instruction ID: 131e6867b96943cdbbe078c6ca775a007458f6e386c29daa108d439a4bc92543
Opcode Fuzzy Hash: c401e770c410aa3fde84d73dee77c3e6df6e721d270b6d98aee79d3e3b69fdb9
Instruction Fuzzy Hash: 363193737083055BC600DEA9EC8195F77A8EB85375F44063EFA1583380EA6AED48C7A7

Uniqueness

Uniqueness Score: -1.00%

Function 004F13AA, Relevance: 4.6, APIs: 3, Instructions: 66COMMON

Download Yara Rule

APIs

Part of subcall function 004F6E60: GetStartupInfoA.KERNEL32(?), ref: 004F6EC8
Part of subcall function 004F6E60: GetFileType.KERNEL32 ref: 004F6F7B

GetCommandLineA.KERNEL32 ref: 004F13C5

Part of subcall function 004F6CD0: GetEnvironmentStringsW.KERNEL32 ref: 004F6CE9
Part of subcall function 004F6CD0: GetEnvironmentStringsW.KERNEL32 ref: 004F6D30

GetStartupInfoA.KERNEL32(?), ref: 004F1460
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004F147F

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: EnvironmentInfoStartupStrings$CommandFileHandleLineModuleType
String ID:
API String ID: 2499804999-0
Opcode ID: 7184f655e1cccc974eb2c9d922d4a62c81099697b5cdf1947e4d8bffd153826a
Instruction ID: 1ad22be79656090bc565c0e8a2f2dc870ad266059334f633b04a91f7efd67832
Opcode Fuzzy Hash: 7184f655e1cccc974eb2c9d922d4a62c81099697b5cdf1947e4d8bffd153826a
Instruction Fuzzy Hash: 91212BB1C0034DDBFB31AFA5D80A77E77A0EF11318F240A2FEA90962A1D77D4445971A

Uniqueness

Uniqueness Score: -1.00%

Function 004F1670, Relevance: 4.5, APIs: 3, Instructions: 45COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,004F163E,?,00000000,00000000,004F13EE,000000FF), ref: 004F1681
TerminateProcess.KERNEL32(00000000,?,?,?,004F163E,?,00000000,00000000,004F13EE,000000FF), ref: 004F1688
ExitProcess.KERNEL32 ref: 004F1709

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 3d54018f9c2321cc97c94ae3faef2c15b9a5b15a33ae55b96d71df1b19f5df21
Instruction ID: b1f9f7114e155bfea3a2d6099f494eb53dba118679c136edfc4dcd24321dbf2d
Opcode Fuzzy Hash: 3d54018f9c2321cc97c94ae3faef2c15b9a5b15a33ae55b96d71df1b19f5df21
Instruction Fuzzy Hash: 1B01D831600648EBFB10AB7AEE5D76E37A5A771356F044426F18493170D3B8688CDF7A

Uniqueness

Uniqueness Score: -1.00%

Function 00469D70, Relevance: 4.5, APIs: 3, Instructions: 44COMMON

Download Yara Rule

APIs

GlobalAddAtomA.KERNEL32 ref: 00469DD4
EnumWindows.USER32(0046EB40,?), ref: 00469DE9
GlobalDeleteAtom.KERNEL32 ref: 00469DF4

Part of subcall function 00469E30: SetLastError.KERNEL32(00468FE9,00000000,00468FE9,0000045E,80040001), ref: 00469E36

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: AtomGlobal$DeleteEnumErrorLastWindows
String ID:
API String ID: 612792198-0
Opcode ID: 375adb6b5810bdc23ff1fbbb82216ca08b557c3502740b86be10a2f927397a89
Instruction ID: c39c72be6efcd3f74690337a9c176f029700d246c90175d8f5d5758d93d116a0
Opcode Fuzzy Hash: 375adb6b5810bdc23ff1fbbb82216ca08b557c3502740b86be10a2f927397a89
Instruction Fuzzy Hash: 4C01B1B5504300ABD324DF65DC06BDBB3E8AF84704F04492EF99883280F239D948DB97

Uniqueness

Uniqueness Score: -1.00%

Function 004FB500, Relevance: 4.5, APIs: 3, Instructions: 40COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00008000,00000000,?,00000001,00477E9E,00000000), ref: 004FB518

Part of subcall function 004FB570: LoadLibraryA.KERNELBASE(QTIM32.DLL,004FB521), ref: 004FB57E
Part of subcall function 004FB570: GetProcAddress.KERNEL32(00000000,_EntryPoint), ref: 004FB593

SetErrorMode.KERNELBASE(00000000), ref: 004FB560

Part of subcall function 004FB5E0: LoadLibraryA.KERNEL32(CMGR32.DLL,00000000,004FB52C), ref: 004FB5F3
Part of subcall function 004FB5E0: GetProcAddress.KERNEL32(00000000,_EntryPoint), ref: 004FB60E
Part of subcall function 004FB5E0: GetProcAddress.KERNEL32(00000000,_CMgrInitialize), ref: 004FB620
Part of subcall function 004FB5E0: FreeLibrary.KERNEL32(00000000), ref: 004FB645

Part of subcall function 004FB7A0: GetVersionExA.KERNEL32(00000000), ref: 004FB7C9
Part of subcall function 004FB7A0: OutputDebugStringA.KERNEL32(Library not freed ... call microsoft), ref: 004FB7DB

SetErrorMode.KERNEL32(00000000), ref: 004FB538

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressErrorLibraryModeProc$Load$DebugFreeOutputStringVersion
String ID:
API String ID: 884946935-0
Opcode ID: a641440c333aa50776a53d134e0daa3a8f8deb2d816a68d0d868476bca64294f
Instruction ID: e7463bd6a5aa27a571e430754042347a8011921d0ca191913b637ed8d7191801
Opcode Fuzzy Hash: a641440c333aa50776a53d134e0daa3a8f8deb2d816a68d0d868476bca64294f
Instruction Fuzzy Hash: C9F0B4B2B0123D67C5303BBADC5152FA688DF927A9706142BF700D7211CB6CCC0857E9

Uniqueness

Uniqueness Score: -1.00%

Function 00460900, Relevance: 4.5, APIs: 3, Instructions: 37COMMON

Download Yara Rule

APIs

BeginPaint.USER32(?,?), ref: 0046092A
EndPaint.USER32(?,?), ref: 00460936
DefWindowProcA.USER32(?,?,?,?), ref: 00460958

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Paint$BeginProcWindow
String ID:
API String ID: 1820170886-0
Opcode ID: 76cc5a0c1cc7576b36b6ba2663ec3eeb305057cdd88b0c594b62809bbeb77d49
Instruction ID: 10ed44e719b50e2d06b03e450d4080f95eea1f167058939dd8c041fa3faa58ea
Opcode Fuzzy Hash: 76cc5a0c1cc7576b36b6ba2663ec3eeb305057cdd88b0c594b62809bbeb77d49
Instruction Fuzzy Hash: 3EF0AF72108215AFE3149B54D8448BFBBB8EAC6360F01482AF88583211E3B0AC0DD7A3

Uniqueness

Uniqueness Score: -1.00%

Function 004DB470, Relevance: 4.5, APIs: 3, Instructions: 19COMMON

Download Yara Rule

APIs

ShowWindow.USER32(00000000,00000001,0044EFEB), ref: 004DB482
GetWindowLongA.USER32 ref: 004DB491
SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 004DB4A6

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$Long$Show
String ID:
API String ID: 3609083571-0
Opcode ID: 0a07763f7a68aba6a0bfcc967e89d2a901577005266f5df1b2959e9c2524bbca
Instruction ID: d884f7caade429ee7f6de826daee5a20f729313dc4b36d7c9c415354a53f55b3
Opcode Fuzzy Hash: 0a07763f7a68aba6a0bfcc967e89d2a901577005266f5df1b2959e9c2524bbca
Instruction Fuzzy Hash: 97E04F7A1042419FEB24DF64DD1DA5D3624BB24324F100315BA218A2F6CF7A9808DB14

Uniqueness

Uniqueness Score: -1.00%

Function 004E3910, Relevance: 4.5, APIs: 3, Instructions: 15COMMON

Download Yara Rule

APIs

GlobalHandle.KERNEL32(?), ref: 004E391A
GlobalUnlock.KERNEL32(00000000), ref: 004E3927
GlobalFree.KERNELBASE ref: 004E392E

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$FreeHandleUnlock
String ID:
API String ID: 1436724280-0
Opcode ID: 19a0722440ca5d2edbdabbb50bc836ff66d49603cfcf837acf351d812201bc88
Instruction ID: 0c9463f607e110d27f0e61888c30f01ff2436cf26bed003973aaaf210ffa4614
Opcode Fuzzy Hash: 19a0722440ca5d2edbdabbb50bc836ff66d49603cfcf837acf351d812201bc88
Instruction Fuzzy Hash: 97D0C9B3503AA2BBC6221B65AC0C9AFB7589F25A5A3064421F805D2A25CB38CD0597A5

Uniqueness

Uniqueness Score: -1.00%

Function 00481D00, Relevance: 3.1, APIs: 2, Instructions: 73windowCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 00481DBB
DispatchMessageA.USER32 ref: 00481DC2

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Message$DispatchTranslate
String ID:
API String ID: 1706434739-0
Opcode ID: d61751463d5b011f2e188b1f0511e000475e4faa29f3c618e56f739e6d5a2ece
Instruction ID: 4fec0b7ec3bf2701c5efe97d5ba8df8f530cef0c7a2901e7f5a91b058d257607
Opcode Fuzzy Hash: d61751463d5b011f2e188b1f0511e000475e4faa29f3c618e56f739e6d5a2ece
Instruction Fuzzy Hash: A921FBB4504204DAEB39B745D9483AF32ECA714316F185C2BE845912B0C37CB8CAEB9B

Uniqueness

Uniqueness Score: -1.00%

Function 004F141E, Relevance: 3.1, APIs: 2, Instructions: 54COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32(?), ref: 004F1460
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004F147F

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: HandleInfoModuleStartup
String ID:
API String ID: 551945437-0
Opcode ID: 1463c5a856fad824967ef62fcee564c6842b3b248c6a1b1161f81741f554cd77
Instruction ID: 94a2ac30beeb3e888732f71bae39b8294181c0a8099487f405eef529a85fe959
Opcode Fuzzy Hash: 1463c5a856fad824967ef62fcee564c6842b3b248c6a1b1161f81741f554cd77
Instruction Fuzzy Hash: FD1108B1D04289AAEB318FB4C8047BABBE4DF41314F28042EE9C1C2292D26C48858719

Uniqueness

Uniqueness Score: -1.00%

Function 0046DD10, Relevance: 3.1, APIs: 2, Instructions: 52stringCOMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNELBASE(?,00000000,00000000), ref: 0046DD5D
lstrlenA.KERNEL32(?), ref: 0046DD7F

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: InformationVolumelstrlen
String ID:
API String ID: 2744656266-0
Opcode ID: d59b22c80b31b64cc656683001300565371b4cc588bdfbc765eb21488691993a
Instruction ID: d7245e7d7b3eaef403b984135848553c151e1a5bad178c4e78c85e32856066a6
Opcode Fuzzy Hash: d59b22c80b31b64cc656683001300565371b4cc588bdfbc765eb21488691993a
Instruction Fuzzy Hash: FC01ADB26047016FE310CE64DC84BEB7BECAB88354F44092DF681C2191E769E9498B72

Uniqueness

Uniqueness Score: -1.00%

Function 00481C80, Relevance: 3.0, APIs: 2, Instructions: 39windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00481C90
KiUserCallbackDispatcher.NTDLL(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00481CC1

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CallbackDispatcherMessagePeekUser
String ID:
API String ID: 1705738138-0
Opcode ID: a30a0935da6b99d9537c38116fb0fb61e80baa30240e60f35284fca34b6a071f
Instruction ID: 9423cc7b65d0dbee37fe4832cd3010a1bd9b5af5c44ad3149b169612c471e189
Opcode Fuzzy Hash: a30a0935da6b99d9537c38116fb0fb61e80baa30240e60f35284fca34b6a071f
Instruction Fuzzy Hash: 2FF096B4A8020167E730FA54DC47B6E3298B750701FD8086AF508C56E1F67DEA19975B

Uniqueness

Uniqueness Score: -1.00%

Function 004E3D10, Relevance: 3.0, APIs: 2, Instructions: 24fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004E3CD0: OpenFile.KERNEL32 ref: 004E3CE5

OpenFile.KERNEL32 ref: 004E3D32
_lclose.KERNEL32(00000000), ref: 004E3D4D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: FileOpen$_lclose
String ID:
API String ID: 232936180-0
Opcode ID: 1d251070e3fb6550aa6e00aee94001bd963021f7a90bb88c368bb531a9ca5eb8
Instruction ID: bfde40b6115a21c249f766c542e8ea2f8c96800761979b6c32546f92a15b5a5e
Opcode Fuzzy Hash: 1d251070e3fb6550aa6e00aee94001bd963021f7a90bb88c368bb531a9ca5eb8
Instruction Fuzzy Hash: 35E0DF345001106AD760A73CAC09BEB3298BF0832AFC08A21F8A8D2190EB28861C53A7

Uniqueness

Uniqueness Score: -1.00%

Function 00469760, Relevance: 3.0, APIs: 2, Instructions: 22COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000001,?,?,80040001,00469AF7,?,?,?,?,80040001), ref: 0046976B
SetErrorMode.KERNELBASE(00000000,80040001), ref: 00469780

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 3afe46344e43836a9685497a7771560933cc9f1f67efa7526c729b1478463eec
Instruction ID: e9f5d873c6bb58d5f0af69ec35cc90808f07a470682f5395fc566db95e7ff86d
Opcode Fuzzy Hash: 3afe46344e43836a9685497a7771560933cc9f1f67efa7526c729b1478463eec
Instruction Fuzzy Hash: 05D0A7B3B042502FD210F6BA6C84D5F67CCDBD1279F050835F549C3112E166AC0A87E1

Uniqueness

Uniqueness Score: -1.00%

Function 004018DA, Relevance: 3.0, APIs: 2, Instructions: 20COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 004018F0
EndDialog.USER32(?,00000000), ref: 00401904

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CountDialogTick
String ID:
API String ID: 2364575841-0
Opcode ID: eec4f3e63376de7b3c154a1638b0a53ae2bba50619a097f9e14680abe25ad5a9
Instruction ID: 0033d474b68649e53d55280bba5df6da13169092222a0b10960467484aab60f5
Opcode Fuzzy Hash: eec4f3e63376de7b3c154a1638b0a53ae2bba50619a097f9e14680abe25ad5a9
Instruction Fuzzy Hash: 2FE026339011248FD730DF24EC84AAD73A0FB14316F434937C956BB0A1E635280ECB90

Uniqueness

Uniqueness Score: -1.00%

Function 004F7040, Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000001,00001000,00000000,004F13A6), ref: 004F7049
HeapDestroy.KERNEL32(?), ref: 004F706A

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$CreateDestroy
String ID:
API String ID: 3296620671-0
Opcode ID: 7ea3c7df685591069254051f916317fbf365d9fd5585f2502d40b9c65dfb581a
Instruction ID: b4a72fa5777cbca0b2578c6207c4b0a4280c166124edd3a51aed003bf87bbfd1
Opcode Fuzzy Hash: 7ea3c7df685591069254051f916317fbf365d9fd5585f2502d40b9c65dfb581a
Instruction Fuzzy Hash: D0D05E703042036BFB2097B49D0672F33E45B2C782F400471BB09C9A94FEACD488A618

Uniqueness

Uniqueness Score: -1.00%

Function 00469CE0, Relevance: 3.0, APIs: 2, Instructions: 19COMMON

Download Yara Rule

APIs

SetCurrentDirectoryA.KERNELBASE(00000000), ref: 00469D02
GetLastError.KERNEL32 ref: 00469D15

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentDirectoryErrorLast
String ID:
API String ID: 152501406-0
Opcode ID: c27fbdc6dfabd665310fbee196eb63c126faf3b406cf8889e8fe8924a32dc375
Instruction ID: 2d2dd8a6eb39d87eb2f4b7346689c626abb9e88ff9322e84d8a8fcf5d8308213
Opcode Fuzzy Hash: c27fbdc6dfabd665310fbee196eb63c126faf3b406cf8889e8fe8924a32dc375
Instruction Fuzzy Hash: 9AD012755182006BD764F731DC06ABB33996B80704F84483DB8D9811C1FEBED558C557

Uniqueness

Uniqueness Score: -1.00%

Function 004E3940, Relevance: 3.0, APIs: 2, Instructions: 11memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(00000040,?,004E29D4,00000028,00000000,00509258,?,004E2FEB,00000000,00000000,?,00000000,?,00000000,00509258,?), ref: 004E3947
GlobalLock.KERNEL32 ref: 004E3952

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$AllocLock
String ID:
API String ID: 15508794-0
Opcode ID: 6681df8072710323e702f48324c09719e11ecc5c3fa54ea63c93668f48ac0c52
Instruction ID: 0f07717043ca71a821b13f47780cd0f618c972192dea58e7f7a0b7dfc7db018f
Opcode Fuzzy Hash: 6681df8072710323e702f48324c09719e11ecc5c3fa54ea63c93668f48ac0c52
Instruction Fuzzy Hash: 95C04CF57002016BEF509F759D4DF1B379C9B54702F040465B60DD1851DB78C844F725

Uniqueness

Uniqueness Score: -1.00%

Function 00484100, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(?,i,L6}Gy&H,004AF11D,00000810,00000042,?,00000000,00000008,00000008,004C29D5,00000008,00000000,?,?), ref: 00484118

Strings

i,L6}Gy&H, xrefs: 00484100, 0048410D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocGlobal
String ID: i,L6}Gy&H
API String ID: 3761449716-249623126
Opcode ID: 1769f6ebe24e3c9a639e8b49e677e3354f1ad7ca1e722371dd52170e1953edaf
Instruction ID: fcbee47bf0f5b8889c4df75b798f8803b27623de6067c3bec26fb336f04557d3
Opcode Fuzzy Hash: 1769f6ebe24e3c9a639e8b49e677e3354f1ad7ca1e722371dd52170e1953edaf
Instruction Fuzzy Hash: F3C04C717046026BDF61DB18CD49B1B73DCAFA1745F008834B058D6640D63CD8449B15

Uniqueness

Uniqueness Score: -1.00%

Function 004E8D50, Relevance: 1.6, APIs: 1, Instructions: 108fileCOMMON

Download Yara Rule

APIs

OpenFile.KERNEL32 ref: 004E8DA5

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: FileOpen
String ID:
API String ID: 2669468079-0
Opcode ID: 94755b22de4ccaddf192e1be4bc6e19b3b1e81c4a1a7b32d593e1c31a060e5ea
Instruction ID: a54e960eb7049cf6cb85794c537b644530e9867f69941b7e934d2ce282169c4b
Opcode Fuzzy Hash: 94755b22de4ccaddf192e1be4bc6e19b3b1e81c4a1a7b32d593e1c31a060e5ea
Instruction Fuzzy Hash: DB31C4755006004BD774EA2DEC41BA772E4BB54315F84892FE4DDC2790FB38E819C765

Uniqueness

Uniqueness Score: -1.00%

Function 00477A90, Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

WritePrivateProfileStringA.KERNEL32(?,?,?,02550D70), ref: 00477BBF

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: PrivateProfileStringWrite
String ID:
API String ID: 390214022-0
Opcode ID: 47a0cccee59d00de08f9ccaf0b39ba1f2f05eb3e13c05789a8fdd23f2737ed86
Instruction ID: c7104b000c9e63aee4b22ae017741013511f54afeb88d26970cbcca83b5de9b8
Opcode Fuzzy Hash: 47a0cccee59d00de08f9ccaf0b39ba1f2f05eb3e13c05789a8fdd23f2737ed86
Instruction Fuzzy Hash: C62195B45442016BD728DB74EC5AEEF3298A76030CF44882EE80D82352F6BDD59CD656

Uniqueness

Uniqueness Score: -1.00%

Function 00469290, Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(?,?,00000000,?,?,?), ref: 004692B0

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 75f790f7554f03c72bdda5997f92761417b7a1d55b30e2224316f999bbe403c0
Instruction ID: 8010b85213f5683c0db2b9e9171cad2e3385017e369bb57335c627c0bcb3dffd
Opcode Fuzzy Hash: 75f790f7554f03c72bdda5997f92761417b7a1d55b30e2224316f999bbe403c0
Instruction Fuzzy Hash: A5112771A04210ABDA14DE18EC51A5B7358AF44B24F0908AEFC5A673D1F279FC04C7DB

Uniqueness

Uniqueness Score: -1.00%

Function 004A0C20, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowTextA.USER32(00000000,?), ref: 004A0C44

Part of subcall function 004116A0: GetSysColor.USER32(00000005), ref: 004116E0

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ColorTextWindow
String ID:
API String ID: 1120834398-0
Opcode ID: 705e9a12ff52c8a32869b9344c40b368b68bc8f7512cda0c13982aab09baa23a
Instruction ID: 308ac8e99e4f31f0a026690b37c9b306c43c0dffe827d6ec7e62a28f3aef812a
Opcode Fuzzy Hash: 705e9a12ff52c8a32869b9344c40b368b68bc8f7512cda0c13982aab09baa23a
Instruction Fuzzy Hash: 8601C0B16103006FE724E720ED57FAB32689FA4704F40451DF5055A2D3E6BAE81CD76B

Uniqueness

Uniqueness Score: -1.00%

Function 0044F4B0, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 004BEE70: GetMenu.USER32(?), ref: 004BEE75

Part of subcall function 004609F0: GetClassInfoA.USER32 ref: 00460A05
Part of subcall function 004609F0: LoadCursorA.USER32 ref: 00460A38
Part of subcall function 004609F0: RegisterClassA.USER32 ref: 00460A57

DestroyWindow.USER32(00000000,?,?,?,?,?,00000000,00000001,004DB689,?,00000001), ref: 0044F52F

Part of subcall function 004BEDA0: KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,00000000,00000001,004DB689,?,00000001), ref: 004BEDBF

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Class$CallbackCursorDestroyDispatcherInfoLoadMenuRegisterUserWindow
String ID:
API String ID: 1757874854-0
Opcode ID: a03a000b62765928fdcfe0abfad581fc27fcac686ab717ce947380a87d529edf
Instruction ID: 25c32835c23fa0394d50eda3fbe55d50cfa9125253340f9fa12fa6632688ff91
Opcode Fuzzy Hash: a03a000b62765928fdcfe0abfad581fc27fcac686ab717ce947380a87d529edf
Instruction Fuzzy Hash: 56F0ADF5C04218BBF2106F65BC826EF3258E7A470EF48043AF80151253E778790CE6AA

Uniqueness

Uniqueness Score: -1.00%

Function 004E8EB0, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

_lclose.KERNEL32(?), ref: 004E8EFF

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: _lclose
String ID:
API String ID: 3806658520-0
Opcode ID: 9b667574e1bfdafdfb96599e72a0ee390214c75d5437e0edede843cedd241de5
Instruction ID: 47e41ffa9eda254339d4d8a6c22c64a02133f55217227fb4287d97e3bb2a861b
Opcode Fuzzy Hash: 9b667574e1bfdafdfb96599e72a0ee390214c75d5437e0edede843cedd241de5
Instruction Fuzzy Hash: 94F031F2900A405BC7609A39A804747B2D47B64339F150B2EE5A997791D738F9058B55

Uniqueness

Uniqueness Score: -1.00%

Function 004D9570, Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

SystemParametersInfoA.USER32(00000029,00000000,00000154), ref: 004D959F

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: 012c38d4e3730ad7cc8fe76328093c2bf11036b6472d36bd1712b51344acbe59
Instruction ID: bbc62f5743e8e700037e4efe3863053398154889bf99cb6eb853106e240be1fc
Opcode Fuzzy Hash: 012c38d4e3730ad7cc8fe76328093c2bf11036b6472d36bd1712b51344acbe59
Instruction Fuzzy Hash: 81F0B4B5604201BBF3119B54FC2576B77D4ABA4305F00443BF644C63D0E3BD984D5A1B

Uniqueness

Uniqueness Score: -1.00%

Function 00469210, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,?,?,?), ref: 00469279

Part of subcall function 00469E30: SetLastError.KERNEL32(00468FE9,00000000,00468FE9,0000045E,80040001), ref: 00469E36

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ChangeCloseErrorFindLastNotification
String ID:
API String ID: 1687624791-0
Opcode ID: 90220066047bf0a7be1f621427b5e902ff82a82ced6540454d6dd80f45bff6ce
Instruction ID: 4281afaa512afdd69226f3d09e9a2ed9226a645b96b8c8875eaeacc8c0ce55ff
Opcode Fuzzy Hash: 90220066047bf0a7be1f621427b5e902ff82a82ced6540454d6dd80f45bff6ce
Instruction Fuzzy Hash: 99F0B471D08300ABD660EA18D8177EB7398AB54710F04483AECCC97380F6B89C44CAA3

Uniqueness

Uniqueness Score: -1.00%

Function 004600C0, Relevance: 1.5, APIs: 1, Instructions: 25windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 004600D0

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: a8d4e6181b2325c8085354a765cb0318a93db78dddda2405af4c06064ed20a85
Instruction ID: 45542cba9538450c657435a3375904fa779fc769433ca9af09b565d85980c914
Opcode Fuzzy Hash: a8d4e6181b2325c8085354a765cb0318a93db78dddda2405af4c06064ed20a85
Instruction Fuzzy Hash: 6BF06574544305E1E7309B249C1E75732E4BB55700F60C81AE942962D0F7B9858CE24F

Uniqueness

Uniqueness Score: -1.00%

Function 004E8C50, Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

_lwrite.KERNEL32(?,?,?), ref: 004E8C6F

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: _lwrite
String ID:
API String ID: 2358117443-0
Opcode ID: f1988376c0413c6219ea9aacafd486758ce12f87ec8748c54a1675fe16e86795
Instruction ID: dd13d880eb1db6af9133d9ece4e1e9494dd06b6d60a8fd629d32393d032654c3
Opcode Fuzzy Hash: f1988376c0413c6219ea9aacafd486758ce12f87ec8748c54a1675fe16e86795
Instruction Fuzzy Hash: E6E04F312556506B8A60C62DBC5489A33D8AB45734F654A5EF12CD76E0C638EC80ABA4

Uniqueness

Uniqueness Score: -1.00%

Function 00460690, Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

Part of subcall function 004AF500: DeleteObject.GDI32(00000000), ref: 004AF520
Part of subcall function 004AF500: DeleteObject.GDI32(00000000), ref: 004AF543

KiUserCallbackDispatcher.NTDLL(?), ref: 004606D5

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: DeleteObject$CallbackDispatcherUser
String ID:
API String ID: 498893004-0
Opcode ID: ca291f903c2a4eed963babf7165e87ad407254c702527e7ef68a471e7ba2e83c
Instruction ID: ff640f417dea676c3a8fa7d72855afa4fa035050bd24a2bfa098e38a268aac99
Opcode Fuzzy Hash: ca291f903c2a4eed963babf7165e87ad407254c702527e7ef68a471e7ba2e83c
Instruction Fuzzy Hash: 8EE04FF1C0861067E600BB15EC57B8F3A94AF1435DF844439F90E26252E679E2AC8BDB

Uniqueness

Uniqueness Score: -1.00%

Function 0046A2D0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNELBASE(00400000,?,00000105), ref: 0046A2E7

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: b98e4734b2ace7d5502e643cb45d777ae4b746089cc388ef8604ec08c631bcab
Instruction ID: 11dc034b1bbeadf17e2067f711252b0b5d7e287342cf67be74e92222b27bf63d
Opcode Fuzzy Hash: b98e4734b2ace7d5502e643cb45d777ae4b746089cc388ef8604ec08c631bcab
Instruction Fuzzy Hash: CDE086746042056BE734D720EC119FA3398A750304F84061CB898822D0F679D49C8B12

Uniqueness

Uniqueness Score: -1.00%

Function 0046A1E0, Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetDriveTypeA.KERNELBASE(00000000), ref: 0046A206

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: DriveType
String ID:
API String ID: 338552980-0
Opcode ID: b6d490df50b3c2a0bc7056fddfbd29be07d1dcf9a181b886d6f5fe60d232128d
Instruction ID: 2fd15c5ddd80c40265452a33eea7577f788b7223e7d123d7c06a26b0abcc22d7
Opcode Fuzzy Hash: b6d490df50b3c2a0bc7056fddfbd29be07d1dcf9a181b886d6f5fe60d232128d
Instruction Fuzzy Hash: 36D05B7594460067DB60E7B4DC05ABF77D87B50704F884839B9C8C1141FA7EC55CC643

Uniqueness

Uniqueness Score: -1.00%

Function 00419B90, Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

DialogBoxParamA.USER32 ref: 00419BC0

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: DialogParam
String ID:
API String ID: 665744214-0
Opcode ID: 882a46f0d9cc80789397bf4831a8d5aafa6614775157b5f2e51967cdb52eae11
Instruction ID: 7159189328583e6233a7cd4ebe7d37f6cdacf4c2130cda298cba7df1c11fac8f
Opcode Fuzzy Hash: 882a46f0d9cc80789397bf4831a8d5aafa6614775157b5f2e51967cdb52eae11
Instruction Fuzzy Hash: 77E02DB5218302AFDA18CF14E9A497B73E9BBA8701B00491DF88586265D775AC48EB26

Uniqueness

Uniqueness Score: -1.00%

Function 004E3CD0, Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMON

Download Yara Rule

APIs

OpenFile.KERNEL32 ref: 004E3CE5

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: FileOpen
String ID:
API String ID: 2669468079-0
Opcode ID: 2bd690873ad5d761a9646ba978cfbec4a01ca4efe00af01ca4722c5a59268b74
Instruction ID: 0e27435fd965e58f1d421b5518040f84ae3bb29307b664e8e3e90a097ac3dc3e
Opcode Fuzzy Hash: 2bd690873ad5d761a9646ba978cfbec4a01ca4efe00af01ca4722c5a59268b74
Instruction Fuzzy Hash: FCD05E285102006AE360AB38DC46B7B32D47B84320FD4CA28B8B8C12C0EE3CC91C9716

Uniqueness

Uniqueness Score: -1.00%

Function 004BEDA0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

Part of subcall function 004DBCC0: GetWindowLongA.USER32 ref: 004DBCD9
Part of subcall function 004DBCC0: SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 004DBD12
Part of subcall function 004DBCC0: SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000034,00000006,00000004), ref: 004DBD80

KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,00000000,00000001,004DB689,?,00000001), ref: 004BEDBF

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$Long$CallbackDispatcherUser
String ID:
API String ID: 4106166857-0
Opcode ID: 93f72cde093135bbb566c353ad418f5f109a5c192f6f57d441dadddcfe34459f
Instruction ID: 1b2ade03bed65c4bdc39f23c63a208335006247ae8fd4c0fa058e4d26f092729
Opcode Fuzzy Hash: 93f72cde093135bbb566c353ad418f5f109a5c192f6f57d441dadddcfe34459f
Instruction Fuzzy Hash: DFD0A931100120AFDB00AB08E819ADF3368EF90320F02805AF0046B355C7B0BC04CBEA

Uniqueness

Uniqueness Score: -1.00%

Function 00469ED0, Relevance: 1.5, APIs: 1, Instructions: 13timeCOMMON

Download Yara Rule

APIs

SetFileTime.KERNELBASE(?,00000000,00000000,?,004AB326,?,?,?,?,?,?,00000000,00404C89,?), ref: 00469EE9

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: FileTime
String ID:
API String ID: 1425588814-0
Opcode ID: 5a29bf874824f1e2922c25a3353feec7a70581c98983accdba563ec29d160f8e
Instruction ID: 8c408e6f06f03f15c90e933fc3c6f127c877fa30215a28a12e24011ed9e722f4
Opcode Fuzzy Hash: 5a29bf874824f1e2922c25a3353feec7a70581c98983accdba563ec29d160f8e
Instruction Fuzzy Hash: 3DD012703143007FDE20CF24CC80F1B73989B80701F004809B948C66D4C774EC40EB09

Uniqueness

Uniqueness Score: -1.00%

Function 004840D0, Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GlobalMemoryStatus.KERNEL32 ref: 004840E0

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 8976971cd8b2a905596676d21b63965626d8488586fd99f83d85272438b3583f
Instruction ID: 70bb4dedb0640a4a97f7c50c8b1a1a7730d0ab191f98daf4f6d4e29f91928f08
Opcode Fuzzy Hash: 8976971cd8b2a905596676d21b63965626d8488586fd99f83d85272438b3583f
Instruction Fuzzy Hash: E8D012B4806301ABD314DFA8D98D71EBBE8BB88304F008929F84882619E330C1989B82

Uniqueness

Uniqueness Score: -1.00%

Function 004BEDD0, Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00000000,0044F50C,00507588,00000000), ref: 004BEDDF

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: fcd83b81fed5b8430e855baf8b771211680604778b9cfc4646d320d9098cdc63
Instruction ID: 9c752c4868812a593ed4b8126535107985a971c519019e371cde0c17a3b6c432
Opcode Fuzzy Hash: fcd83b81fed5b8430e855baf8b771211680604778b9cfc4646d320d9098cdc63
Instruction Fuzzy Hash: 27B09230200202ABDE29EB10DDACBAE3726ABA0381F204848F002164A8C6B5A844DA25

Uniqueness

Uniqueness Score: -1.00%

Function 004A9610, Relevance: 1.5, APIs: 1, Instructions: 7windowCOMMON

Download Yara Rule

APIs

PostMessageA.USER32(00000000,00000010,00000000,00000000), ref: 004A961C

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 297471e011c8a9d99a8c8527f93382c1c7c84daabe021eeeb0fd85f1c56c08c9
Instruction ID: 4db212354d5a6759079b37a6f1ccc55293a7cba5aaeafd48d32dc9ef91d243b4
Opcode Fuzzy Hash: 297471e011c8a9d99a8c8527f93382c1c7c84daabe021eeeb0fd85f1c56c08c9
Instruction Fuzzy Hash: 26B012B07C03046BFE20CB609E0FF4936147714B00F000400B3009E0E1C5E26804E704

Uniqueness

Uniqueness Score: -1.00%

Function 00477E10, Relevance: 1.3, APIs: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004C26E0: LoadStringA.USER32 ref: 004C2706

lstrcmpiA.KERNEL32(?,?), ref: 00477E8A

Part of subcall function 004FB500: SetErrorMode.KERNELBASE(00008000,00000000,?,00000001,00477E9E,00000000), ref: 004FB518
Part of subcall function 004FB500: SetErrorMode.KERNEL32(00000000), ref: 004FB538

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorMode$LoadStringlstrcmpi
String ID:
API String ID: 3972593980-0
Opcode ID: dafbd218cbe1ffc4863b7efa1c187435b22455c6f2cda0825ab3dac525ec0392
Instruction ID: 540ae64a1f8c4a010c5a48d42d7c69a128e7bd3f608a1be04d75c0c40ba8d60d
Opcode Fuzzy Hash: dafbd218cbe1ffc4863b7efa1c187435b22455c6f2cda0825ab3dac525ec0392
Instruction Fuzzy Hash: 1F01C2B46443056AE654EB10CD07F6B329CAB50B08F80481DB284650C2E6F9E61C466A

Uniqueness

Uniqueness Score: -1.00%

Function 004841C0, Relevance: 1.3, APIs: 1, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bbb77240c38f4680c89acfe42cf17fb9cf37945c4608190c3489d3360a42a86
Instruction ID: a1edf84eed6fa240fe88b8b62fd4e9aa68b190e5fcd255b9307d3178cfc5e888
Opcode Fuzzy Hash: 8bbb77240c38f4680c89acfe42cf17fb9cf37945c4608190c3489d3360a42a86
Instruction Fuzzy Hash: 49E0D832718122599A54EA75BC1C6EF1394DBF0798B018C2EF805C3504E7288C818394

Uniqueness

Uniqueness Score: -1.00%

Function 004E39A0, Relevance: 1.3, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

CoUninitialize.OLE32(0048B3B2,004E3162,?,?,00509258), ref: 004E39AB

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Uninitialize
String ID:
API String ID: 3861434553-0
Opcode ID: f795b5aafd08e320bc82f54602856f0f67f62061f8827dff87771c64f645269f
Instruction ID: 6b5ebefb8c9f0ac61b2a4cd39da7ca7005c2b3f298ac22278f922ce1b9910b37
Opcode Fuzzy Hash: f795b5aafd08e320bc82f54602856f0f67f62061f8827dff87771c64f645269f
Instruction Fuzzy Hash: 6BC08C314083E04EE7618735F40C3877FD84B1A321F08888ED0C583A12C7E4A8C98F99

Uniqueness

Uniqueness Score: -1.00%

Function 00484210, Relevance: 1.3, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

GlobalFree.KERNELBASE ref: 00484219

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeGlobal
String ID:
API String ID: 2979337801-0
Opcode ID: 9de90846dd80eef2e347c85d7bf7a94ba49884fd261dce0f9b1f3e656f4d5859
Instruction ID: 5715402613f2fe8da6d4f9a5f415ab51e356a78776b6f66e6da5bee031d039f2
Opcode Fuzzy Hash: 9de90846dd80eef2e347c85d7bf7a94ba49884fd261dce0f9b1f3e656f4d5859
Instruction Fuzzy Hash: 42B0123170420157CE209F60890C90F339C5A90B4070048587008C1501C634D800D710

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004D9960, Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 142COMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 004D996C

Strings

Active, xrefs: 004D9A81
Height, xrefs: 004D9AA4
Hidden, xrefs: 004D99EE, 004D9A1D, 004D9A98

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window
String ID: Active$Height$Hidden
API String ID: 2353593579-3946338456
Opcode ID: 9ea31e92489c4b6d5842f758fd446f9085f00b39fc3582aac4c4fe8279fc3e67
Instruction ID: 74982a2d8fae154f79e37dfe96b4bc07d7c5fdc587ef75c50102f1cf2032e482
Opcode Fuzzy Hash: 9ea31e92489c4b6d5842f758fd446f9085f00b39fc3582aac4c4fe8279fc3e67
Instruction Fuzzy Hash: 204107773405046BE2209F15BC55FAF3758EB92721F040037F902D0780EB5EAD1A9BAE

Uniqueness

Uniqueness Score: -1.00%

Function 00435DA0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 96shutdownCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000,005074BC,?,?,?,?,0044B6EB,00000000,00000000), ref: 00435E09
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,0044B6EB,00000000,00000000), ref: 00435E16
OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0044B6EB,00000000,00000000), ref: 00435E1D
GetLastError.KERNEL32(?,?,?,?,0044B6EB,00000000,00000000), ref: 00435E2D
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00435E41
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000), ref: 00435E6D
GetLastError.KERNEL32(?,?,?,?,0044B6EB,00000000,00000000), ref: 00435E73
ExitWindowsEx.USER32(0000000D,00000000), ref: 00435E8C

Strings

SeShutdownPrivilege, xrefs: 00435E3A

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastProcessToken$AdjustCurrentDestroyExitLookupOpenPrivilegePrivilegesValueWindowWindows
String ID: SeShutdownPrivilege
API String ID: 3028675916-3733053543
Opcode ID: f269864b077fe346acd1465a8abebad6f955dcfbff51178b21ebd5886313c1ca
Instruction ID: 279acc3cddd4327808410eeb92c3b816f6d4a137354b2a60e3d1b4161aa2724c
Opcode Fuzzy Hash: f269864b077fe346acd1465a8abebad6f955dcfbff51178b21ebd5886313c1ca
Instruction Fuzzy Hash: 13212B3624070057E720A765AC0BB9F3364EBD8B25F84003AF90987291DB2DDD4C83AA

Uniqueness

Uniqueness Score: -1.00%

Function 004C9B00, Relevance: 13.6, APIs: 9, Instructions: 140keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 004C9B88
ScreenToClient.USER32 ref: 004C9BAB
GetKeyState.USER32(00000010), ref: 004C9BCB
GetKeyState.USER32(00000011), ref: 004C9BE8
GetKeyState.USER32(00000012), ref: 004C9C05
GetKeyState.USER32(00000014), ref: 004C9C1E
GetKeyState.USER32(00000001), ref: 004C9C35
GetKeyState.USER32(00000002), ref: 004C9C4E
GetKeyState.USER32(00000004), ref: 004C9C67

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: State$ClientCursorScreen
String ID:
API String ID: 4139550170-0
Opcode ID: 4080b9ef0e3483caeef37c469c4971a99a41fbef77ec78fc405fbf2478f4b64d
Instruction ID: fcf1b7977386c8757d9801af22dc879d42acdf2df91bc25de4e747d2b4edc457
Opcode Fuzzy Hash: 4080b9ef0e3483caeef37c469c4971a99a41fbef77ec78fc405fbf2478f4b64d
Instruction Fuzzy Hash: 6D41D5395442146BE740BB6CEC4ABEA33D4FB50315FC448AEF848C2261E77DCD996786

Uniqueness

Uniqueness Score: -1.00%

Function 004A9170, Relevance: 13.6, APIs: 9, Instructions: 77windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 004A919A
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 004A91B3
CreateCompatibleDC.GDI32(00000000), ref: 004A91BE
SelectObject.GDI32(00000000,?), ref: 004A91D0
BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,00CC0020), ref: 004A91F2
SelectObject.GDI32(00000000,?), ref: 004A91FE
DeleteDC.GDI32(00000000), ref: 004A9205
DeleteObject.GDI32(?), ref: 004A9227
ReleaseDC.USER32 ref: 004A9230

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Object$CompatibleCreateDeleteSelect$BitmapRelease
String ID:
API String ID: 2733039346-0
Opcode ID: e10da2a137273965cb364483d2231e58a0e91c3044f1a32fd3a5318ba3dc579c
Instruction ID: 1f84355108c55c30e9a3be77b754cc37addac0312e8f3f1d9cf81fa91d446196
Opcode Fuzzy Hash: e10da2a137273965cb364483d2231e58a0e91c3044f1a32fd3a5318ba3dc579c
Instruction Fuzzy Hash: 7821F876204305AFD320DF64EC49F2BB7F8EB98B00F50492DFA8597640DB74E8088B66

Uniqueness

Uniqueness Score: -1.00%

Function 00489550, Relevance: 9.4, APIs: 6, Instructions: 379stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00489040: GetDialogBaseUnits.USER32 ref: 00489040

Part of subcall function 00489050: SendDlgItemMessageA.USER32(?,00000001,00000031,00000000,00000000), ref: 0048905D

Part of subcall function 004DAB80: GetClientRect.USER32 ref: 004DAB8D

GetDC.USER32(?), ref: 004895A3
SelectObject.GDI32(00000000,?), ref: 004895AD

Part of subcall function 00489070: GetDlgItem.USER32 ref: 0048907F

Part of subcall function 00489520: lstrlenA.KERNEL32(?,00000000,?,00000002,004892DE,00000002), ref: 00489537

CharNextA.USER32(00000000,?,?,?,?,?,?,?,?), ref: 00489642
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 0048965B
SelectObject.GDI32(00000000,?), ref: 00489692
ReleaseDC.USER32 ref: 0048969A

Part of subcall function 004C2720: CharNextA.USER32(74E391C0,74E391C0,004780FB,00509124), ref: 004C2726

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CharItemNextObjectSelectlstrlen$BaseClientDialogMessageRectReleaseSendUnits
String ID:
API String ID: 1862556875-0
Opcode ID: 303d470ddaca2b4f040f243527a3d9a8d07cc5a3509c4cd4dda0fd933d8d0d14
Instruction ID: b3d6bbc631176abbefbeb79da3ee4cb32a384805a12c15b60f115c2828fe8696
Opcode Fuzzy Hash: 303d470ddaca2b4f040f243527a3d9a8d07cc5a3509c4cd4dda0fd933d8d0d14
Instruction Fuzzy Hash: 9DD19D755086028BD314EF28C88497FB7E9FBD4348F190D2EE486D3211E679EC89C79A

Uniqueness

Uniqueness Score: -1.00%

Function 0047C0D0, Relevance: 6.0, APIs: 4, Instructions: 28keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32(00000010), ref: 0047C0DC
GetKeyState.USER32(00000012), ref: 0047C0EA
GetKeyState.USER32(00000011), ref: 0047C0F9
GetKeyState.USER32(00000014), ref: 0047C108

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: State
String ID:
API String ID: 1649606143-0
Opcode ID: 59c4b64362f45c9b2edf7d7be8716ae4f9e9c4ba28db3888dd46a7ab7c0fbe51
Instruction ID: bbe3d8a650d3445573080d9cdafbe4e3f33796af2094561a1ed04fab229a004f
Opcode Fuzzy Hash: 59c4b64362f45c9b2edf7d7be8716ae4f9e9c4ba28db3888dd46a7ab7c0fbe51
Instruction Fuzzy Hash: 90E0D831F4022852EA24112E5D15FC60C014BC2BF0F454336AE1C372E986A44847A9FC

Uniqueness

Uniqueness Score: -1.00%

Function 004DD080, Relevance: 4.5, APIs: 3, Instructions: 23keyboardCOMMON

Download Yara Rule

APIs

GetAsyncKeyState.USER32(00000011), ref: 004DD08C
GetAsyncKeyState.USER32(00000010), ref: 004DD09A
GetAsyncKeyState.USER32(00000012), ref: 004DD0A6

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: AsyncState
String ID:
API String ID: 425341421-0
Opcode ID: 172449951e9f61a6b64800668290fd5c07977c6e96fead87868c2d5e6652df82
Instruction ID: 6e470f1f779fdba38f08848d1020bd17394bb5bf25ea3055297ce3bd7a8ba6a5
Opcode Fuzzy Hash: 172449951e9f61a6b64800668290fd5c07977c6e96fead87868c2d5e6652df82
Instruction Fuzzy Hash: A2D02E2EF0226A00ED002163AD00FE90E224FD2BECF02007BEE082B284C8904C071AB0

Uniqueness

Uniqueness Score: -1.00%

Function 004C8980, Relevance: 3.5, APIs: 2, Instructions: 465COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004C8B4C
GlobalUnlock.KERNEL32(00000000), ref: 004C8B5C

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID:
API String ID: 2502338518-0
Opcode ID: b6b2bb869316c6d728e4f5574b81c9eabcf046b6b739d4b0c83647cb87e84f11
Instruction ID: 7ee0f82df4812c443ae09d2733346b998a2b31beb67cae72e11a3d5816998752
Opcode Fuzzy Hash: b6b2bb869316c6d728e4f5574b81c9eabcf046b6b739d4b0c83647cb87e84f11
Instruction Fuzzy Hash: C2C11D6EA0010456D710BB29BC869FB7354D75173AF84447FFD09C7202E92FA95DC2B9

Uniqueness

Uniqueness Score: -1.00%

Function 00469980, Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(?,00508ED4), ref: 00469A16

Part of subcall function 00469E30: SetLastError.KERNEL32(00468FE9,00000000,00468FE9,0000045E,80040001), ref: 00469E36

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorFileFindFirstLast
String ID:
API String ID: 873889042-0
Opcode ID: b8e0d49c98678c8afee8e52a168bcb9e599b07c5f8d7631b67e5508478b69c88
Instruction ID: a0db4ce3dd53b56b6db5e51906e5eec0c07ef8af549caacd817dba7f2ed5c816
Opcode Fuzzy Hash: b8e0d49c98678c8afee8e52a168bcb9e599b07c5f8d7631b67e5508478b69c88
Instruction Fuzzy Hash: 9F118CF5D102105BD714EB25EC42EAF339CA724309F14482EF4C982341FABD955D9B97

Uniqueness

Uniqueness Score: -1.00%

Function 004E9640, Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

,IP, xrefs: 004E9714

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: ,IP
API String ID: 0-2227618606
Opcode ID: af2a1faeb1e655d14139e056dd1ce4fb6dfc4a8e7781b948bc4683ceed297e2c
Instruction ID: 3daf6a2ae0ff41b189fb80395d9bfa9d4dacf9ec9b68e9ddeb958e357d785c66
Opcode Fuzzy Hash: af2a1faeb1e655d14139e056dd1ce4fb6dfc4a8e7781b948bc4683ceed297e2c
Instruction Fuzzy Hash: 919161B57056408FC334CF19D480A66F7F1EB86312B14C6AFD99A8B791C736E806CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0045C400, Relevance: 1.4, Strings: 1, Instructions: 164COMMON

Download Yara Rule

Strings

vP, xrefs: 0045C5FF

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: vP
API String ID: 0-4131330840
Opcode ID: a72329ce95fbd756cbd7d389bc84d6080d81ae0170411c3f26031dcca41f1bcc
Instruction ID: 69ee465bfa5daed076929f396bb7638b99b0994791c70796fa6d8904e5ff88b0
Opcode Fuzzy Hash: a72329ce95fbd756cbd7d389bc84d6080d81ae0170411c3f26031dcca41f1bcc
Instruction Fuzzy Hash: 16416A79F8020224F3583B786D17B7E24D0DB3CB44F600939B626DA6C3F8D5A665D25D

Uniqueness

Uniqueness Score: -1.00%

Function 004F87B0, Relevance: .4, Instructions: 434COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce90601614b8cfee76f6f80e5366f7656059111b309eb160697b8d06a33a97ef
Instruction ID: 4e052a56e20bf7285302498a07a0b96d3d65a5e15ccbc044ac0544eee5e430e0
Opcode Fuzzy Hash: ce90601614b8cfee76f6f80e5366f7656059111b309eb160697b8d06a33a97ef
Instruction Fuzzy Hash: 4EF1C2705092888EE7288F14C86437BB7E2EB95704F54082FE6868F291DF7D8986D75F

Uniqueness

Uniqueness Score: -1.00%

Function 004EC150, Relevance: .4, Instructions: 360COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cccafa9309aa763fb29b7dbe5d1a36b9956df09187add28d99fb3767becc4925
Instruction ID: f2e6df0186036459b2b621268a2e9cc2bfba696e4e2e194e466a54f6935d4b38
Opcode Fuzzy Hash: cccafa9309aa763fb29b7dbe5d1a36b9956df09187add28d99fb3767becc4925
Instruction Fuzzy Hash: 19F179359043018FC309DF68C4889E2B7B1FFA9700F5E49FAC8596B766E3769905CB46

Uniqueness

Uniqueness Score: -1.00%

Function 004ECF90, Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efabaabca5f6b01b926b0de57dc0163f22d5f7c4a6c9e2e603157c9f882bd30e
Instruction ID: 746481fd12cf0e1fd5a0ea8b1ff6f6398bfe3e6efd00f29ab778db06720c4285
Opcode Fuzzy Hash: efabaabca5f6b01b926b0de57dc0163f22d5f7c4a6c9e2e603157c9f882bd30e
Instruction Fuzzy Hash: 34D12835A04B43AFC309DF79C4900D6F7B1FF58710B488A5AC86963B05E731B965CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004A4280, Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f83e0708e71d186349e394a95d0391d1028f60d90aaf7982ddb5a91b0ca4a5c9
Instruction ID: bea79629d2f338474844eae9081808721de68a7c491e103613c2eb89067cdb35
Opcode Fuzzy Hash: f83e0708e71d186349e394a95d0391d1028f60d90aaf7982ddb5a91b0ca4a5c9
Instruction Fuzzy Hash: 226108366082514BC704DE2CD4507BEBBE0EBC6324F584AAEE4D9CB352D23AD50ACB95

Uniqueness

Uniqueness Score: -1.00%

Function 004A55E0, Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f44e18cd1bb0e8c11dc65b478a861e766cd2c982f24298106958ab849f8b61b1
Instruction ID: 9f20104a448bdbb5354a0acbe88a800d4e7e88a2f6d69b0af2c5a2ed3ddbd2b5
Opcode Fuzzy Hash: f44e18cd1bb0e8c11dc65b478a861e766cd2c982f24298106958ab849f8b61b1
Instruction Fuzzy Hash: 3B5151EBD1043247E790E92DCC002A125D2EBE966235B4736DCA8D7789E17EC903DBE0

Uniqueness

Uniqueness Score: -1.00%

Function 004A4650, Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94ef51d65ed547b7d9a7f192ee1ba38d8be756a208885112e72368f2bec593c4
Instruction ID: 53b824c857b4558d9b0c910bf01ccc13a18cf5795cba39b3cb463aa45b2991e3
Opcode Fuzzy Hash: 94ef51d65ed547b7d9a7f192ee1ba38d8be756a208885112e72368f2bec593c4
Instruction Fuzzy Hash: 8251D1362092818BD724CE28A1117BFB7D0EFE3311F69856FD9C543352D6BD8849C696

Uniqueness

Uniqueness Score: -1.00%

Function 00498B6C, Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63a1774d0dbb0ac320c911116a938068ada3b4833269cf7243165e21ffb46d9d
Instruction ID: c9eb8b780ac6ab21703a9f8a1be74d264920146de5e1fbfe8a3b9a7fd68e81e9
Opcode Fuzzy Hash: 63a1774d0dbb0ac320c911116a938068ada3b4833269cf7243165e21ffb46d9d
Instruction Fuzzy Hash: 27712BB5914108DFCF00CF0CD4949AD3BB0FB16314B54847EE866DF252DA38E946DB0A

Uniqueness

Uniqueness Score: -1.00%

Function 004F5430, Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8379628b94d4654031b123400aedb52ca714ea9bb81e1d1fa41523b9054b4f27
Instruction ID: e81f5f54235b162fed67c1090df72b47330daba08d7e50f021450ff68edb5535
Opcode Fuzzy Hash: 8379628b94d4654031b123400aedb52ca714ea9bb81e1d1fa41523b9054b4f27
Instruction Fuzzy Hash: 74412C71D0CE4CEAE31489A9B40433776C2E781321F29527BCF554B299D6BD8846E6CE

Uniqueness

Uniqueness Score: -1.00%

Function 004A5380, Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4e57bdfe09c321c6dab70be58f03341cb6620075e5913aac9132445b4d5d0e2
Instruction ID: 18816e4c82963e3fefab79858dd9573f3832c8db10ebaae737a65010484e0375
Opcode Fuzzy Hash: f4e57bdfe09c321c6dab70be58f03341cb6620075e5913aac9132445b4d5d0e2
Instruction Fuzzy Hash: 883195FB6149224BE79CE529CC112B672D2EBE825134A8B3DE4EAC3F85F178E501C754

Uniqueness

Uniqueness Score: -1.00%

Function 004CD770, Relevance: 63.3, APIs: 42, Instructions: 310COMMON

Download Yara Rule

APIs

DefWindowProcA.USER32(?,?,?,?), ref: 004CD7A5
SetWindowLongA.USER32(?,00000000,00000000), ref: 004CD7CB
SetWindowLongA.USER32(?,00000004,00000000), ref: 004CD7D6
SetWindowLongA.USER32(?,00000008,00000064), ref: 004CD7E1
BeginPaint.USER32(?,?), ref: 004CD7FC
GetClientRect.USER32 ref: 004CD806
InflateRect.USER32(?,00000002,00000002), ref: 004CD83A
GetWindowLongA.USER32 ref: 004CD849
GetWindowLongA.USER32 ref: 004CD850
GetWindowLongA.USER32 ref: 004CD857
GetStockObject.GDI32(00000004), ref: 004CD88A
FrameRect.USER32 ref: 004CD893
CreateSolidBrush.GDI32(00FF0000), ref: 004CD8A4
FillRect.USER32 ref: 004CD8B9
DeleteObject.GDI32(00000000), ref: 004CD8BC
EndPaint.USER32(?,?), ref: 004CD8C8

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$Long$Rect$ObjectPaint$BeginBrushClientCreateDeleteFillFrameInflateProcSolidStock
String ID:
API String ID: 4042718969-0
Opcode ID: c1a8f994ed0f98d61d3c7b6bfc9d1e21079eeef43822d8a5b990cf414635f484
Instruction ID: d58fff8253573230c86d12a313a210bcb1bc17df48b1cfe82896f297f82142c4
Opcode Fuzzy Hash: c1a8f994ed0f98d61d3c7b6bfc9d1e21079eeef43822d8a5b990cf414635f484
Instruction Fuzzy Hash: 59A160B6544309AFE320DB24DC85F6FB7ACFB94700F100939FA5697291DA35EC098B65

Uniqueness

Uniqueness Score: -1.00%

Function 004D9C40, Relevance: 56.3, APIs: 30, Strings: 2, Instructions: 287stringwindowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 004D9C4F
GetWindowRect.USER32 ref: 004D9C6A

Part of subcall function 004DA5A0: GetWindowRect.USER32 ref: 004DA5AD
Part of subcall function 004DA5A0: GetWindowLongA.USER32 ref: 004DA5C3
Part of subcall function 004DA5A0: GetSystemMetrics.USER32 ref: 004DA5D8
Part of subcall function 004DA5A0: GetSystemMetrics.USER32 ref: 004DA5DF
Part of subcall function 004DA5A0: OffsetRect.USER32(?,00000000,-00000001), ref: 004DA5E8
Part of subcall function 004DA5A0: InflateRect.USER32(?,-00000001,00000000), ref: 004DA5F2

Part of subcall function 004DA600: GetWindowRect.USER32 ref: 004DA60D
Part of subcall function 004DA600: GetWindowLongA.USER32 ref: 004DA636
Part of subcall function 004DA600: GetSystemMetrics.USER32 ref: 004DA64B
Part of subcall function 004DA600: GetSystemMetrics.USER32 ref: 004DA652
Part of subcall function 004DA600: OffsetRect.USER32(?,-00000001,-00000001), ref: 004DA658

GetPropA.USER32 ref: 004D9CA7
GetWindowDC.USER32(?), ref: 004D9CB9
SetWindowOrgEx.GDI32(00000000,?,?,00000000), ref: 004D9CD4
GetSysColor.USER32(00000006), ref: 004D9CD8
CreateSolidBrush.GDI32(00000000), ref: 004D9CDF
GetWindowLongA.USER32 ref: 004D9CFF
GetSystemMetrics.USER32 ref: 004D9D10
GetSystemMetrics.USER32 ref: 004D9D16

Part of subcall function 004DA1E0: GetSystemMetrics.USER32 ref: 004DA1EF
Part of subcall function 004DA1E0: GetSystemMetrics.USER32 ref: 004DA1F7
Part of subcall function 004DA1E0: FrameRect.USER32 ref: 004DA20C
Part of subcall function 004DA1E0: GetSysColor.USER32(0000000B), ref: 004DA220
Part of subcall function 004DA1E0: CreateSolidBrush.GDI32(00000000), ref: 004DA22D
Part of subcall function 004DA1E0: InflateRect.USER32(?,000000FF,000000FF), ref: 004DA286
Part of subcall function 004DA1E0: FillRect.USER32 ref: 004DA293
Part of subcall function 004DA1E0: MoveToEx.GDI32(?,?,?,00000000), ref: 004DA2A8
Part of subcall function 004DA1E0: LineTo.GDI32(?,?,?), ref: 004DA2BB
Part of subcall function 004DA1E0: MoveToEx.GDI32(?,?,?,00000000), ref: 004DA2D0
Part of subcall function 004DA1E0: LineTo.GDI32(?,?,?), ref: 004DA2E3

InflateRect.USER32(?,00000001,00000001), ref: 004D9D49
FrameRect.USER32 ref: 004D9D60
FrameRect.USER32 ref: 004D9D69
InflateRect.USER32(?,00000001,00000001), ref: 004D9D74
FrameRect.USER32 ref: 004D9D7D
InflateRect.USER32(?,000000FF,000000FF), ref: 004D9D88
DeleteObject.GDI32(00000000), ref: 004D9D91
InflateRect.USER32(?,000000FF,000000FF), ref: 004D9DBA
GetSysColor.USER32(00000003), ref: 004D9DD4
CreateSolidBrush.GDI32(00000000), ref: 004D9DDB
FillRect.USER32 ref: 004D9DF4
DeleteObject.GDI32(00000000), ref: 004D9DF7
GetWindowTextA.USER32 ref: 004D9E11
SetTextAlign.GDI32(00000000,00000000), ref: 004D9E4F
lstrlenA.KERNEL32(?), ref: 004D9E92
CharPrevA.USER32(?,?), ref: 004D9ED8
GetSysColor.USER32(?), ref: 004D9F43
SetTextColor.GDI32(00000000,00000000), ref: 004D9F4B
TextOutA.GDI32(00000000,?,?,?,00000000), ref: 004D9F8B
ReleaseDC.USER32 ref: 004D9FAC

Strings

..., xrefs: 004D9E84
Active, xrefs: 004D9CA1

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Rect$Window$MetricsSystem$Inflate$Color$FrameText$BrushCreateLongSolid$DeleteFillLineMoveObjectOffset$AlignCharPrevPropReleaseVisiblelstrlen
String ID: ...$Active
API String ID: 541781269-3528669016
Opcode ID: 4937ce7cacf0448392956f8da516c8caa75ae0ff1816db4bb73620b288540b1b
Instruction ID: f20450c616bbbdbd23252798fe471dc40977aa154a07e622fe6ca1d3a075ad60
Opcode Fuzzy Hash: 4937ce7cacf0448392956f8da516c8caa75ae0ff1816db4bb73620b288540b1b
Instruction Fuzzy Hash: 62A16072508345AFD320DB64DC45EAF77ECFB94314F004A2EF949D3291EA38E9498B66

Uniqueness

Uniqueness Score: -1.00%

Function 004C11C0, Relevance: 33.2, APIs: 22, Instructions: 244COMMON

Download Yara Rule

APIs

GetWindowRect.USER32 ref: 004C11EE
GetSystemMetrics.USER32 ref: 004C1202
GetSystemMetrics.USER32 ref: 004C1215
SetWindowPos.USER32(?,00000000,?,?,?,?), ref: 004C1229

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: MetricsSystemWindow$Rect
String ID:
API String ID: 3945642117-0
Opcode ID: 0f64590ccd55030b68d907118bb96f5d4b8374efb4c455ad3503f84e818439ef
Instruction ID: 6553f85e9bbecc5434847840062b39efad5758e47ecaeb8d18e017cf3fed6eec
Opcode Fuzzy Hash: 0f64590ccd55030b68d907118bb96f5d4b8374efb4c455ad3503f84e818439ef
Instruction Fuzzy Hash: 98811A352043406BE364EB64CC45FAF739CAF41704F04482EFA45D72A2EBB8E908C76A

Uniqueness

Uniqueness Score: -1.00%

Function 00415C10, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

GetObjectA.GDI32(?,00000018,?), ref: 00415C34

Strings

(, xrefs: 00415CB0

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Object
String ID: (
API String ID: 2936123098-3887548279
Opcode ID: 863c0dca5fd4061d4a79875bf9245c3f02549119b5bfaea630ad66dfd9f463d5
Instruction ID: 4311ca2d7c255991d483ad69d9df17ce2aba3d6a33d6ddac0286eec30308b440
Opcode Fuzzy Hash: 863c0dca5fd4061d4a79875bf9245c3f02549119b5bfaea630ad66dfd9f463d5
Instruction Fuzzy Hash: D561ADB5A08701DBD320AF50D884BEB77E8FBD4754F40092EF98586340E779D9898BA6

Uniqueness

Uniqueness Score: -1.00%

Function 004A8BF0, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 159stringCOMMON

Download Yara Rule

APIs

lstrcmpiA.KERNEL32(?,windows,?,00000000,00000000), ref: 004A8C21
OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 004A8C80
GetPrinterA.WINSPOOL.DRV(?,00000002,?,00000054,?,?,?,00000000), ref: 004A8CA3
GlobalLock.KERNEL32 ref: 004A8CCC
GetPrinterA.WINSPOOL.DRV(?,00000002,00000000,?,?,?,?,00000000,00000000), ref: 004A8CEA
GlobalLock.KERNEL32 ref: 004A8D25
GlobalLock.KERNEL32 ref: 004A8D37
DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002,?,?,?,00000000,00000000), ref: 004A8D54
lstrcmpA.KERNEL32(00000000,00000000,00000000,?,?,00000000,00000000,00000002,?,?,?,00000000,00000000), ref: 004A8D5F
GlobalUnlock.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000002,?,?,?,00000000,00000000), ref: 004A8D95
GlobalUnlock.KERNEL32(?,?,?,?,00000000,00000000), ref: 004A8DA0
ClosePrinter.WINSPOOL.DRV(00000000), ref: 004A8DBF
GlobalUnlock.KERNEL32(00000000), ref: 004A8DC9

Strings

windows, xrefs: 004A8C1B

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockPrinterUnlock$CloseDocumentOpenPrinter.Propertieslstrcmplstrcmpi
String ID: windows
API String ID: 4282343379-3823601051
Opcode ID: 4bc90573ef661bb015fbc4c3ce83e90d1a70cd5e2f43e7f353e2ac7b7208bed1
Instruction ID: 9a976638dbb45090cff758b3e6c8a62a7f4585d7555b3850f3f82c4f943e5dde
Opcode Fuzzy Hash: 4bc90573ef661bb015fbc4c3ce83e90d1a70cd5e2f43e7f353e2ac7b7208bed1
Instruction Fuzzy Hash: C25191756043429BD720EF61DD49BAB77E8EBB5704F04091EF94483281EB78DD48C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 00478790, Relevance: 24.6, APIs: 4, Strings: 10, Instructions: 112COMMON

Download Yara Rule

APIs

GetProfileIntA.KERNEL32 ref: 004787E1
GetProfileIntA.KERNEL32 ref: 004787F6
GetProfileStringA.KERNEL32(intl,sTime,00502258,?,00000008), ref: 00478814
GetProfileStringA.KERNEL32(intl,s2359,00502FD8,?,00000007), ref: 00478875

Strings

s1159, xrefs: 0047885F
, xrefs: 0047884E
iTime, xrefs: 004787D7
sTime, xrefs: 0047880A
%02d%s%02d%s%s, xrefs: 004788BA
intl, xrefs: 004787DC, 004787F1, 0047880F, 00478870
%d%s%02d%s%s, xrefs: 004788C1, 004788C6
s2359, xrefs: 0047886B
iTLzero, xrefs: 004787EA
%s%02d, xrefs: 0047882D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Profile$String
String ID: $%02d%s%02d%s%s$%d%s%02d%s%s$%s%02d$iTLzero$iTime$intl$s1159$s2359$sTime
API String ID: 3526569201-2075089957
Opcode ID: 5510a633d7f294ffde256f8f9e0ecadffce1a9f37efa55dddc3d4fe485021e1b
Instruction ID: a3759a5620ee421bd6bec622da6813e32f70c90ec66a1ec72fd78865ec18b88a
Opcode Fuzzy Hash: 5510a633d7f294ffde256f8f9e0ecadffce1a9f37efa55dddc3d4fe485021e1b
Instruction Fuzzy Hash: F1312571288342ABD700EE14CC8EFAF7BA8FB90748F44441EF549961C5DAB4E949C767

Uniqueness

Uniqueness Score: -1.00%

Function 004C0900, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000000), ref: 004C090F
CreateSolidBrush.GDI32(00000000), ref: 004C0912
FillRect.USER32 ref: 004C094A
GetStockObject.GDI32(00000005), ref: 004C0952
SelectObject.GDI32(?,00000000), ref: 004C095A
GetSysColor.USER32(00000006), ref: 004C0966
CreatePen.GDI32(00000000,00000001,00000000), ref: 004C096D
SelectObject.GDI32(?,00000000), ref: 004C0977
Rectangle.GDI32(?,?,?,?,?), ref: 004C0996
SelectObject.GDI32(?,?), ref: 004C09A2
SelectObject.GDI32(?,?), ref: 004C09AE
DeleteObject.GDI32(00000000), ref: 004C09BB
DeleteObject.GDI32(00000000), ref: 004C09BE

Strings

7BB, xrefs: 004C0904

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Object$Select$ColorCreateDelete$BrushFillRectRectangleSolidStock
String ID: 7BB
API String ID: 3071500519-2230855484
Opcode ID: e375b2139b10b6f4a288c05e775376f2fcac09a615c09bb4a26dcced055c0a71
Instruction ID: eecf15b9e800750d11afe375b2bc52d531c8b85e1711593fed9c5314aebb2a95
Opcode Fuzzy Hash: e375b2139b10b6f4a288c05e775376f2fcac09a615c09bb4a26dcced055c0a71
Instruction Fuzzy Hash: 0A217FB1504304BFD254EB64EC49E3F7BACFB98315F40042DFE4A82651DA64AD08CB72

Uniqueness

Uniqueness Score: -1.00%

Function 004914F0, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

DdeInitializeA.USER32 ref: 0049151B
DdeCreateStringHandleA.USER32 ref: 00491537
DdeCreateStringHandleA.USER32 ref: 00491553
DdeConnect.USER32(00000000,00000000,00000000,00000000), ref: 0049156A
DdeCreateStringHandleA.USER32 ref: 0049158D
DdeClientTransaction.USER32(00000000,00000000,00000000,00000000,00000001,000020B0,00001388,?), ref: 004915AF
DdeFreeDataHandle.USER32(00000000), ref: 004915CA
DdeFreeStringHandle.USER32 ref: 004915D9
DdeDisconnect.USER32(00000000), ref: 004915E3
DdeFreeStringHandle.USER32 ref: 004915F2
DdeFreeStringHandle.USER32 ref: 00491608
DdeUninitialize.USER32(00000000), ref: 00491619

Strings

",,0xFFFFFFFF,0x00000001,,,, xrefs: 004914F4

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Handle$String$Free$Create$ClientConnectDataDisconnectInitializeTransactionUninitialize
String ID: ",,0xFFFFFFFF,0x00000001,,,
API String ID: 1481073130-1039773298
Opcode ID: 979b572fd1c9ac97b9d6ce2725ed8a7c503b63f4e3844eb7604c6a14fbe73e65
Instruction ID: 4d90db4dc71c0ab3a36197bd5eb53cf85add731814b7d3d7990ecf56a6032909
Opcode Fuzzy Hash: 979b572fd1c9ac97b9d6ce2725ed8a7c503b63f4e3844eb7604c6a14fbe73e65
Instruction Fuzzy Hash: 66319271244346ABD721EEA5CE85E2FBADCEBC5B14F050D2EB64187252C778DC04C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 004D9670, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 217COMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 004D9686

Strings

Active, xrefs: 004D96FE, 004D97CF

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window
String ID: Active
API String ID: 2353593579-1286797620
Opcode ID: e99ed0cf3152c2d91fd935b677fb866b8a9516777a7db8f3247477f5a37c81a3
Instruction ID: fae68cb2b54116b65d30ab0888e0344ab9eb0a791929d88c45b92738c0ee001f
Opcode Fuzzy Hash: e99ed0cf3152c2d91fd935b677fb866b8a9516777a7db8f3247477f5a37c81a3
Instruction Fuzzy Hash: B8511872614201BBE310BB35EC519AFB7D8EF82765F84087BF900C2341E62EDD0697A6

Uniqueness

Uniqueness Score: -1.00%

Function 004087E0, Relevance: 19.9, APIs: 13, Instructions: 433stringCOMMON

Download Yara Rule

APIs

SetBkMode.GDI32(?,00000001), ref: 0040886E
OffsetRect.USER32(?,00000001,00000001), ref: 00408889
OffsetRect.USER32(?,00000001,00000001), ref: 0040890F
GetTextColor.GDI32(?), ref: 00408972
SetTextColor.GDI32(?,?), ref: 00408984
lstrlenA.KERNEL32(?,00000000,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00408B02
lstrlenA.KERNEL32(?,?,?,?,?,?,?,?), ref: 00408B50
lstrlenA.KERNEL32(?), ref: 00408B82
SetTextColor.GDI32(?,?), ref: 00408C2A
OffsetRect.USER32(?,000000FF,000000FF), ref: 00408C3C
lstrlenA.KERNEL32(?,00000000,00000000,?,00000000,00000000), ref: 00408CE6
lstrlenA.KERNEL32(?), ref: 00408D24
SetTextColor.GDI32(?,?), ref: 00408D61

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrlen$ColorText$OffsetRect$Mode
String ID:
API String ID: 570621066-0
Opcode ID: b93aa89a37b665263847c7f5ea26e57c5716c9c4b09259440602c5057acade74
Instruction ID: f5495824d4ffbb907ba509e46123b67cdc3c5e73b31b81d0a7168442ec944d8a
Opcode Fuzzy Hash: b93aa89a37b665263847c7f5ea26e57c5716c9c4b09259440602c5057acade74
Instruction Fuzzy Hash: CDF1A6B1508340AFE220DB50CD45F6B77E8EF94348F44492EF985A72D1DB78A948CB6B

Uniqueness

Uniqueness Score: -1.00%

Function 00470CB0, Relevance: 19.7, APIs: 13, Instructions: 177windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00470D09
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00470D1E
ReleaseDC.USER32 ref: 00470D28
CreateCompatibleDC.GDI32(00000000), ref: 00470D3E
SelectObject.GDI32(00000000,?), ref: 00470D57
SelectPalette.GDI32(?,00000000,00000000), ref: 00470D76
RealizePalette.GDI32(?), ref: 00470D89
PatBlt.GDI32(?,00000000,00000000,?,?,00FF0062), ref: 00470DA8
SelectPalette.GDI32(?,00000000,00000000), ref: 00470DE3
SelectObject.GDI32(?,00000000), ref: 00470DEE
DeleteDC.GDI32(?), ref: 00470DF6
DeleteObject.GDI32(?), ref: 00470DFD
OffsetRect.USER32(?,?,?), ref: 00470E44

Part of subcall function 004A5E70: GlobalLock.KERNEL32 ref: 004A5E76
Part of subcall function 004A5E70: GlobalUnlock.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407A40), ref: 004A5EA0

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Select$ObjectPalette$CompatibleCreateDeleteGlobal$BitmapLockOffsetRealizeRectReleaseUnlock
String ID:
API String ID: 3658015602-0
Opcode ID: 7433cc391f14f584400ac59433363d9c03516f5dcb2b6b02b36c5d0322e4214a
Instruction ID: 41bd7e706aedb4d8d70bb5fee3f19eb77e8c8765e811bc52447f167d1a331550
Opcode Fuzzy Hash: 7433cc391f14f584400ac59433363d9c03516f5dcb2b6b02b36c5d0322e4214a
Instruction Fuzzy Hash: E25127B6204701AFD320DF69D884E6BB7E8FB88710F54892EF999C3750DB35E8058B61

Uniqueness

Uniqueness Score: -1.00%

Function 004A8860, Relevance: 19.7, APIs: 13, Instructions: 156COMMON

Download Yara Rule

APIs

Part of subcall function 004A8DF0: GetProfileStringA.KERNEL32(windows,device,005010AC,?,00000050), ref: 004A8E31
Part of subcall function 004A8DF0: CharNextA.USER32(?), ref: 004A8E64

OpenPrinterA.WINSPOOL.DRV(?,00509710,00000000), ref: 004A88C7
GetPrinterA.WINSPOOL.DRV(00000000,00000002,?,00000054,?), ref: 004A88EC
GlobalLock.KERNEL32 ref: 004A890F
GetPrinterA.WINSPOOL.DRV(00000000,00000002,00000000,?,?), ref: 004A8933
DocumentPropertiesA.WINSPOOL.DRV(00000000,00000000,?,00000000,?,00000000,00000000,00000002,?,00000054,?), ref: 004A896A
GlobalLock.KERNEL32 ref: 004A8991
DocumentPropertiesA.WINSPOOL.DRV(00000000,00000000,?,00000000,00000000,00000002), ref: 004A89B6
GlobalUnlock.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002), ref: 004A89C0
GlobalUnlock.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002), ref: 004A89D1
GlobalLock.KERNEL32 ref: 004A89E3
DocumentPropertiesA.WINSPOOL.DRV(00000000,00000000,?,00000000,00000000,0000000E), ref: 004A8A03
GlobalUnlock.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,0000000E), ref: 004A8A1B
GlobalUnlock.KERNEL32(00000000), ref: 004A8A26

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$Unlock$DocumentLockPrinterProperties$CharNextOpenProfileString
String ID:
API String ID: 2950477651-0
Opcode ID: 36cf790d46e3e0642a01b8af5c30a1511a543adcf7e07bf8063dff0cda183eea
Instruction ID: e1d78c761e79de629e2d7a1ba0f09d9a5f2201877ea22dc63c788baacd0d550c
Opcode Fuzzy Hash: 36cf790d46e3e0642a01b8af5c30a1511a543adcf7e07bf8063dff0cda183eea
Instruction Fuzzy Hash: 2251A0B26443016FD720DF94EC85F6F779CEBA6704F04481EFA4486252EB78E808C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 004D03E3, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 60stringCOMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(?,?,DLL_HEADER), ref: 004D03FB
LoadResource.KERNEL32(?,00000000,?,?,DLL_HEADER), ref: 004D0407
LockResource.KERNEL32(00000000,?,00000000,?,?,DLL_HEADER), ref: 004D0414
lstrlenA.KERNEL32(00000000,?,00000000,?,?,DLL_HEADER), ref: 004D0421
lstrlenA.KERNEL32(00000001,?,00000000,?,?,DLL_HEADER), ref: 004D042C
lstrlenA.KERNEL32(00000002,?,00000000,?,?,DLL_HEADER), ref: 004D0437
GlobalLock.KERNEL32 ref: 004D0459
lstrcpyA.KERNEL32(00000001,00000002), ref: 004D0467
GlobalUnlock.KERNEL32(00000000), ref: 004D0474
FreeResource.KERNEL32(00000000,?,00000000,?,?,DLL_HEADER), ref: 004D0477

Strings

DLL_HEADER, xrefs: 004D03F4

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Resource$lstrlen$GlobalLock$FindFreeLoadUnlocklstrcpy
String ID: DLL_HEADER
API String ID: 3641492693-3365584807
Opcode ID: a1d0a9bcc5334ec0bd8f5b75c60134b8be90f05704137445be4ae1fa6fdf4585
Instruction ID: d6def0028d54cbc347f1c81b2b6693eafc598c1232a5b5a048dff2ac43c04d58
Opcode Fuzzy Hash: a1d0a9bcc5334ec0bd8f5b75c60134b8be90f05704137445be4ae1fa6fdf4585
Instruction Fuzzy Hash: 9611E1326012156BC3216B74BC4CE3F7B6CEA997517484836FA45C3B01DA28880D97B1

Uniqueness

Uniqueness Score: -1.00%

Function 004A8040, Relevance: 18.2, APIs: 12, Instructions: 216COMMON

Download Yara Rule

APIs

OffsetRect.USER32(?,?,?), ref: 004A8122
GetObjectA.GDI32(00000000,00000018,?), ref: 004A8135

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ObjectOffsetRect
String ID:
API String ID: 328323421-0
Opcode ID: d5baa25854bc2338a22820565c5f27cf85d73c55b47e221319748c74a168462c
Instruction ID: 3c220add39c73ad12c1b4c417216c102c01e166ac498a641962942a74de0bf65
Opcode Fuzzy Hash: d5baa25854bc2338a22820565c5f27cf85d73c55b47e221319748c74a168462c
Instruction Fuzzy Hash: 2D9164721087059FD310DF54C844A6BF7E4FB89310F048A6EFA9997311DB34EA49CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004CDAC0, Relevance: 18.1, APIs: 12, Instructions: 123COMMON

Download Yara Rule

APIs

GetActiveWindow.USER32 ref: 004CDAE0
CreateDialogParamA.USER32(00400000,?,00000000,004CDCD0,00000000), ref: 004CDB12

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ActiveCreateDialogParamWindow
String ID:
API String ID: 2790109266-0
Opcode ID: 796bb04ac358f4998e1225a09eaffeb3a698c9525a281504970f407df5a04354
Instruction ID: 1b984a1ca2d33d7b8cee9016e439bbe685cfe2c067056e6cb2e5cb287711d076
Opcode Fuzzy Hash: 796bb04ac358f4998e1225a09eaffeb3a698c9525a281504970f407df5a04354
Instruction Fuzzy Hash: 30411976914301AFD314DF68EC46B6F7BE8FBA8304F04452EF94883260E775E8089B52

Uniqueness

Uniqueness Score: -1.00%

Function 004C01A0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GetStockObject.GDI32(00000000), ref: 004C01CA
SelectObject.GDI32(?,00000000), ref: 004C01D2
GetSysColor.USER32(00000006), ref: 004C01DE
CreatePen.GDI32(00000000,00000001,00000000), ref: 004C01E9
SelectObject.GDI32(?,00000000), ref: 004C01F3
Rectangle.GDI32(?,?,?,?,?), ref: 004C020A
SelectObject.GDI32(?,?), ref: 004C0216
SelectObject.GDI32(?,?), ref: 004C0222
DeleteObject.GDI32(00000000), ref: 004C0229

Strings

7BB, xrefs: 004C01AB

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Object$Select$ColorCreateDeleteRectangleStock
String ID: 7BB
API String ID: 3295044720-2230855484
Opcode ID: 296e6e14c792c33d433ffcdf64f2cdfe057a8030c7fc594c0c051112e8d2c3cf
Instruction ID: 4a93c579ff7d8a79c0bf883e947c3c7c629de16409befc83d7e1da07f792503a
Opcode Fuzzy Hash: 296e6e14c792c33d433ffcdf64f2cdfe057a8030c7fc594c0c051112e8d2c3cf
Instruction Fuzzy Hash: 50113672204300AFD310EF58EC49E6FB7E8FF98701F840468FA05C3651C720A9088BA6

Uniqueness

Uniqueness Score: -1.00%

Function 00451760, Relevance: 16.8, APIs: 11, Instructions: 287COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004517C8
SetRect.USER32 ref: 004517E2
GlobalUnlock.KERNEL32(00000000), ref: 0045187C

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockRectUnlock
String ID:
API String ID: 3717195453-0
Opcode ID: 9ad21d520dfacda24a4bf3fd590bcc80d0c1cc982504e73c01252283ca75efd1
Instruction ID: d334fb90e5c6c16b1feb888a95e8883ab4f3feb606b578a0279993d32bd8b7aa
Opcode Fuzzy Hash: 9ad21d520dfacda24a4bf3fd590bcc80d0c1cc982504e73c01252283ca75efd1
Instruction Fuzzy Hash: 7C912776600701ABD320AB19EC45BFB73E4FF45712F40042BED4486652E77DE858C79A

Uniqueness

Uniqueness Score: -1.00%

Function 004BCE10, Relevance: 16.7, APIs: 10, Strings: 1, Instructions: 231COMMON

Download Yara Rule

APIs

CharNextA.USER32(00000001,00000000,?,?), ref: 004BCE49
CharNextA.USER32(00000002,?,?,?,?,00000000,?,?), ref: 004BCE85
CharNextA.USER32(00000001,?,?,?,?,00000000,?,?), ref: 004BCEE5
CharNextA.USER32(00000001,?,?,?,?,00000000,?,?), ref: 004BCF07
CharNextA.USER32(00000002,?,?,?,?,?,?,00000000,?,?), ref: 004BCF2E
CharNextA.USER32(00000000,?,?,?,?,?,?,00000000,?,?), ref: 004BCF56
CharNextA.USER32(00000002,?,?,00000000,?,?), ref: 004BCF8F
CharNextA.USER32(00000000,?,?,?,?,00000000,?,?), ref: 004BCFCB
CharNextA.USER32(00000001,?,?,00000000,?,?), ref: 004BD000
CharNextA.USER32(00000000,?,?,?,?,00000000,?,?), ref: 004BD03C

Strings

0123456789, xrefs: 004BCE4D, 004BCE89, 004BCEB1, 004BCEE9, 004BCF36, 004BCF5E, 004BCFA9, 004BCFD3, 004BD01A, 004BD044

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CharNext
String ID: 0123456789
API String ID: 3213498283-2793719750
Opcode ID: 9cbb938074bbccd7d47acdddafec782ca5cbe7abbdd98b2f6bc628f52a2d7726
Instruction ID: 4b72b83ebace53604333d939dd28b44310cb59295bc56b7560c570d2a99bccda
Opcode Fuzzy Hash: 9cbb938074bbccd7d47acdddafec782ca5cbe7abbdd98b2f6bc628f52a2d7726
Instruction Fuzzy Hash: CC513BB67442029AC7112B366CC19BF77959AA2B89714007FF90092396F76CDC07E6BE

Uniqueness

Uniqueness Score: -1.00%

Function 004D5770, Relevance: 16.7, APIs: 11, Instructions: 197COMMON

Download Yara Rule

APIs

EndDialog.USER32(?,00000000), ref: 004D5897

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Dialog
String ID:
API String ID: 1120787796-0
Opcode ID: 702332147cbca44eff08064862f5a46eea684549da78355e950043e9f4676628
Instruction ID: da44e826dcdb9581bed483ada8ad62b3c43a247590ac31f9f5d9045ede8e53ed
Opcode Fuzzy Hash: 702332147cbca44eff08064862f5a46eea684549da78355e950043e9f4676628
Instruction Fuzzy Hash: 7A5146F1A44300ABE710EF64EC96F6F33A8AB54314F04046BF6059B3D2DA79E945C76A

Uniqueness

Uniqueness Score: -1.00%

Function 004A4CB0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 85stringCOMMON

Download Yara Rule

APIs

lstrcpyA.KERNEL32 ref: 004A4D01
lstrcpyA.KERNEL32(?,WIN), ref: 004A4D0D
lstrcpyA.KERNEL32(?,001), ref: 004A4D19
GlobalLock.KERNEL32 ref: 004A4D64
GlobalUnlock.KERNEL32(?), ref: 004A4D80
GlobalUnlock.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,004A15FC,?), ref: 004A4DA2

Strings

WIN, xrefs: 004A4D07
001, xrefs: 004A4D13
PIG, xrefs: 004A4CE4

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Globallstrcpy$Unlock$Lock
String ID: 001$PIG$WIN
API String ID: 100247453-2017816120
Opcode ID: 885a6d90d2d837aa9e6b20495d51872134e641c875b22e390d61937d9234525f
Instruction ID: 41f5f0fdc742fdd11b157dee274e29bea465457ab8e85cf0bd7030b450bb3ac7
Opcode Fuzzy Hash: 885a6d90d2d837aa9e6b20495d51872134e641c875b22e390d61937d9234525f
Instruction Fuzzy Hash: 0831CEB96183419FCB48CF68D48095ABBE4FF98310F00895AFC499B345E774E909CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 004197D0, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 43stringCOMMON

Download Yara Rule

APIs

GetClassNameA.USER32(?,00000000,0000000A), ref: 004197E3
lstrcmpiA.KERNEL32(?,sedit,?,?,004196F7,00000000), ref: 004197FD
lstrcmpiA.KERNEL32(?,edit,?,?,004196F7,00000000), ref: 0041980D
lstrcmpiA.KERNEL32(?,calcedit,?,?,004196F7,00000000), ref: 0041981D
lstrcmpiA.KERNEL32(?,TmwCustom,?,?,004196F7,00000000), ref: 0041982D

Strings

edit, xrefs: 00419807
sedit, xrefs: 004197F1
TmwCustom, xrefs: 00419827
calcedit, xrefs: 00419817

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrcmpi$ClassName
String ID: TmwCustom$calcedit$edit$sedit
API String ID: 1602732865-2243572413
Opcode ID: 5f9e636cdfa8696ed8c3a57f851f3e07239734bf4fb6e434dfca46c77320727c
Instruction ID: 63a7ba828d5446008657cc93f037656743ea1e23e114459a2353d16a06adfeaf
Opcode Fuzzy Hash: 5f9e636cdfa8696ed8c3a57f851f3e07239734bf4fb6e434dfca46c77320727c
Instruction Fuzzy Hash: BAF04F76A1030666D610E6A5DC50EDF7BDCAB85BC0F840436F904D22D0E665DD49C766

Uniqueness

Uniqueness Score: -1.00%

Function 00460120, Relevance: 15.3, APIs: 10, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 757a79346c9c1df774d9b924260ff13467fe16a430a64922cad81f887c88f344
Instruction ID: d8ba7e077f2333414cc5677105d8e978f02c675e490dd9ba67c95b3d18d0e8a4
Opcode Fuzzy Hash: 757a79346c9c1df774d9b924260ff13467fe16a430a64922cad81f887c88f344
Instruction Fuzzy Hash: 5FB1D2716443009BE720DB18DC89ABF7395EB92310F04492FF95586251FB7E9889CB6B

Uniqueness

Uniqueness Score: -1.00%

Function 00440590, Relevance: 15.1, APIs: 10, Instructions: 103COMMON

Download Yara Rule

APIs

InflateRect.USER32(?,?,?), ref: 004405EE
GetStockObject.GDI32(00000008), ref: 004405FC
SelectObject.GDI32(?,00000000), ref: 0044060A
GetStockObject.GDI32(00000000), ref: 0044060E
SelectObject.GDI32(?,00000000), ref: 00440612
Ellipse.GDI32(?,?,?,?,?), ref: 00440631
GetStockObject.GDI32(00000007), ref: 00440639
SelectObject.GDI32(?,00000000), ref: 0044063D
MoveToEx.GDI32(?,?,?,00000000), ref: 0044064C
LineTo.GDI32(?,?,?), ref: 0044065D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Object$SelectStock$EllipseInflateLineMoveRect
String ID:
API String ID: 696215722-0
Opcode ID: 13e1b56e178ad78433afce1158983f478a28ecc1e14c34a3fbd6a4e2a722dba8
Instruction ID: 1da2ec5df1cc398d8c00d672333c1c1b3442e5d2120a597fe808172e139dc771
Opcode Fuzzy Hash: 13e1b56e178ad78433afce1158983f478a28ecc1e14c34a3fbd6a4e2a722dba8
Instruction Fuzzy Hash: 54317AB2504205AFE200EF18CC81E7BB7A8FB88714F44491DF94993241DB35ED1A8BB2

Uniqueness

Uniqueness Score: -1.00%

Function 004C0A50, Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 367stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004C1860: lstrlenA.KERNEL32(004C8B39,?,004C8B39,00000000), ref: 004C1866

GlobalLock.KERNEL32 ref: 004C0AC7
lstrlenA.KERNEL32(00000000), ref: 004C0B2E

Strings

L, xrefs: 004C0A88

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrlen$GlobalLock
String ID: L
API String ID: 102262628-2909332022
Opcode ID: af77ef8779e3abb4d072f7b0731dc72752ae4ef0f1474a1eaf9c22f943ec2088
Instruction ID: 4e051f0dcd6d8df071f10b80c81dcbb8ca329e5bf30a66cbb1f8fd7440cfd505
Opcode Fuzzy Hash: af77ef8779e3abb4d072f7b0731dc72752ae4ef0f1474a1eaf9c22f943ec2088
Instruction Fuzzy Hash: 17D102B9A04341DBD3A0DF65D841F6B77E4AB54308F08092EF98987382F779E948CB56

Uniqueness

Uniqueness Score: -1.00%

Function 004D5180, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 151librarystringloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 004C26E0: LoadStringA.USER32 ref: 004C2706

lstrcmpiA.KERNEL32(?,?,?,00000000,004D3D21,00000001,?,?,?,?,?,?,004D3D21), ref: 004D51B3
GetProcAddress.KERNEL32(00000000,vdo_entry), ref: 004D5220
FreeLibrary.KERNEL32(?), ref: 004D523B
lstrcmpiA.KERNEL32(?,?,?,?,?,?,?,?,004D3D21,?,?,?,?,?,0050A830), ref: 004D528F

Part of subcall function 0041B120: OpenFile.KERNEL32 ref: 0041B15E

GetProcAddress.KERNEL32(00000000,vdo_entry), ref: 004D52F6
FreeLibrary.KERNEL32(?), ref: 004D5311

Strings

pIt8t @tTt, xrefs: 004D523B, 004D5311
vdo_entry, xrefs: 004D521A, 004D52F0

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressFreeLibraryProclstrcmpi$FileLoadOpenString
String ID: pIt8t @tTt$vdo_entry
API String ID: 1121980432-2460049803
Opcode ID: 3b84c7d0798d4447b688be98c5a28012c131ada3e9716e19dd186e487a1179f3
Instruction ID: a653e5a929021753e549e8a2e75adb9eb0a413b91d57c04d6c04d918bc9e5aeb
Opcode Fuzzy Hash: 3b84c7d0798d4447b688be98c5a28012c131ada3e9716e19dd186e487a1179f3
Instruction Fuzzy Hash: 5A411CB1904F41ABD711DA60AC29BAB3798AB50305F48042BF94682341FF7DA54CC75F

Uniqueness

Uniqueness Score: -1.00%

Function 004C0300, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

MoveToEx.GDI32(?,?,?,00000000), ref: 004C033D
GetSysColor.USER32(00000006), ref: 004C0341
CreatePen.GDI32(00000000,00000001,00000000), ref: 004C034C
SelectObject.GDI32(?,00000000), ref: 004C0356
LineTo.GDI32(?,?,?), ref: 004C0367
SelectObject.GDI32(?,?), ref: 004C0373
DeleteObject.GDI32(00000000), ref: 004C037A

Strings

7BB, xrefs: 004C0308

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Object$Select$ColorCreateDeleteLineMove
String ID: 7BB
API String ID: 1284820705-2230855484
Opcode ID: 5438f902b5f8ebd9b72ab2e24ae0da4c81fe75f96c477344976e5425975c1e45
Instruction ID: 0f9910997cf55b66977ee47cf9afcd62f5e0bb3bf755e3c07332d5134124df26
Opcode Fuzzy Hash: 5438f902b5f8ebd9b72ab2e24ae0da4c81fe75f96c477344976e5425975c1e45
Instruction Fuzzy Hash: D421D375100204BFE210EB58DC46FBF77ACFB99B14F800829FA44C2141E769A90A9777

Uniqueness

Uniqueness Score: -1.00%

Function 004F9D80, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 55libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(user32.dll,?,?,?,004F7339,?,Microsoft Visual C++ Runtime Library,00012010,?,?,00000000), ref: 004F9D92
GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 004F9DAA
GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 004F9DBB
GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 004F9DC8

Strings

user32.dll, xrefs: 004F9D8D
GetLastActivePopup, xrefs: 004F9DBD
MessageBoxA, xrefs: 004F9D9E
GetActiveWindow, xrefs: 004F9DB5

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$LibraryLoad
String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
API String ID: 2238633743-4044615076
Opcode ID: 492f8e01c1c1d15a20cc478c978d053b23bd68ef847328d290fa724b7faf3a28
Instruction ID: 1a42c8de0b1ade90e26e0c16f585ac95dba8b9a29009f03fcc3dd3b4fa4f7b7b
Opcode Fuzzy Hash: 492f8e01c1c1d15a20cc478c978d053b23bd68ef847328d290fa724b7faf3a28
Instruction Fuzzy Hash: DF018C71600215ABC322EF69AC84B7F77E8EF94B91718402AEA04D2250DB28CC19A7A5

Uniqueness

Uniqueness Score: -1.00%

Function 00421E30, Relevance: 13.8, APIs: 8, Strings: 1, Instructions: 276stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004C1EF0: lstrcpynA.KERNEL32(00000003,00000007,00501FDB,00000000,?,00000028,00000000,00421E84,005012D4,00501FDC,00000003,00000007,00000000,?,00000028,00000000), ref: 004C1F11

Part of subcall function 004C26E0: LoadStringA.USER32 ref: 004C2706

CharNextA.USER32(?), ref: 004220D5
CharNextA.USER32(?), ref: 004220F7
lstrcpyA.KERNEL32(00000000,?), ref: 0042214A
lstrcpyA.KERNEL32(00000000,?), ref: 0042216E

Strings

0, xrefs: 00421FFA

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CharNextlstrcpy$LoadStringlstrcpyn
String ID: 0
API String ID: 3191039614-4108050209
Opcode ID: c1844034a82df05463202face142b4bdc2ceba1ce7b2fe84560fda5ed2b6e249
Instruction ID: a29789402ed0679a229cbd13aa33645f04dab3f5cafcf7ef7677a569c3a24a1f
Opcode Fuzzy Hash: c1844034a82df05463202face142b4bdc2ceba1ce7b2fe84560fda5ed2b6e249
Instruction Fuzzy Hash: 7CA1E974744306ABD710EF61BD46FAF76D8AB64348F40082EFA44C2291E7B8D549C76B

Uniqueness

Uniqueness Score: -1.00%

Function 004A1210, Relevance: 13.6, APIs: 9, Instructions: 78windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 004A1221
GetDeviceCaps.GDI32(00000000,00000026), ref: 004A123C
GetDeviceCaps.GDI32(00000000,00000068), ref: 004A1246
GlobalLock.KERNEL32 ref: 004A127C
GetSystemPaletteEntries.GDI32(00000000,00000000,00000000,00000004), ref: 004A1296
CreatePalette.GDI32(00000000), ref: 004A12A1
GetNearestPaletteIndex.GDI32(00000000,?), ref: 004A12B9
DeleteObject.GDI32(00000000), ref: 004A12C0
ReleaseDC.USER32 ref: 004A12D2

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Palette$CapsDevice$CreateDeleteEntriesGlobalIndexLockNearestObjectReleaseSystem
String ID:
API String ID: 2715919649-0
Opcode ID: 59aa0c8cd643943054e20efd415f0fac86000282b53e3c7d1f4e2b8122f1adef
Instruction ID: ecdeb26a3804c039491ca1a1526832865ab78c23755c9f2d36d3bcbe4b1de506
Opcode Fuzzy Hash: 59aa0c8cd643943054e20efd415f0fac86000282b53e3c7d1f4e2b8122f1adef
Instruction Fuzzy Hash: 95212B761003056BE320AB64AC89F6F36ECEFA6750F004536FE05D6361EB68D8098366

Uniqueness

Uniqueness Score: -1.00%

Function 004A8510, Relevance: 13.6, APIs: 9, Instructions: 75windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 004A8520
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 004A8537
ReleaseDC.USER32 ref: 004A8545
CreateCompatibleDC.GDI32(00000000), ref: 004A8563
DeleteObject.GDI32(?), ref: 004A8573
SelectObject.GDI32(00000000,?), ref: 004A8584
PatBlt.GDI32(00000000,00000000,00000000,?,?,00FF0062), ref: 004A859F

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CompatibleCreateObject$BitmapDeleteReleaseSelect
String ID:
API String ID: 4180668664-0
Opcode ID: 19c9714d745edde9437e72432d542e14cc885919285fcd1cdca6b48ee6906d38
Instruction ID: 66e96893a41778a3fce354a70e5e33fa89f2dbf808d7bca6a6f7deda62262104
Opcode Fuzzy Hash: 19c9714d745edde9437e72432d542e14cc885919285fcd1cdca6b48ee6906d38
Instruction Fuzzy Hash: 4821EDB5604701AFD720DFA4EC48B5BB7E8EFA8752F10482EF985C7650DB34E8449B61

Uniqueness

Uniqueness Score: -1.00%

Function 00405BD0, Relevance: 13.6, APIs: 9, Instructions: 67COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00405BEB
GetClientRect.USER32 ref: 00405C05
GetParent.USER32(?), ref: 00405C0A
GetClassLongA.USER32 ref: 00405C11
GetSysColor.USER32(00000005), ref: 00405C42
CreateSolidBrush.GDI32(00000000), ref: 00405C49
FillRect.USER32 ref: 00405C58
DeleteObject.GDI32(00000000), ref: 00405C65
ReleaseDC.USER32 ref: 00405C6D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Rect$BrushClassClientColorCreateDeleteFillLongObjectParentReleaseSolid
String ID:
API String ID: 1968664467-0
Opcode ID: 66d0a863ea4610b0f582be66a838c75f846b4cacf94597167e54a90877e00b0c
Instruction ID: 2935a89221cba65cdf139e1a2de9a74519e4a6b6ff887d7feb9d21c0c1227ae3
Opcode Fuzzy Hash: 66d0a863ea4610b0f582be66a838c75f846b4cacf94597167e54a90877e00b0c
Instruction Fuzzy Hash: 6F119873508709AFE730AB64AC48D6F736CFB59314B140836FA11E3550DA38ED496B76

Uniqueness

Uniqueness Score: -1.00%

Function 004A4E50, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

Part of subcall function 004A4C40: GlobalLock.KERNEL32 ref: 004A4C54

GlobalLock.KERNEL32 ref: 004A4EC4
GlobalUnlock.KERNEL32(00000000), ref: 004A4EDC

Part of subcall function 004C3370: MessageBoxA.USER32 ref: 004C33B6
Part of subcall function 004C3370: GetKeyState.USER32(00000011), ref: 004C33C4
Part of subcall function 004C3370: GetKeyState.USER32(00000012), ref: 004C33CD
Part of subcall function 004C3370: DebugBreak.KERNEL32(?,?,?,?,?,?), ref: 004C33D4

GlobalLock.KERNEL32 ref: 004A4F56
GlobalLock.KERNEL32 ref: 004A4F9C
GlobalUnlock.KERNEL32(00000000), ref: 004A4FBC
DeleteObject.GDI32(00000000), ref: 004A4FE1

Part of subcall function 00484100: GlobalAlloc.KERNELBASE(?,i,L6}Gy&H,004AF11D,00000810,00000042,?,00000000,00000008,00000008,004C29D5,00000008,00000000,?,?), ref: 00484118

Strings

pigswap, xrefs: 004A4EAA

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$Lock$StateUnlock$AllocBreakDebugDeleteMessageObject
String ID: pigswap
API String ID: 534168323-1899667687
Opcode ID: f8d79cb5f4fa280f542c61a3b741536abb3a43493ddfb3e9ac9463cfe86491d9
Instruction ID: 6e97d9e82aa146848486393ca7bd39e2c9489accada8986c772c723ffa55d58e
Opcode Fuzzy Hash: f8d79cb5f4fa280f542c61a3b741536abb3a43493ddfb3e9ac9463cfe86491d9
Instruction Fuzzy Hash: 154181B6904340ABD370EB54EC45FAF73A8BBE5304F04482EF948C7252EB799948D756

Uniqueness

Uniqueness Score: -1.00%

Function 004AD950, Relevance: 12.3, APIs: 8, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 93c59f493efb80dfa9027f6fe5b412339c106d4ae6afec410b05114c230349e6
Instruction ID: 7bc165b726b688fe6dd63818f158b4cce9322070e2fccb92eb75f3b30ee405eb
Opcode Fuzzy Hash: 93c59f493efb80dfa9027f6fe5b412339c106d4ae6afec410b05114c230349e6
Instruction Fuzzy Hash: CEB1C2B1A00B029BC314CF2DD885A5BB3E4FF99314B40896EE845CBB11E779E905CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00419860, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53stringCOMMON

Download Yara Rule

APIs

GetWindow.USER32(?,00000005), ref: 00419874
GetClassNameA.USER32(00000000,?,0000000A), ref: 00419890
lstrcmpiA.KERNEL32(?,button), ref: 004198A0
GetWindowLongA.USER32 ref: 004198A9
GetWindow.USER32(00000000,00000002), ref: 004198B2
GetWindowLongA.USER32 ref: 004198C7

Strings

button, xrefs: 0041989A

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$Long$ClassNamelstrcmpi
String ID: button
API String ID: 3627314142-973515837
Opcode ID: 1866290d6058d1b6623a2bf292758693328cc092542384b9223ed9087e7acac1
Instruction ID: c9c349654c51862d41d5c0c4b183650943712dccdde98469df2d80aebd948b85
Opcode Fuzzy Hash: 1866290d6058d1b6623a2bf292758693328cc092542384b9223ed9087e7acac1
Instruction Fuzzy Hash: D9F0D13664020A27C611A66CAC85EBF77ACEBC2B71F140136F920D3290EA29DC0A5766

Uniqueness

Uniqueness Score: -1.00%

Function 00419230, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 50registryCOMMON

Download Yara Rule

APIs

GetClassInfoA.USER32 ref: 00419245
LoadCursorA.USER32 ref: 00419282
RegisterClassA.USER32 ref: 004192B3

Strings

AWModalDialog, xrefs: 004192AA
", xrefs: 00419279
AWWoidDialog, xrefs: 0041923F, 004192C9

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Class$CursorInfoLoadRegister
String ID: "$AWModalDialog$AWWoidDialog
API String ID: 1200866038-690445165
Opcode ID: 1bdcd315b60bce0eb9471172cc1272300fea537964707277825f292bda094d9a
Instruction ID: e3d6af7a4ff90cb75b1dec938f07e0417b09ba81118bf289289425049c6dc8b2
Opcode Fuzzy Hash: 1bdcd315b60bce0eb9471172cc1272300fea537964707277825f292bda094d9a
Instruction Fuzzy Hash: 66115AB4509311ABD310DF14D988A8F7FE8BF88758F40891EF88896290D7799989DB86

Uniqueness

Uniqueness Score: -1.00%

Function 004E07E0, Relevance: 12.3, APIs: 8, Instructions: 293COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004E0816
GlobalLock.KERNEL32 ref: 004E085A
GlobalUnlock.KERNEL32(00000000), ref: 004E087F
GlobalLock.KERNEL32 ref: 004E094D
__ftol.LIBCMT ref: 004E0B25
GlobalUnlock.KERNEL32(?), ref: 004E0B74
GlobalUnlock.KERNEL32(?), ref: 004E0B90
GlobalUnlock.KERNEL32(00000000), ref: 004E0BBC

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$Unlock$Lock$__ftol
String ID:
API String ID: 1714235899-0
Opcode ID: 87067140427873d4131fc45409b97ac924d5e24c9c728668e9d30941f52d2c88
Instruction ID: ba2f2797cf0e50613ca909e452044197ac75de84621a53c6ce7804e5873b3663
Opcode Fuzzy Hash: 87067140427873d4131fc45409b97ac924d5e24c9c728668e9d30941f52d2c88
Instruction Fuzzy Hash: E8C1EB74A002489FDB10DFE9C885BAEB7B4FF08305F14806AE829EB351D779E985CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00471630, Relevance: 12.2, APIs: 8, Instructions: 207COMMON

Download Yara Rule

APIs

Polygon.GDI32(?,?,?), ref: 004716AC
Polyline.GDI32(?,?,?), ref: 004716F6
Polygon.GDI32(?,?,?), ref: 00471761
Polygon.GDI32(?,?,?), ref: 00471744

Part of subcall function 004727D0: SetTextColor.GDI32(?,448D3424), ref: 0047280C
Part of subcall function 004727D0: SetBkColor.GDI32(?,?), ref: 00472833
Part of subcall function 004727D0: SetROP2.GDI32(?,00000009), ref: 0047283C

Polyline.GDI32(?,?,?), ref: 0047179E
Polyline.GDI32(?,?,?), ref: 004717BB

Part of subcall function 00472780: SetROP2.GDI32(0047101A,0000000F), ref: 004727C3

Polygon.GDI32(?,?,?), ref: 00471812
Polygon.GDI32(?,?,?), ref: 0047184B

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Polygon$Polyline$Color$Text
String ID:
API String ID: 1004149754-0
Opcode ID: 60b23bb317fd0f7e39d9ab1aa7e532b242160c6279fe71b0bddfcefbf5cc594e
Instruction ID: 34e406b8a9e0db647d9b0ebbd364ab970975a9a3aefcffd4e52044e6413956f6
Opcode Fuzzy Hash: 60b23bb317fd0f7e39d9ab1aa7e532b242160c6279fe71b0bddfcefbf5cc594e
Instruction Fuzzy Hash: BB617F71504205ABE214EB15DD85CBFB7FCEF86B08F40880EF48952251E768AD4AD7BB

Uniqueness

Uniqueness Score: -1.00%

Function 00474B90, Relevance: 12.2, APIs: 8, Instructions: 190stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,?,00000200,00000000,00000000,?,?), ref: 00474BEC
lstrlenA.KERNEL32(00000000), ref: 00474C3B
lstrlenA.KERNEL32(?), ref: 00474C46
GlobalLock.KERNEL32 ref: 00474CBC
lstrlenA.KERNEL32(?), ref: 00474CEA
GlobalLock.KERNEL32 ref: 00474D0D
GlobalUnlock.KERNEL32(00000000), ref: 00474D8C
GlobalUnlock.KERNEL32(00000000), ref: 00474DA8

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Globallstrlen$LockUnlock
String ID:
API String ID: 1276114829-0
Opcode ID: fcdaeee26dc02ab54112e511cc44c5b4566070e214c44c5ef9411d8905a48561
Instruction ID: 17a820ae8819460a2ffaf1b2f08f021751f944170aa3413a80630b347787bbbb
Opcode Fuzzy Hash: fcdaeee26dc02ab54112e511cc44c5b4566070e214c44c5ef9411d8905a48561
Instruction Fuzzy Hash: 4A61CF716043059FD720DF64E888ABBB3E4FBC8314F04892EE98997351D778E949CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004BDB10, Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 189stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000001,?), ref: 004BDBF8
lstrlenA.KERNEL32(?), ref: 004BDC66
lstrlenA.KERNEL32(?,?,00000001,?), ref: 004BDB94

Part of subcall function 00461570: GlobalUnlock.KERNEL32(?,?,00000000,00000000,?,0047DAE6,?,005010AC,00000001,?,?,?,00000000), ref: 0046158E

Part of subcall function 00461570: GlobalLock.KERNEL32 ref: 004615D0

Strings

displayNameString, xrefs: 004BDBDE
, xrefs: 004BDB16
???, xrefs: 004BDC0D, 004BDC7B
local, xrefs: 004BDCBD
global, xrefs: 004BDCC6

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrlen$Global$LockUnlock
String ID: $???$displayNameString$global$local
API String ID: 2886213791-503878886
Opcode ID: 0115cd68b02b91254ce53cf85c690759a0bd4b980dd873856d0eca80857eb04d
Instruction ID: 56f52693adbeec867bfab3386afebedb53d5297ce0a3a3970aa503ece0af95aa
Opcode Fuzzy Hash: 0115cd68b02b91254ce53cf85c690759a0bd4b980dd873856d0eca80857eb04d
Instruction Fuzzy Hash: 135185B15083017BD214DB50DC52EABBBECABC5748F04491EB64696181F6B9E608CBA7

Uniqueness

Uniqueness Score: -1.00%

Function 0046D646, Relevance: 12.1, APIs: 8, Instructions: 103stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0046B3C0: WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,00000000), ref: 0046B429
Part of subcall function 0046B3C0: GlobalLock.KERNEL32 ref: 0046B455
Part of subcall function 0046B3C0: WNetEnumResourceA.MPR(?,?,?,?), ref: 0046B487
Part of subcall function 0046B3C0: GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0046B498
Part of subcall function 0046B3C0: GlobalLock.KERNEL32 ref: 0046B4AF
Part of subcall function 0046B3C0: WNetCloseEnum.MPR(?), ref: 0046B4F8
Part of subcall function 0046B3C0: GlobalUnlock.KERNEL32(00000000,?,?,00000000), ref: 0046B4FE

GlobalLock.KERNEL32 ref: 0046D6D4
GlobalLock.KERNEL32 ref: 0046D6E9
GlobalUnlock.KERNEL32(?,00000000), ref: 0046D70E
GlobalUnlock.KERNEL32(?,?,00000000), ref: 0046D718
lstrlenA.KERNEL32 ref: 0046D736
lstrlenA.KERNEL32(?,00502100,00000002,?,00000001), ref: 0046D756
GlobalUnlock.KERNEL32(?,?,00000001,?,00000001), ref: 0046D76E
GlobalUnlock.KERNEL32(?,?,?,00000001,?,00000001), ref: 0046D778

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$Unlock$Lock$Enum$lstrlen$CloseOpenResource
String ID:
API String ID: 3343919622-0
Opcode ID: 69d520bf21bd8c74e1f6c0eeae232cbe54f7818cde0c25e631d4aed204a02440
Instruction ID: e5ecdd15a0faa4cd654825164fa42ab6f73fd544195809c4ad628f238c1a3a57
Opcode Fuzzy Hash: 69d520bf21bd8c74e1f6c0eeae232cbe54f7818cde0c25e631d4aed204a02440
Instruction Fuzzy Hash: 30318DB4B042059BD704EF65E880A2F77E9AFC8704F04442EF845C7351EA28ED09CBA7

Uniqueness

Uniqueness Score: -1.00%

Function 00411E20, Relevance: 12.1, APIs: 8, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00411E24
GetDeviceCaps.GDI32(00000000,00000026), ref: 00411E47
GetDeviceCaps.GDI32(00000000,00000068), ref: 00411E51
GetDeviceCaps.GDI32(00000000,00000018), ref: 00411E5B
GetSystemPaletteEntries.GDI32(00000000,00000000,00000000,00506D18), ref: 00411E8F
GetSystemPaletteEntries.GDI32(00000000,00000000,FFFFFFFF), ref: 00411EAF
GetVersion.KERNEL32 ref: 00411EB1
ReleaseDC.USER32 ref: 00411EEE

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CapsDevice$EntriesPaletteSystem$ReleaseVersion
String ID:
API String ID: 302340359-0
Opcode ID: dd6c816b93be4ed6f1bf7d6542e34e03e8500b77d8bbf3c4ce2efadd60dd1ffc
Instruction ID: 0b23e5f198bdea6ce03128bd6d6bcc05c22d5bcedc7b5f0f28e3430abde724d4
Opcode Fuzzy Hash: dd6c816b93be4ed6f1bf7d6542e34e03e8500b77d8bbf3c4ce2efadd60dd1ffc
Instruction Fuzzy Hash: CA11D6733006015BE330AB68EC09BDE3664EBA1300F140126F500D62B0D7B99899FBF9

Uniqueness

Uniqueness Score: -1.00%

Function 004E0140, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

`nP, xrefs: 004E0222

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: `nP
API String ID: 0-662898159
Opcode ID: 053993d1fe1d35e373d400574bace349eeef7bea24084f8edab08145a50e4b52
Instruction ID: 4cf71d35afab5c86d971d4896892e3a6cf2439227f135c2d4868cb56c2e80f4b
Opcode Fuzzy Hash: 053993d1fe1d35e373d400574bace349eeef7bea24084f8edab08145a50e4b52
Instruction Fuzzy Hash: BA8172B5E002189BDB20EBA6DC45BDE77B8AF08345F0404E6FA09E7351E678DA84CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00458DC0, Relevance: 10.7, APIs: 7, Instructions: 197COMMON

Download Yara Rule

APIs

Part of subcall function 004D9200: GlobalLock.KERNEL32 ref: 004D9216

Part of subcall function 004D9260: GlobalUnlock.KERNEL32(570C2474,?,004D892D,0046A15C,?,?,?,?,?,?,80040001), ref: 004D927A

Part of subcall function 00484100: GlobalAlloc.KERNELBASE(?,i,L6}Gy&H,004AF11D,00000810,00000042,?,00000000,00000008,00000008,004C29D5,00000008,00000000,?,?), ref: 00484118

GlobalLock.KERNEL32 ref: 00458E93
GlobalUnlock.KERNEL32(?), ref: 00458EBC

Part of subcall function 00423AC0: GlobalLock.KERNEL32 ref: 00423AC9
Part of subcall function 00423AC0: GlobalUnlock.KERNEL32(?,?,?), ref: 00423B34

GlobalLock.KERNEL32 ref: 00458EDF
GlobalUnlock.KERNEL32(?), ref: 00458FC8

Part of subcall function 004835D0: CharNextA.USER32(?,?,00000001,?,?,?,?,?,?), ref: 0048361C
Part of subcall function 004835D0: lstrcmpiA.KERNEL32 ref: 00483698

GlobalLock.KERNEL32 ref: 00458F37
GlobalUnlock.KERNEL32(?), ref: 00458F45

Part of subcall function 00423EE0: GlobalLock.KERNEL32 ref: 00423EE7
Part of subcall function 00423EE0: GlobalUnlock.KERNEL32(?), ref: 00423EF9

CharNextA.USER32(00000000), ref: 00458FA6

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock$CharNext$Alloclstrcmpi
String ID:
API String ID: 3149476466-0
Opcode ID: 8598eb5b576b5c7e41efbf266dd6d1fc6b287ed3fdc8102e09545291caf9dd45
Instruction ID: 12335f06536542d2c694dd54c78fe9dbcc6988da33e1785d03a89412c253258f
Opcode Fuzzy Hash: 8598eb5b576b5c7e41efbf266dd6d1fc6b287ed3fdc8102e09545291caf9dd45
Instruction Fuzzy Hash: F25161B1A043006FD210EB65DC85A6F77E8EF84719F44082EFD4597202EA7DE958CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0041C680, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 184COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 0041C6B8
GlobalUnlock.KERNEL32(?), ref: 0041C8A4

Strings

(, xrefs: 0041C6FB
., xrefs: 0041C716
!, xrefs: 0041C703

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID: !$($.
API String ID: 2502338518-246625009
Opcode ID: 879401d5a2b3831c63343da2e93f07e1dd07066eca98e2794198a4b401eeaa93
Instruction ID: 77036f8e2c73cbabe302c199280a256f436031df08a5f4632cff52f5af019c55
Opcode Fuzzy Hash: 879401d5a2b3831c63343da2e93f07e1dd07066eca98e2794198a4b401eeaa93
Instruction Fuzzy Hash: 59510879984613A6D320BF65DCC57F77264FB10349F44002BE81182A41E3ADE9DADBEE

Uniqueness

Uniqueness Score: -1.00%

Function 004495D0, Relevance: 10.7, APIs: 7, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d72c822f5d19e08f4ea90125019424b0bfd5b23c6d79bfc0254f19d6ce38f31
Instruction ID: df6230ab434505747547a40caf2334dc5d60e7c6d99a4c341897d68ad898db33
Opcode Fuzzy Hash: 6d72c822f5d19e08f4ea90125019424b0bfd5b23c6d79bfc0254f19d6ce38f31
Instruction Fuzzy Hash: C951D5B6A042059BE710EF54BC85A2F77A8FB98704F04043AFD04C7312EA69ED09E796

Uniqueness

Uniqueness Score: -1.00%

Function 00495620, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004957D6
GlobalUnlock.KERNEL32(00000000), ref: 00495801

Strings

#%s, xrefs: 004956F3
%ld, xrefs: 004956A5
<%ld, %lx>, xrefs: 0049566E
"%s", xrefs: 0049572A

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID: "%s"$#%s$%ld$<%ld, %lx>
API String ID: 2502338518-1217401709
Opcode ID: fee7e50d019164dcfeb6408b7dfcb2159d32c9e757a109f805fa2e9c482cad88
Instruction ID: 1a055ad7de5f433e9a1eb77796afef0cf1ff2058741db8312e3395a465eaa9e3
Opcode Fuzzy Hash: fee7e50d019164dcfeb6408b7dfcb2159d32c9e757a109f805fa2e9c482cad88
Instruction Fuzzy Hash: A051A8B56142006BD611F711DC42FBF77DCEB98348F54482DF98993242E638EA258BA6

Uniqueness

Uniqueness Score: -1.00%

Function 0046DE60, Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 122stringCOMMON

Download Yara Rule

APIs

lstrcpynA.KERNEL32(?,?,00000000), ref: 0046DED2
lstrcpynA.KERNEL32(00000105,?,00000105), ref: 0046DF2D
lstrcpynA.KERNEL32(?,?,00000000), ref: 0046DF75
lstrcpynA.KERNEL32(?,?,00000000), ref: 0046DFD3

Strings

Unknown, xrefs: 0046DEF4, 0046DF94

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrcpyn
String ID: Unknown
API String ID: 97706510-1654365787
Opcode ID: f0d6ec9f2a3638b89d68477164cb2d6c99db1e57faae95f79c9bdbcd526524ba
Instruction ID: d21d378871910e08908c8a0006865e5b433e330897f0ff2939e5cbf5a40c3951
Opcode Fuzzy Hash: f0d6ec9f2a3638b89d68477164cb2d6c99db1e57faae95f79c9bdbcd526524ba
Instruction Fuzzy Hash: CE4150706047989BD739DF10D895ABFB799EB98304F00042EED8B87242EB799D09C767

Uniqueness

Uniqueness Score: -1.00%

Function 0046C270, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120stringCOMMON

Download Yara Rule

APIs

lstrcpynA.KERNEL32(?,?,00000105), ref: 0046C297
lstrlenA.KERNEL32(?), ref: 0046C2A8
CharPrevA.USER32(?,?), ref: 0046C2D1
GlobalLock.KERNEL32 ref: 0046C32B
lstrlenA.KERNEL32(00000000), ref: 0046C358

Strings

\, xrefs: 0046C2E4

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrlen$CharGlobalLockPrevlstrcpyn
String ID: \
API String ID: 169463464-2967466578
Opcode ID: bf5a078679b7a3ced956ef44c71434824f327f8e38e15d1dde19af71f57430f8
Instruction ID: ce313d14fd04d62672ded5f3de2be18ce363e61b9afa73664c763f9dc6f2876b
Opcode Fuzzy Hash: bf5a078679b7a3ced956ef44c71434824f327f8e38e15d1dde19af71f57430f8
Instruction Fuzzy Hash: 0D41F7711083429AD324DF64C880ABFB7E4AF55308F04492EFDC182681F779E949CB9B

Uniqueness

Uniqueness Score: -1.00%

Function 004BCCB0, Relevance: 10.6, APIs: 7, Instructions: 120stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,?,00000000,?,?,?,004BC7C8,00000000), ref: 004BCCBC

Part of subcall function 004C1860: lstrlenA.KERNEL32(004C8B39,?,004C8B39,00000000), ref: 004C1866

GlobalLock.KERNEL32 ref: 004BCCDC
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,004BC7C8,00000000), ref: 004BCD0A
CharPrevA.USER32(00000000,?), ref: 004BCD45
GlobalUnlock.KERNEL32(00000000), ref: 004BCD60
GlobalUnlock.KERNEL32(00000000), ref: 004BCDAB
lstrlenA.KERNEL32(?), ref: 004BCDB6

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrlen$Global$Unlock$CharLockPrev
String ID:
API String ID: 1128599775-0
Opcode ID: de39a36fab704ba408c08e45aea70e0040c0a4662dd4d6b3c2e8797cb5bf0a84
Instruction ID: 7af085c2b31f6f852eda1e19376549bf6a5b2d9ef0f534565d87f858c4820b92
Opcode Fuzzy Hash: de39a36fab704ba408c08e45aea70e0040c0a4662dd4d6b3c2e8797cb5bf0a84
Instruction Fuzzy Hash: 8A318F7A508211AFD610DB649C85B6FBBECEF99315F04093EFC85A3212D628D90987B6

Uniqueness

Uniqueness Score: -1.00%

Function 00470B00, Relevance: 10.6, APIs: 7, Instructions: 97windowCOMMON

Download Yara Rule

APIs

CreateBitmap.GDI32(00000008,00000008,00000001,00000001,-00502D60), ref: 00470B2B
CreatePatternBrush.GDI32(00000000), ref: 00470B34
DeleteObject.GDI32(00000000), ref: 00470B3B
SelectObject.GDI32(?,?), ref: 00470B5D
SelectObject.GDI32(?,?), ref: 00470B92
SelectObject.GDI32(?,?), ref: 00470BD9
DeleteObject.GDI32(?), ref: 00470BE9

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Object$Select$CreateDelete$BitmapBrushPattern
String ID:
API String ID: 391695215-0
Opcode ID: 4af0a3e7df4d72cb1067323aad7faaaa1e237249821124eee3b0b714598f7c3f
Instruction ID: dad992230667fea8e83518ff05e935a6b0d64c513468b4f87a0f03f641d55f9f
Opcode Fuzzy Hash: 4af0a3e7df4d72cb1067323aad7faaaa1e237249821124eee3b0b714598f7c3f
Instruction Fuzzy Hash: 73319FB1604301AFE310EF69DC48E7FB7EDEB98704F40882AF949D3250D675E9098B62

Uniqueness

Uniqueness Score: -1.00%

Function 004A5DB0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 00484100: GlobalAlloc.KERNELBASE(?,i,L6}Gy&H,004AF11D,00000810,00000042,?,00000000,00000008,00000008,004C29D5,00000008,00000000,?,?), ref: 00484118

GlobalLock.KERNEL32 ref: 004A5DF8
GlobalUnlock.KERNEL32(02330124,?,?,?,00477F95), ref: 004A5E12
GlobalLock.KERNEL32 ref: 004A7327
GlobalUnlock.KERNEL32(0233013C), ref: 004A73A0

Part of subcall function 004C3370: MessageBoxA.USER32 ref: 004C33B6
Part of subcall function 004C3370: GetKeyState.USER32(00000011), ref: 004C33C4
Part of subcall function 004C3370: GetKeyState.USER32(00000012), ref: 004C33CD
Part of subcall function 004C3370: DebugBreak.KERNEL32(?,?,?,?,?,?), ref: 004C33D4

Strings

pigutl, xrefs: 004A5DDF, 004A7313
Lp, xrefs: 004A5DFF, 004A5E18

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockStateUnlock$AllocBreakDebugMessage
String ID: pigutl$Lp
API String ID: 3281170634-736271066
Opcode ID: c1d14639999d607d1506aedd7b82875dfdb4cb019ba6ff4487de7e5c579af306
Instruction ID: d67aa59185d1b4ea0f87f4dced87d7dcfdd0231ea2277c142c5f55998262e1d8
Opcode Fuzzy Hash: c1d14639999d607d1506aedd7b82875dfdb4cb019ba6ff4487de7e5c579af306
Instruction Fuzzy Hash: 7A2182F5D05B019BC360EF74BD09B8B3AE4A735308F00442EE519CB252EB7994089B59

Uniqueness

Uniqueness Score: -1.00%

Function 004198E0, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 41stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 004198EE
GetClassNameA.USER32(00000000,?,00000014), ref: 00419900
lstrcmpiA.KERNEL32(?,listbox), ref: 0041991A
lstrcmpiA.KERNEL32(?,buttonlistbox), ref: 0041992A

Strings

buttonlistbox, xrefs: 00419924
listbox, xrefs: 0041990E

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrcmpi$ClassItemName
String ID: buttonlistbox$listbox
API String ID: 575076172-141088928
Opcode ID: 6c82475078a1d45f280c8411e9dc2aea6b370a04b7c831d51876f83c4aff2936
Instruction ID: 567b4bfa29d6fcd71c3aeb1c77a79a10a581fe7d623a0a77864efe254d23e363
Opcode Fuzzy Hash: 6c82475078a1d45f280c8411e9dc2aea6b370a04b7c831d51876f83c4aff2936
Instruction Fuzzy Hash: 7EF090B17243016ADA24EB78CE55ADF3B9CBB40B50F840469FC49C23A0EA38DD0496B5

Uniqueness

Uniqueness Score: -1.00%

Function 00414110, Relevance: 10.5, APIs: 7, Instructions: 38COMMON

Download Yara Rule

APIs

LoadCursorA.USER32 ref: 0041412E
LoadCursorA.USER32 ref: 0041413C
LoadCursorA.USER32 ref: 0041414B
LoadCursorA.USER32 ref: 0041415A
LoadCursorA.USER32 ref: 00414169
LoadCursorA.USER32 ref: 00414177
LoadCursorA.USER32 ref: 00414186

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CursorLoad
String ID:
API String ID: 3238433803-0
Opcode ID: 1d1de9ba7c88a5adff062b85e9d1838fa94d6ac3d2348e01d87d3e88e4a7700a
Instruction ID: 96ceee74459c8f80e4c6af30859f9438b49c3deef06a72692889cdaa64fd1ae3
Opcode Fuzzy Hash: 1d1de9ba7c88a5adff062b85e9d1838fa94d6ac3d2348e01d87d3e88e4a7700a
Instruction Fuzzy Hash: D7F0FF71B48201BBEE10DBA9EE4DF9D3665A761703F004090FA09CEDE1C779A884E715

Uniqueness

Uniqueness Score: -1.00%

Function 004A9080, Relevance: 10.5, APIs: 7, Instructions: 31COMMON

Download Yara Rule

APIs

EndPage.GDI32(00000000), ref: 004A909F
EndDoc.GDI32(00000000), ref: 004A90A6
DeleteDC.GDI32(00000000), ref: 004A90AD
AbortDoc.GDI32(00000000), ref: 004A90B5
DeleteDC.GDI32(00000000), ref: 004A90BC
DeleteDC.GDI32(00000000), ref: 004A90C9
DeleteDC.GDI32(00000000), ref: 004A90D6

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Delete$AbortPage
String ID:
API String ID: 1809710619-0
Opcode ID: 486cfa3216feca96aa1bb6d8c42831a5b1c6a66c87bb67b4f100223014475ee5
Instruction ID: be983437990d5f004b8d1c26f4509ac076d4894f3c869872cdf702d753c493d6
Opcode Fuzzy Hash: 486cfa3216feca96aa1bb6d8c42831a5b1c6a66c87bb67b4f100223014475ee5
Instruction Fuzzy Hash: A7F0FE32409622EFC7226B54FC0C7CE77A4EF66755F05845AF10992425C7381989EBD7

Uniqueness

Uniqueness Score: -1.00%

Function 00418C00, Relevance: 9.4, APIs: 6, Instructions: 389windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 00418EBA
LockResource.KERNEL32(00000000), ref: 00418EF7
SendMessageA.USER32(?,00000404,?,00000001), ref: 00418F3A
SendMessageA.USER32(?,00000407,00000000,00000000), ref: 00418F58
SendMessageA.USER32(?,00000111,?,?), ref: 00418F80
FreeResource.KERNEL32(?), ref: 00418F8B

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: MessageSend$Resource$FreeItemLock
String ID:
API String ID: 3422749597-0
Opcode ID: 7a3daad9f245241e868e4c7b24028b9af7c97cdaf33cfb774136bf59f468066b
Instruction ID: b56c0fa4726ed77eb9164f238997d8ab468927a61d28b92204b932d1b11e3cf7
Opcode Fuzzy Hash: 7a3daad9f245241e868e4c7b24028b9af7c97cdaf33cfb774136bf59f468066b
Instruction Fuzzy Hash: 6EB1DA777402106BE724E7A5AC46AEBB394DB88335F44043FFE49C3741E52EE9898365

Uniqueness

Uniqueness Score: -1.00%

Function 004099B0, Relevance: 9.2, APIs: 6, Instructions: 208COMMON

Download Yara Rule

APIs

PtInRect.USER32(?,?,?), ref: 004099EA
PtInRect.USER32(?,?,?), ref: 004099F4

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Rect
String ID:
API String ID: 400858303-0
Opcode ID: c3069ca17bacd96c8ee5e5d35aab56a4220b46ac3d8814cda3e3232490005cb4
Instruction ID: 0ce1ffc7c244981920e8f1f4bf9c4da8dac899be0a75f703433724b18962e6b5
Opcode Fuzzy Hash: c3069ca17bacd96c8ee5e5d35aab56a4220b46ac3d8814cda3e3232490005cb4
Instruction Fuzzy Hash: 5161A2726083019FD714DF65DC81AABB7E8EBC4714F00892EF989D7241EA39ED04CB66

Uniqueness

Uniqueness Score: -1.00%

Function 004497F0, Relevance: 9.2, APIs: 6, Instructions: 196COMMON

Download Yara Rule

APIs

Part of subcall function 00484100: GlobalAlloc.KERNELBASE(?,i,L6}Gy&H,004AF11D,00000810,00000042,?,00000000,00000008,00000008,004C29D5,00000008,00000000,?,?), ref: 00484118

GlobalLock.KERNEL32 ref: 00449821

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$AllocLock
String ID:
API String ID: 15508794-0
Opcode ID: 8154ebeec0fd79931fcfb2e6d3f61e80d6b9e640583df913a1c20e8218b1a481
Instruction ID: e177fe449cdf8b43b0e6241b2eb40d4fe4c23dfb8065c13b735ae623d63445b5
Opcode Fuzzy Hash: 8154ebeec0fd79931fcfb2e6d3f61e80d6b9e640583df913a1c20e8218b1a481
Instruction Fuzzy Hash: CC51DE71A182169FD710EF28888852FB7E0FBD8354F58492EF885D3310E638DC49EB96

Uniqueness

Uniqueness Score: -1.00%

Function 0046CC70, Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

., xrefs: 0046CD48

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: ee19a7f794bc65f5b84a637273608c9a7951456753f9bcddc2392be6575fafba
Instruction ID: 7f9573c010e3fa6a8cc9968a58a8a946df9c4f8ee42985ca4342d95b2b3872c2
Opcode Fuzzy Hash: ee19a7f794bc65f5b84a637273608c9a7951456753f9bcddc2392be6575fafba
Instruction Fuzzy Hash: D24162705083859EDB30DB60C899BFB7BD86B59344F04082BD5C582252F778D949CB6B

Uniqueness

Uniqueness Score: -1.00%

Function 0046D360, Relevance: 9.1, APIs: 6, Instructions: 115stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0046B3C0: WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,00000000), ref: 0046B429
Part of subcall function 0046B3C0: GlobalLock.KERNEL32 ref: 0046B455
Part of subcall function 0046B3C0: WNetEnumResourceA.MPR(?,?,?,?), ref: 0046B487
Part of subcall function 0046B3C0: GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0046B498
Part of subcall function 0046B3C0: GlobalLock.KERNEL32 ref: 0046B4AF
Part of subcall function 0046B3C0: WNetCloseEnum.MPR(?), ref: 0046B4F8
Part of subcall function 0046B3C0: GlobalUnlock.KERNEL32(00000000,?,?,00000000), ref: 0046B4FE

lstrlenA.KERNEL32(?,?,?,?,00000000), ref: 0046D3B5
GlobalLock.KERNEL32 ref: 0046D3F4
GlobalLock.KERNEL32 ref: 0046D419
lstrlenA.KERNEL32(?,00000000,?,?,?,00000000), ref: 0046D42A
GlobalUnlock.KERNEL32(?,?,00000000,?,?,?,00000000), ref: 0046D4B5
GlobalUnlock.KERNEL32(?,00000000,?,?,?,00000000), ref: 0046D4C9

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock$Enum$lstrlen$CloseOpenResource
String ID:
API String ID: 922364433-0
Opcode ID: 4b24bfe3054a7784705babd0249021c8e9f76a4c7c72efef266a0051db8b84c0
Instruction ID: ec2adc488dc0419c77fc34a750c1b35948ada0fee15c2d4e8631e0da6ce15231
Opcode Fuzzy Hash: 4b24bfe3054a7784705babd0249021c8e9f76a4c7c72efef266a0051db8b84c0
Instruction Fuzzy Hash: 14418F74A043419BD720DF15D848B6F77E8AF94348F04482EE88587351EB39ED09CB67

Uniqueness

Uniqueness Score: -1.00%

Function 004BC960, Relevance: 9.1, APIs: 6, Instructions: 100stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004BCA70: CharNextA.USER32(00000000), ref: 004BCAB9

CharNextA.USER32(00000000), ref: 004BC9CC
lstrlenA.KERNEL32(00000000), ref: 004BC9E0
lstrlenA.KERNEL32(00000000), ref: 004BC9E8

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CharNextlstrlen
String ID:
API String ID: 2279410217-0
Opcode ID: 69a3a8cfe8286a6bc7bc44fa86b8be94d70c44aef20e9d100ab0029098de11a7
Instruction ID: 1a1d8057f1071c9a998260b765bf65e31474a16138809042ed7fde8a45e0491a
Opcode Fuzzy Hash: 69a3a8cfe8286a6bc7bc44fa86b8be94d70c44aef20e9d100ab0029098de11a7
Instruction Fuzzy Hash: 6F210EF19042185FE720DB28ACC5BAF7298EB19344F05043AF906D7212D539ED49D7B9

Uniqueness

Uniqueness Score: -1.00%

Function 00455540, Relevance: 9.1, APIs: 6, Instructions: 98stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004C26E0: LoadStringA.USER32 ref: 004C2706

lstrlenA.KERNEL32(?,?,?,?,?,00000000,00000001,00000001), ref: 00455593
lstrlenA.KERNEL32(?,?,?,?,?,00000000,00000001,00000001), ref: 0045559C
lstrlenA.KERNEL32(?,?,?,?,?,00000000,00000001,00000001), ref: 004555A8
lstrlenA.KERNEL32(?,?,?,?,?,00000000,00000001,00000001), ref: 004555D6

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrlen$LoadString
String ID:
API String ID: 7093501-0
Opcode ID: 31082e3c8672d655f2121004e0157d8992bebfe113e4f0f847cd7b33da8cab79
Instruction ID: 7b049bc79db51d61bc28d9f4fd47c7ffc7189c2f8079c6046a62749c455b2703
Opcode Fuzzy Hash: 31082e3c8672d655f2121004e0157d8992bebfe113e4f0f847cd7b33da8cab79
Instruction Fuzzy Hash: E5212771604A486BD3219734DC05BBB77C89B45305F44082AED84C3283FA6DDA4DC7EA

Uniqueness

Uniqueness Score: -1.00%

Function 0040CD30, Relevance: 9.1, APIs: 6, Instructions: 86COMMON

Download Yara Rule

APIs

CreateCompatibleDC.GDI32(00000000), ref: 0040CD55

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CompatibleCreate
String ID:
API String ID: 3111197059-0
Opcode ID: 6169b2740d3f06187fa953c7e38fe302e480205a9c22bb4ec4c8be0e0acd53f2
Instruction ID: 22503f4b7a0391a4a70ac802c42b5746ffbb032513b054cddc2e54bdced01240
Opcode Fuzzy Hash: 6169b2740d3f06187fa953c7e38fe302e480205a9c22bb4ec4c8be0e0acd53f2
Instruction Fuzzy Hash: 2621B336600612DBD710AB65FC849AF77A8FF50621F40023AFC45D2A40EB39A91DA7E6

Uniqueness

Uniqueness Score: -1.00%

Function 0049CAD0, Relevance: 9.1, APIs: 6, Instructions: 80windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(00000000), ref: 0049CAF1
GetMenuItemCount.USER32 ref: 0049CAFA
GetMenuStringA.USER32(00000000,?,?,00000050,00000400), ref: 0049CB19
GetSubMenu.USER32 ref: 0049CB34
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000050), ref: 0049CB68
AppendMenuA.USER32 ref: 0049CB81

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Menu$AppendByteCharCountItemMultiStringWide
String ID:
API String ID: 1809821412-0
Opcode ID: 672fc4e679e02c4fb9f4918e22c5fa51f9da03895d11462c209dc6b035020bdb
Instruction ID: df87517fdf1cefd0481bf49cc68f4e0fb283313c567d9c9e93b254f39de722d5
Opcode Fuzzy Hash: 672fc4e679e02c4fb9f4918e22c5fa51f9da03895d11462c209dc6b035020bdb
Instruction Fuzzy Hash: C621C1B1504310AFE320DB24DC8AFAF7FE8EB84711F040919FA4497190D779D509DB65

Uniqueness

Uniqueness Score: -1.00%

Function 004D1020, Relevance: 9.1, APIs: 6, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

GlobalFlags.KERNEL32(00402884), ref: 004D1030
GlobalLock.KERNEL32 ref: 004D1039
GlobalFree.KERNEL32 ref: 004D105C
GlobalReAlloc.KERNEL32 ref: 004D1077
GlobalSize.KERNEL32(00402884), ref: 004D1080
GlobalUnlock.KERNEL32(00402884,?,00402884,00000000,?), ref: 004D10DE

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$AllocFlagsFreeLockSizeUnlock
String ID:
API String ID: 588873005-0
Opcode ID: 969a8e3dec74d8eeab47338f3459361981ed02928c265b2ad73bf6f1b6ae0bed
Instruction ID: 74c8c37ef7a59d97c2079f9c726f1ffbd1a46a501e2f69d32f3ea529a68ef0b9
Opcode Fuzzy Hash: 969a8e3dec74d8eeab47338f3459361981ed02928c265b2ad73bf6f1b6ae0bed
Instruction Fuzzy Hash: 0A118C32B006517BF33226546C21B6F7389DF91741F140027FE45D6BE1D66C5C4583AE

Uniqueness

Uniqueness Score: -1.00%

Function 00405D10, Relevance: 9.1, APIs: 6, Instructions: 76COMMON

Download Yara Rule

APIs

SelectObject.GDI32(?,?), ref: 00405D21
MoveToEx.GDI32(?,?,?,00000000), ref: 00405D6B
LineTo.GDI32(?,?,?), ref: 00405D78
MoveToEx.GDI32(?,?,?,00000000), ref: 00405D9F
LineTo.GDI32(?,?,?), ref: 00405DA8
SelectObject.GDI32(?,?), ref: 00405DBA

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: LineMoveObjectSelect
String ID:
API String ID: 875268534-0
Opcode ID: 374cadc9b1ea406ca328d5ff2e4ef5ab3b4e1e7e88ee664344bde4ed2fdae295
Instruction ID: 84a21ab8d91ae936c61fe20e4a4d730d765710271139880d84dd9c477e409384
Opcode Fuzzy Hash: 374cadc9b1ea406ca328d5ff2e4ef5ab3b4e1e7e88ee664344bde4ed2fdae295
Instruction Fuzzy Hash: 6A214571105705AFD300EF58CD8896BBBE8FF89308F40082EF585C2211C734ED0A8BA6

Uniqueness

Uniqueness Score: -1.00%

Function 00405DD0, Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

SelectObject.GDI32(?,?), ref: 00405DE1
MoveToEx.GDI32(?,00000000,?,00000000), ref: 00405E14
LineTo.GDI32(?,?,00000000), ref: 00405E27
MoveToEx.GDI32(?,?,?,00000000), ref: 00405E43
LineTo.GDI32(?,?,?), ref: 00405E56
SelectObject.GDI32(?,?), ref: 00405E68

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: LineMoveObjectSelect
String ID:
API String ID: 875268534-0
Opcode ID: 149fbb8a293cde8501d1c5380573dc0842d604cf80a24b7cf934eaf5ebd73244
Instruction ID: 8f2bc8bbd00c1e51b624907edf7c9f9605ceb6a70d950b70a9fdd56643e1796b
Opcode Fuzzy Hash: 149fbb8a293cde8501d1c5380573dc0842d604cf80a24b7cf934eaf5ebd73244
Instruction Fuzzy Hash: 91214A70104A19AFC310DF68D888D6BBBECEB99304F40052DF445D6211D735EA0ACFA6

Uniqueness

Uniqueness Score: -1.00%

Function 004BDDC0, Relevance: 9.1, APIs: 6, Instructions: 59COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00400000,00000064,0000000A), ref: 004BDDED
LoadResource.KERNEL32(00400000,00000000,?,?,?,00477DD9), ref: 004BDE00
LockResource.KERNEL32(00000000,?,?,?,00477DD9), ref: 004BDE0E
FindResourceA.KERNEL32(00400000,00000065,0000000A), ref: 004BDE32
LoadResource.KERNEL32(00400000,00000000,?,?,?,00477DD9), ref: 004BDE3F
LockResource.KERNEL32(00000000,?,?,?,00477DD9), ref: 004BDE47

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Resource$FindLoadLock
String ID:
API String ID: 2752051264-0
Opcode ID: d73b6a9748def842a5f0266925e70dce22d142f26a54c7cdc0638606b2d8382f
Instruction ID: d39d8a829e28facb2541ac2bd8cc259481a49d3f5b285f4f45c2c3a21209162c
Opcode Fuzzy Hash: d73b6a9748def842a5f0266925e70dce22d142f26a54c7cdc0638606b2d8382f
Instruction Fuzzy Hash: 0911FBB5A00711EFE710DFA9AC58B9A3BB8F778711F080466E604D72A0D7799848EF61

Uniqueness

Uniqueness Score: -1.00%

Function 004CDC50, Relevance: 9.0, APIs: 6, Instructions: 32COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 004CDC61
GetTickCount.KERNEL32 ref: 004CDC79
EnableWindow.USER32(00000000,00000001), ref: 004CDC93
DestroyWindow.USER32(00000000,?,?,00493AB5), ref: 004CDCA0
LoadCursorA.USER32 ref: 004CDCB7
SetCursor.USER32(00000000,?,?,00493AB5), ref: 004CDCBE

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CountCursorTickWindow$DestroyEnableLoad
String ID:
API String ID: 3322292241-0
Opcode ID: 79702795b54f369e1e6da5579a3743ca05bca7e75a3cbbf8ced42f97a5d0004d
Instruction ID: 233316d2243376a3483156772a66798096e35325997d3542e1bcfd93313da0e2
Opcode Fuzzy Hash: 79702795b54f369e1e6da5579a3743ca05bca7e75a3cbbf8ced42f97a5d0004d
Instruction Fuzzy Hash: 97F09A356043009BE725DB24FD49B9D3375FB71301F11443AEA0AD76A0CBB8780AEB49

Uniqueness

Uniqueness Score: -1.00%

Function 0047D710, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 193COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 0047D7F5
GlobalLock.KERNEL32 ref: 0047D813

Strings

5, xrefs: 0047D8BB

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: GlobalLock
String ID: 5
API String ID: 2848605275-2226203566
Opcode ID: 35125f29e63a9b921ede572b2b41e5ea26561d8b4b8399311c1234e91beb7102
Instruction ID: 8a77f55840b8dc0448bbcb0760ceff08e70f98dcd157b859da4f70352a79dbae
Opcode Fuzzy Hash: 35125f29e63a9b921ede572b2b41e5ea26561d8b4b8399311c1234e91beb7102
Instruction Fuzzy Hash: F361E6B19083059FC714DF54C880AABBBF4EF89314F04895EF89997341D739E949CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004A13F0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

Part of subcall function 004A4C40: GlobalLock.KERNEL32 ref: 004A4C54

GlobalLock.KERNEL32 ref: 004A147E
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?), ref: 004A1490
GlobalLock.KERNEL32 ref: 004A154D

Part of subcall function 004728D0: GetWindowOrgEx.GDI32(00000000,00000000,004A1431,00000000,?,?,?), ref: 004728DD

GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 004A15EC

Part of subcall function 004A4CB0: lstrcpyA.KERNEL32 ref: 004A4D01
Part of subcall function 004A4CB0: lstrcpyA.KERNEL32(?,WIN), ref: 004A4D0D
Part of subcall function 004A4CB0: lstrcpyA.KERNEL32(?,001), ref: 004A4D19
Part of subcall function 004A4CB0: GlobalLock.KERNEL32 ref: 004A4D64
Part of subcall function 004A4CB0: GlobalUnlock.KERNEL32(?), ref: 004A4D80

Part of subcall function 00484210: GlobalFree.KERNELBASE ref: 00484219

Strings

pigdraw, xrefs: 004A1464

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$Lock$Unlocklstrcpy$FreeWindow
String ID: pigdraw
API String ID: 124644654-609982601
Opcode ID: b8dbb6e76fc8bdb63af095a03a9de0d07f1b82cfe0f15ed8667b4ddda065671b
Instruction ID: ff7bf7e75748bcd144731ec5effcd36935854c93e60cef782f2344766891575d
Opcode Fuzzy Hash: b8dbb6e76fc8bdb63af095a03a9de0d07f1b82cfe0f15ed8667b4ddda065671b
Instruction Fuzzy Hash: F06128B4A047019FD724DF69D984B9BB7E4BFA9304F004A2EE48D87311E779E908CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0046D8D0, Relevance: 8.9, APIs: 7, Instructions: 157stringCOMMON

Download Yara Rule

APIs

lstrcpynA.KERNEL32(?,?,?,00000000), ref: 0046D925
lstrcpynA.KERNEL32(?,00000000,00000000), ref: 0046D96E
lstrcpynA.KERNEL32(?,?,?), ref: 0046DA1B
lstrcpynA.KERNEL32(?,?,?), ref: 0046DA2C

Part of subcall function 004C1610: lstrlenA.KERNEL32(0042B0F3,?,?,00430407,?,0042B0F3,00430407,0050214C,?,?,00430407,?,?,0000019A,?), ref: 004C161B
Part of subcall function 004C1610: lstrlenA.KERNEL32(?,?,?,00430407,?,0042B0F3,00430407,0050214C,?,?,00430407,?,?,0000019A,?), ref: 004C162C

Part of subcall function 0046DB90: lstrcmpiA.KERNEL32(00000000,00502C90,00000000), ref: 0046DBC4
Part of subcall function 0046DB90: lstrcmpiA.KERNEL32(00000000,00502CE0), ref: 0046DBD0
Part of subcall function 0046DB90: lstrcpynA.KERNEL32(?,?,?), ref: 0046DBE7

lstrcmpiA.KERNEL32(?,?), ref: 0046DAA2
lstrcpynA.KERNEL32(?,?,?), ref: 0046DAB2
lstrcpynA.KERNEL32(?,?,?,?,?,00000004,00000000,00000000), ref: 0046DAC6

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrcpyn$lstrcmpi$lstrlen
String ID:
API String ID: 1004446819-0
Opcode ID: a5865efca11430c6704984ca2ae50994438295984f9abb8d41ebbc6671b9cc01
Instruction ID: d9680198c8e1abc2211d8574246aa3b414f1effc5f2349f14cd77eea6d0a31d7
Opcode Fuzzy Hash: a5865efca11430c6704984ca2ae50994438295984f9abb8d41ebbc6671b9cc01
Instruction Fuzzy Hash: A4514171F09345ABD731DB95DC88EAB77ACEB98704F04082DF94997201E678EA08C767

Uniqueness

Uniqueness Score: -1.00%

Function 00468D60, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001,00000000,00000000,?,?), ref: 00468D83
SetErrorMode.KERNEL32(?), ref: 00468E85

Strings

0bt@Mt, xrefs: 00468D83, 00468E85

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorMode
String ID: 0bt@Mt
API String ID: 2340568224-2323819115
Opcode ID: ceb58ab69ed90301b48049df23177ae862b800a1bc7191c4c5818274269ce2e6
Instruction ID: dc8f56ee858837bff352f9a3515d7ac67561a261b270d2e06af6a2fa6f840f01
Opcode Fuzzy Hash: ceb58ab69ed90301b48049df23177ae862b800a1bc7191c4c5818274269ce2e6
Instruction Fuzzy Hash: 2F31DD70608345AFDB10DF60E844B6F7BA4AFA4704F04462EF88597342FB399948CBA7

Uniqueness

Uniqueness Score: -1.00%

Function 004D0E90, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

Part of subcall function 004D0010: lstrcmpiA.KERNEL32(004D038A,00504568,?,?,?,00000029,74E45410,?,00000000,?,?,?,004D03D0,?,?,00000000), ref: 004D005A

FindResourceA.KERNEL32(?,?,DLL_HEADER), ref: 004D0EDC
LoadResource.KERNEL32(00000000,00000000,?,?,DLL_HEADER,?,?,?,?,?), ref: 004D0EEE
LockResource.KERNEL32(00000000,?,?,DLL_HEADER,?,?,?,?,?), ref: 004D0EFF
FreeResource.KERNEL32(00000000,?,?,DLL_HEADER,?,?,?,?,?), ref: 004D0F9A

Strings

DLL_HEADER, xrefs: 004D0ECF

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Resource$FindFreeLoadLocklstrcmpi
String ID: DLL_HEADER
API String ID: 3259922783-3365584807
Opcode ID: 2a821e1117159aa8c69555f67e835c68888d994a2bedcb4e68badfd6b71099f3
Instruction ID: 65530eacf3394b27c9ae07af225353b3bbad883a4ef535d5ecfd309805077722
Opcode Fuzzy Hash: 2a821e1117159aa8c69555f67e835c68888d994a2bedcb4e68badfd6b71099f3
Instruction Fuzzy Hash: FF315CB5604302AFD724DFA9DC15A6BB7E8AB94744F14082FF88583341EBB8D844CB67

Uniqueness

Uniqueness Score: -1.00%

Function 0041C000, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 0041C02D
CharNextA.USER32(00501F70), ref: 0041C0AC
CharNextA.USER32(00501F70), ref: 0041C105
GlobalUnlock.KERNEL32(00000020), ref: 0041C145

Strings

, xrefs: 0041C000

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CharGlobalNext$LockUnlock
String ID:
API String ID: 657577100-3916222277
Opcode ID: b00bc2184c8650edf24efe57376024a2490a0dc9aef6e39b4f6fd5f158a3182c
Instruction ID: 76999ccd9908fcbe704691df34a8b919956feb749a81c9bc0890b1831b061e37
Opcode Fuzzy Hash: b00bc2184c8650edf24efe57376024a2490a0dc9aef6e39b4f6fd5f158a3182c
Instruction Fuzzy Hash: AF31D474588B419AD320DB74ED853AF3BE4EB26744F04041AF48182392D7B898C9DBBF

Uniqueness

Uniqueness Score: -1.00%

Function 004A8DF0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

GetProfileStringA.KERNEL32(windows,device,005010AC,?,00000050), ref: 004A8E31
CharNextA.USER32(?), ref: 004A8E64
CharNextA.USER32(?), ref: 004A8E74

Strings

device, xrefs: 004A8E27
windows, xrefs: 004A8E2C

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CharNext$ProfileString
String ID: device$windows
API String ID: 3546236467-2557202880
Opcode ID: 4d4b2f3e129b0bb119c84b3467422e39b2446a3fe0cc4124e80b5f7f1a6c2f81
Instruction ID: f0dd96ae4c99d30fe814e07680cb995cc8e44c7246551b304746678e88e6ab84
Opcode Fuzzy Hash: 4d4b2f3e129b0bb119c84b3467422e39b2446a3fe0cc4124e80b5f7f1a6c2f81
Instruction Fuzzy Hash: 442187A1904781DFE3319B249C45B2B7BD8EBB2701F08085EE990D7391DB79DC04C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 004681E0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78fileCOMMON

Download Yara Rule

APIs

GetTempFileNameA.KERNEL32(?,untit,00000001,?), ref: 00468235
CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000001,04000080,00000000), ref: 00468257
GetLastError.KERNEL32 ref: 0046825E

Strings

untit, xrefs: 0046822F

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: File$CreateErrorLastNameTemp
String ID: untit
API String ID: 425402705-2621881813
Opcode ID: 10f96bcc290336b6fdff618e040d2c50791fafd95507930e1f18bfb65a089857
Instruction ID: 5e04f5aba0782394c2ec07e6573e23f16d92db9b18e82f6d2bf2de84e187c9bc
Opcode Fuzzy Hash: 10f96bcc290336b6fdff618e040d2c50791fafd95507930e1f18bfb65a089857
Instruction Fuzzy Hash: 5911E67274060816EB309675BC89FFB7348DB95364F440A6FEA54C2680FE6ED84D82A6

Uniqueness

Uniqueness Score: -1.00%

Function 004E1675, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 52COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004E16D0
GlobalUnlock.KERNEL32(00000000), ref: 004E172D

Strings

&, xrefs: 004E16E3
@, xrefs: 004E167C
(, xrefs: 004E1675

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID: &$($@
API String ID: 2502338518-379167422
Opcode ID: 0072772c5367045cb78fe6858ec609bfc9a05351ed2475f94014427654365d35
Instruction ID: d70e10bc3daa9d504209ffec6f50fca50689eabbdf3697aaf5559a6028de14e4
Opcode Fuzzy Hash: 0072772c5367045cb78fe6858ec609bfc9a05351ed2475f94014427654365d35
Instruction Fuzzy Hash: DD119F75A40258DFCB50CFA9D888BEEB7F4FB0831AF1440A6E409EB361C338A945DB14

Uniqueness

Uniqueness Score: -1.00%

Function 004CD6D0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38registryCOMMON

Download Yara Rule

APIs

GetClassInfoA.USER32 ref: 004CD6EF
LoadCursorA.USER32 ref: 004CD72F
RegisterClassA.USER32 ref: 004CD75C

Strings

ThermometerClass, xrefs: 004CD6E9
DP, xrefs: 004CD745

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Class$CursorInfoLoadRegister
String ID: ThermometerClass$DP
API String ID: 1200866038-1621302580
Opcode ID: 569adc0bfa5c31259b6f3991a2f21e4a3712a1385cc8fa44c2ddc9e2455e6374
Instruction ID: a9651b0d78cc339af815d0b3c8f883133c0a0ff07887b79f73c60a69a429983d
Opcode Fuzzy Hash: 569adc0bfa5c31259b6f3991a2f21e4a3712a1385cc8fa44c2ddc9e2455e6374
Instruction Fuzzy Hash: AE0108B44193109FD310DF15D848B5F7BE4FB98704F40891EF88887290D3B89548DF92

Uniqueness

Uniqueness Score: -1.00%

Function 004782E0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 24stringCOMMON

Download Yara Rule

APIs

GetProfileStringA.KERNEL32(intl,sLongDate,dddd, MMMM d, yyyy,?,00000064), ref: 004782FA
lstrlenA.KERNEL32(?), ref: 0047831D

Strings

dddd, MMMM d, yyyy, xrefs: 004782EB
sLongDate, xrefs: 004782F0
intl, xrefs: 004782F5

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ProfileStringlstrlen
String ID: dddd, MMMM d, yyyy$intl$sLongDate
API String ID: 1372419434-3278660725
Opcode ID: 91a5b3417030feb3aa1a7c445de6e9dec11c112e561877ac63c0fd82d7ef5f2c
Instruction ID: d6c631a1517f93d95869e2b0fd519ac022a7d386bea2f1d9dd425b271a3d814b
Opcode Fuzzy Hash: 91a5b3417030feb3aa1a7c445de6e9dec11c112e561877ac63c0fd82d7ef5f2c
Instruction Fuzzy Hash: E6E0DF71548B01BBD320A7149C4ACBFBBF8FF98B44F04490CFA4893190D631A9098BA7

Uniqueness

Uniqueness Score: -1.00%

Function 004F9900, Relevance: 7.8, APIs: 5, Instructions: 298fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,?,00000005,?,00000005,00000080,00000000,?,?,00000001,00000000,00000000), ref: 004F9B4D
GetLastError.KERNEL32(?,?,00000001,00000000,00000000), ref: 004F9B56
GetFileType.KERNEL32(00000000,?,?,00000001,00000000,00000000), ref: 004F9B73
CloseHandle.KERNEL32(00000000,?,?,00000001,00000000,00000000), ref: 004F9B7E
GetLastError.KERNEL32(?,?,00000001,00000000,00000000), ref: 004F9B84

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorFileLast$CloseCreateHandleType
String ID:
API String ID: 2834158390-0
Opcode ID: 3398c5bfe0b2e7908951fb1b84c592592d2cec3516dee7758de3f1ea1eb1bdc8
Instruction ID: 70b6ee9d3d207913f2772f42e66ca3c00d830077897199cdb71b742b1038a777
Opcode Fuzzy Hash: 3398c5bfe0b2e7908951fb1b84c592592d2cec3516dee7758de3f1ea1eb1bdc8
Instruction Fuzzy Hash: 16915672A046484AE7209E2CEC4577B3790A781334F58062FFB64863D1D77D8D4D9B9B

Uniqueness

Uniqueness Score: -1.00%

Function 004F92F0, Relevance: 7.7, APIs: 5, Instructions: 240COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(00000000,00000220,?,?,?,?,00000000,?,00000000,?,0050CBA8,00000000,00505030,Pacific Standard Time,00000040), ref: 004F9364

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: 528b7f4f26a36d0a2cbfde58874fe014c21296925b6d1af98f418e3e6fd40674
Instruction ID: c9f2f9e058fb45eda5e456fa610257ab458241694464385ccf235565a5a8f011
Opcode Fuzzy Hash: 528b7f4f26a36d0a2cbfde58874fe014c21296925b6d1af98f418e3e6fd40674
Instruction Fuzzy Hash: D261F93370430C9BDB209A59BC447BBB394E7D5732F98053BEB4486280E66E9C4DD675

Uniqueness

Uniqueness Score: -1.00%

Function 00410EB0, Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 232stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00428720: lstrlenA.KERNEL32(?,?,?,00000000,00495904,?,?), ref: 00428739

lstrcpyA.KERNEL32(?,00501CFC), ref: 004110CA

Strings

%02d:%02d:%02d, xrefs: 00410F22
%ld, xrefs: 004110E5
%.1lf, xrefs: 00411115
%02d/%02d/%02d, xrefs: 00410EFF

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrcpylstrlen
String ID: %.1lf$%02d/%02d/%02d$%02d:%02d:%02d$%ld
API String ID: 2001356338-1251084202
Opcode ID: c5feb04727b6df1a075bbbef608824fb609fc2c50dc2735fee1b11252c3a6bfe
Instruction ID: 8bf50d58fb78fbd76170b9a6eba0c0dbccdfd04c3cebb4b4571e45c3740ab603
Opcode Fuzzy Hash: c5feb04727b6df1a075bbbef608824fb609fc2c50dc2735fee1b11252c3a6bfe
Instruction Fuzzy Hash: 3C71C8B19443407BD610E721DC82EEF73ACAF94309F444C1EFA4992143EA79E659877B

Uniqueness

Uniqueness Score: -1.00%

Function 004E18C2, Relevance: 7.7, APIs: 5, Instructions: 226COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004E18DC
GlobalUnlock.KERNEL32(00000000), ref: 004E19A3
GlobalUnlock.KERNEL32(00000000), ref: 004E1A30
GlobalUnlock.KERNEL32(00000000), ref: 004E1BCB

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$Unlock$Lock
String ID:
API String ID: 2255763375-0
Opcode ID: fb87f14c709c9775119cdbd4d1443c3fa9c0607c75802439be5dab57a5c71549
Instruction ID: ac8926a78d10b02bf34a9569dafa12367763389c6d01c911e62b3b6ff74b2187
Opcode Fuzzy Hash: fb87f14c709c9775119cdbd4d1443c3fa9c0607c75802439be5dab57a5c71549
Instruction Fuzzy Hash: CFA1A374A40148EFCB14DB99C985EAEB7F4EF08306F250096E905EB362E779EE41DB14

Uniqueness

Uniqueness Score: -1.00%

Function 0043CE70, Relevance: 7.7, APIs: 5, Instructions: 218COMMON

Download Yara Rule

APIs

PtInRect.USER32(?,?,?), ref: 0043CF2A

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Rect
String ID:
API String ID: 400858303-0
Opcode ID: 530c544d155347bfbd969021287a355fd5ce5c6c2be7ba926096e60a3ef80d7e
Instruction ID: 62a79461d7d05883bd33bc993b6a3de34044dcb65de09f41770ed227201b98f2
Opcode Fuzzy Hash: 530c544d155347bfbd969021287a355fd5ce5c6c2be7ba926096e60a3ef80d7e
Instruction Fuzzy Hash: 0E714CB6604301AFC714DF19D8C1866F7F4FF88324B548A5EE9588B341E736E946CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00419C40, Relevance: 7.7, APIs: 5, Instructions: 171windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000018A,?,00000000), ref: 00419D3C
SendMessageA.USER32(?,00000189,?,?), ref: 00419D5C
SendMessageA.USER32(?,00000149,?,00000000), ref: 00419D9F
SendMessageA.USER32(?,00000148,?,?), ref: 00419DBF
DrawFocusRect.USER32 ref: 00419DFA

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: MessageSend$DrawFocusRect
String ID:
API String ID: 3567614836-0
Opcode ID: 2c0274b10eddc7ab68f584e67e28aae2de87716e507c3a3c769d85e4762b0d91
Instruction ID: a8050b14a1a6c3c44f1fd839d5479a26da3bc4e47f8a8d4e43b2828468e26cda
Opcode Fuzzy Hash: 2c0274b10eddc7ab68f584e67e28aae2de87716e507c3a3c769d85e4762b0d91
Instruction Fuzzy Hash: C16105B46087009FD324DF14D891AABF7F5FB88714F10892EE89A87350D779E889CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0046C040, Relevance: 7.6, APIs: 6, Instructions: 150stringCOMMON

Download Yara Rule

APIs

CharNextA.USER32(?,?,00000001), ref: 0046C0B8
CharNextA.USER32(00000000,?,00000001), ref: 0046C0CF
CharNextA.USER32(?), ref: 0046C10A
CharNextA.USER32(00000000), ref: 0046C16A
lstrlenA.KERNEL32(?), ref: 0046C17F
CharNextA.USER32(00000000), ref: 0046C121

Part of subcall function 0046B900: lstrcpynA.KERNEL32(?,?,?,00000000,74E06980,?,00000000,00000000,0046C1A8,?,00000001), ref: 0046B934

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CharNext$lstrcpynlstrlen
String ID:
API String ID: 1250307811-0
Opcode ID: 33bb48ac3bb5a5bae7b17bd614a07299aa1b6f244c75f165a5d38bcc43640ccb
Instruction ID: 8ded7c51f26398dd27620503454fe60d9e98e3989e9b116b274ddb78e891228a
Opcode Fuzzy Hash: 33bb48ac3bb5a5bae7b17bd614a07299aa1b6f244c75f165a5d38bcc43640ccb
Instruction Fuzzy Hash: A84194755043459BD320EF65D885ABBB7E8EF65304F04052FE98182212FBA8E94DCBE7

Uniqueness

Uniqueness Score: -1.00%

Function 004644B0, Relevance: 7.6, APIs: 5, Instructions: 133COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 00464584
GlobalLock.KERNEL32 ref: 0046459A
GlobalUnlock.KERNEL32(?), ref: 004645CA
GlobalUnlock.KERNEL32(?), ref: 004645F2

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID:
API String ID: 2502338518-0
Opcode ID: 797cee597aa2edb324e8d6510c37ddbd1dd5ea290830a7a105057886c625bf82
Instruction ID: 910961b3a2f4fbbedb449f4ead5bc1c6233a52aa30c451c717648a62e8d441a5
Opcode Fuzzy Hash: 797cee597aa2edb324e8d6510c37ddbd1dd5ea290830a7a105057886c625bf82
Instruction Fuzzy Hash: 9A41E6B56003016FD610EF64EC86F2F73A8DB84718F44082EF90597342FA7DE90987A6

Uniqueness

Uniqueness Score: -1.00%

Function 00419660, Relevance: 7.6, APIs: 5, Instructions: 80windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 00419664
GetParent.USER32(00000000), ref: 00419671
IsWindow.USER32(?), ref: 004196A0
SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00419718
SendMessageA.USER32(00000000,000000B7,00000000,00000000), ref: 0041972C

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: MessageSend$FocusParentWindow
String ID:
API String ID: 137916874-0
Opcode ID: 9a192d868f8f5f8ae5cc18dd47de557ca81fb00aa4bdd5bb1f37e6990a8c874e
Instruction ID: 03e4c065be6bc7e811069530cba3e65ed61dc4e3c04b3f859d73f035658b0fd9
Opcode Fuzzy Hash: 9a192d868f8f5f8ae5cc18dd47de557ca81fb00aa4bdd5bb1f37e6990a8c874e
Instruction Fuzzy Hash: E621F935514304E7D335ADA59CB4BBB72589F82750F190127E921873C1EA1DEC86526B

Uniqueness

Uniqueness Score: -1.00%

Function 004BC4B0, Relevance: 7.6, APIs: 5, Instructions: 75stringCOMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004BC50F
lstrlenA.KERNEL32(00000000), ref: 004BC518
CharNextA.USER32(00000000), ref: 004BC555
CharUpperA.USER32(00000000), ref: 004BC565
GlobalUnlock.KERNEL32(?), ref: 004BC57A

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CharGlobal$LockNextUnlockUpperlstrlen
String ID:
API String ID: 2437180478-0
Opcode ID: a9ee8c0ebe6d2e0657d675ca22beae56fa6659694e55de5af2094fdf1414f8cd
Instruction ID: d166b6ea12b652989a3351acf7dd5070160a038ba5efa2efb82309f426a5e95e
Opcode Fuzzy Hash: a9ee8c0ebe6d2e0657d675ca22beae56fa6659694e55de5af2094fdf1414f8cd
Instruction Fuzzy Hash: 9621B272904215ABC720DF64E849BAF77E8EF55315F04082AF84482211D338EA4C9BF7

Uniqueness

Uniqueness Score: -1.00%

Function 004A8420, Relevance: 7.6, APIs: 5, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateCompatibleDC.GDI32(00000000), ref: 004A8433
GetDC.USER32(00000000), ref: 004A844A
CreateCompatibleBitmap.GDI32(00000000,00000001,00000001), ref: 004A845B
SelectObject.GDI32(00000000,00000000), ref: 004A846C
ReleaseDC.USER32 ref: 004A8490

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CompatibleCreate$BitmapObjectReleaseSelect
String ID:
API String ID: 1548548725-0
Opcode ID: c759c0682925690926692932793d2bef79ecf6eed9af62dcca753a894b3f5e7d
Instruction ID: e722804f20cea995f73a815e6767bc3d1c8f835e8c185cd10f98abd79a2fb12b
Opcode Fuzzy Hash: c759c0682925690926692932793d2bef79ecf6eed9af62dcca753a894b3f5e7d
Instruction Fuzzy Hash: 99019271600201ABDB309F199C84B1BBBEDEFA9341F088066F904DB755EB74DC40C761

Uniqueness

Uniqueness Score: -1.00%

Function 004D1AD0, Relevance: 7.5, APIs: 5, Instructions: 49windowkeyboardCOMMON

Download Yara Rule

APIs

GetAsyncKeyState.USER32(00000003), ref: 004D1ADD
GetAsyncKeyState.USER32(00000011), ref: 004D1AE6
PeekMessageA.USER32(?,00000000,00000100,00000108,00000003), ref: 004D1B11
PeekMessageA.USER32(?,00000000,00000200,00000209,00000003), ref: 004D1B2A
PeekMessageA.USER32(?,00000000,000000A0,000000A9,00000003), ref: 004D1B43

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: MessagePeek$AsyncState
String ID:
API String ID: 3721173264-0
Opcode ID: 8ab9a9665e442cff378aa3298a7fb2fd118446a289073d1ddd5e6372ab997877
Instruction ID: 5585f72daac1f4d73abec241fe33bb4d9cc90fabd672479d8d47b4bdd690edac
Opcode Fuzzy Hash: 8ab9a9665e442cff378aa3298a7fb2fd118446a289073d1ddd5e6372ab997877
Instruction Fuzzy Hash: 0DF0AF36B8131A75F920A555CC22F8B2A5C4B50F84F410023BF40FB3E5E6D4EA4606E5

Uniqueness

Uniqueness Score: -1.00%

Function 00444580, Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

SaveDC.GDI32(?), ref: 0044458F
GetViewportOrgEx.GDI32(?,?), ref: 004445A4
SetViewportOrgEx.GDI32(?,00000000,00000000,00000000), ref: 004445B3
SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 004445D0
RestoreDC.GDI32(?), ref: 004445D7

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Viewport$RestoreSave
String ID:
API String ID: 1195723955-0
Opcode ID: b1615c919fb7750f4962508fc9ab4c665be41fb1e9de9da5ff2395af88a1dc7b
Instruction ID: a51eacc1f6a54e8ef10cb791d0a040ff8e89549e9570d8a24a96c7d9da6f9b84
Opcode Fuzzy Hash: b1615c919fb7750f4962508fc9ab4c665be41fb1e9de9da5ff2395af88a1dc7b
Instruction Fuzzy Hash: A8F044751402197FD210AB05EC46FAFB7ECFF86711F044124F94497240D725B91987BA

Uniqueness

Uniqueness Score: -1.00%

Function 004A8350, Relevance: 7.5, APIs: 5, Instructions: 43COMMON

Download Yara Rule

APIs

SetMapMode.GDI32(?,00000008), ref: 004A8359
SetViewportOrgEx.GDI32(?,?,5B5E5FC0,00000000), ref: 004A836D
SetViewportExtEx.GDI32(?,CCCCCCC3,5B5E5FC0,00000000), ref: 004A8383
SetWindowOrgEx.GDI32(?,?,?,00000000), ref: 004A8397
SetWindowExtEx.GDI32(?,?,?,00000000), ref: 004A83AD

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ViewportWindow$Mode
String ID:
API String ID: 1998588776-0
Opcode ID: eed66a468ec2b7463d6420dd82769d3ccff20cc976b891610a14578ff632d73d
Instruction ID: ec7babab8eaa20c8a71284a4add1ac0d34d851912fc21cf34253cc929c186426
Opcode Fuzzy Hash: eed66a468ec2b7463d6420dd82769d3ccff20cc976b891610a14578ff632d73d
Instruction Fuzzy Hash: 0D01C476200912BFD200CF98D988E5EB7A8FF49711F008209F518D7680D760B855CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 004180E0, Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(43100AEC), ref: 00418103
GetDC.USER32(00000000), ref: 00418115
GetNearestColor.GDI32(00000000,00FFFFFF,00000000), ref: 00418136
CreateSolidBrush.GDI32(00000000), ref: 00418142
ReleaseDC.USER32 ref: 00418150

Part of subcall function 004AFC80: IntersectRect.USER32 ref: 004AFC92

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: BrushColorCreateDeleteIntersectNearestObjectRectReleaseSolid
String ID:
API String ID: 35244661-0
Opcode ID: 79ea2fbb6fc753771323e7fb03bdd0b5767422885e782ce93fa6f5c1eec35a43
Instruction ID: a30ee054b89e721d1e07673f6441378e774f122fef75b01132c9796f3c7f2107
Opcode Fuzzy Hash: 79ea2fbb6fc753771323e7fb03bdd0b5767422885e782ce93fa6f5c1eec35a43
Instruction Fuzzy Hash: B8F03075941614ABF3306B60FD0AB9E3B6CFB25705F044525F800E52A1DBB49809A7AE

Uniqueness

Uniqueness Score: -1.00%

Function 004C09E0, Relevance: 7.5, APIs: 5, Instructions: 31COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000000), ref: 004C09E7
CreateSolidBrush.GDI32(00000000), ref: 004C09EE
ScrollDC.USER32 ref: 004C0A0F
FillRect.USER32 ref: 004C0A1C
DeleteObject.GDI32(00000000), ref: 004C0A23

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: BrushColorCreateDeleteFillObjectRectScrollSolid
String ID:
API String ID: 3054397147-0
Opcode ID: 81fe47a55e4b5a431d1d4bb9cc3bb5253c3b94b8f1e4f8a763c533de3357fa8a
Instruction ID: 67043d58cb003cf4c36ad34a0e9a510be968fc2e2cfbade75baa61c61e1648eb
Opcode Fuzzy Hash: 81fe47a55e4b5a431d1d4bb9cc3bb5253c3b94b8f1e4f8a763c533de3357fa8a
Instruction Fuzzy Hash: CFF03072104210BFE320AB54DC4DFAF7BACEFC9755F000569F649D2160D630E9099BB2

Uniqueness

Uniqueness Score: -1.00%

Function 004A9120, Relevance: 7.5, APIs: 5, Instructions: 31COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 004A9127
GetDeviceCaps.GDI32(00000000,0000000A), ref: 004A9138
GetDeviceCaps.GDI32(00000000,00000008), ref: 004A913E
SetRect.USER32 ref: 004A914A
ReleaseDC.USER32 ref: 004A9153

Part of subcall function 004A9170: GetDC.USER32(00000000), ref: 004A919A
Part of subcall function 004A9170: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 004A91B3
Part of subcall function 004A9170: CreateCompatibleDC.GDI32(00000000), ref: 004A91BE
Part of subcall function 004A9170: SelectObject.GDI32(00000000,?), ref: 004A91D0
Part of subcall function 004A9170: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,00CC0020), ref: 004A91F2
Part of subcall function 004A9170: SelectObject.GDI32(00000000,?), ref: 004A91FE
Part of subcall function 004A9170: DeleteDC.GDI32(00000000), ref: 004A9205
Part of subcall function 004A9170: DeleteObject.GDI32(?), ref: 004A9227
Part of subcall function 004A9170: ReleaseDC.USER32 ref: 004A9230

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Object$CapsCompatibleCreateDeleteDeviceReleaseSelect$BitmapRect
String ID:
API String ID: 2845615558-0
Opcode ID: 878c20dba162de00fc2670447cc81398c45687287615aafd0686b4901c284229
Instruction ID: 9739a21a7ed3b3631b30f39f932195ec61b677c4d6009e644cb7f469cfd0ff33
Opcode Fuzzy Hash: 878c20dba162de00fc2670447cc81398c45687287615aafd0686b4901c284229
Instruction Fuzzy Hash: FCE0657294021577E5606755AC0EFAF3E6CEBA5B21F440426F605D6090D5605408D7B2

Uniqueness

Uniqueness Score: -1.00%

Function 004E0000, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004E002D
GlobalLock.KERNEL32 ref: 004E00C5
GlobalUnlock.KERNEL32(?), ref: 004E010D

Strings

`nP, xrefs: 004E0113

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$Lock$Unlock
String ID: `nP
API String ID: 3931350280-662898159
Opcode ID: e7e0c1fe0252a7d1c656e8076615da9f424397eb19bf3e5f2d75fd9af9ac265a
Instruction ID: 9314552d2464167abe4e2e90d33fd767650d4a177e1476a6eccac6702bd58dd7
Opcode Fuzzy Hash: e7e0c1fe0252a7d1c656e8076615da9f424397eb19bf3e5f2d75fd9af9ac265a
Instruction Fuzzy Hash: 493119B5E00209DFDB00DFA9D849BAFB7F8EF08305F004466E415E7251D3799A84CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004244A0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004244AF

Part of subcall function 00484100: GlobalAlloc.KERNELBASE(?,i,L6}Gy&H,004AF11D,00000810,00000042,?,00000000,00000008,00000008,004C29D5,00000008,00000000,?,?), ref: 00484118

GlobalLock.KERNEL32 ref: 004244C6
GlobalUnlock.KERNEL32(00000000), ref: 00424553

Strings

O&B, xrefs: 00424538

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$Lock$AllocUnlock
String ID: O&B
API String ID: 3807335155-3750473847
Opcode ID: 85498c75875d5a1bd26970ebe09b6f054d8df5d4f872d00044f5dd77680d85a1
Instruction ID: a517fa93838cbfd7e6a8a0db38591cfcf751de7ae160a25bd60da58dd47916f2
Opcode Fuzzy Hash: 85498c75875d5a1bd26970ebe09b6f054d8df5d4f872d00044f5dd77680d85a1
Instruction Fuzzy Hash: 552162B5600615BFD710DF29AC41B6BB7E8FF48701F50842AF918CB241E774E950CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 004E164E, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004E16D0
GlobalUnlock.KERNEL32(00000000), ref: 004E172D

Strings

&, xrefs: 004E16E3
@, xrefs: 004E167C

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID: &$@
API String ID: 2502338518-1152729974
Opcode ID: 290e51559acf086129ac8d7de0cdf78076ffca344b82c53aca162ac41b36f99e
Instruction ID: a19b9728ed439ac797f93ca943e36c70f10c80e76b9dca071de6d24f94c931ef
Opcode Fuzzy Hash: 290e51559acf086129ac8d7de0cdf78076ffca344b82c53aca162ac41b36f99e
Instruction Fuzzy Hash: DE215075A40258DFCB50CFA9C888BEEB7F4FB08316F154466E819E7361D338A941DB15

Uniqueness

Uniqueness Score: -1.00%

Function 004E165F, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004E16D0
GlobalUnlock.KERNEL32(00000000), ref: 004E172D

Strings

&, xrefs: 004E16E3
@, xrefs: 004E167C

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID: &$@
API String ID: 2502338518-1152729974
Opcode ID: ec324e3ed7653d40e5a7b677bd0b52895de8a8d565a163dbb34aae6c3b0e6663
Instruction ID: d0c829c99373fe06753104136654bc166d0a8595cbeb9f7aad7243109b33b0fb
Opcode Fuzzy Hash: ec324e3ed7653d40e5a7b677bd0b52895de8a8d565a163dbb34aae6c3b0e6663
Instruction Fuzzy Hash: DF116275A40258DFCB50CFA9D889BAEB7F4FB08316F154466E409EB361C339A941DB14

Uniqueness

Uniqueness Score: -1.00%

Function 004E1670, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004E16D0
GlobalUnlock.KERNEL32(00000000), ref: 004E172D

Strings

&, xrefs: 004E16E3
@, xrefs: 004E167C

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID: &$@
API String ID: 2502338518-1152729974
Opcode ID: 794cbd8992cad34a6b3e3d0669b4cdc6372dd341c26c3feb5bd3551945619963
Instruction ID: d0c829c99373fe06753104136654bc166d0a8595cbeb9f7aad7243109b33b0fb
Opcode Fuzzy Hash: 794cbd8992cad34a6b3e3d0669b4cdc6372dd341c26c3feb5bd3551945619963
Instruction Fuzzy Hash: DF116275A40258DFCB50CFA9D889BAEB7F4FB08316F154466E409EB361C339A941DB14

Uniqueness

Uniqueness Score: -1.00%

Function 004D83A0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutA.USER32(?,0000004A,?,?,00000000,?), ref: 004D83FF
GetLastError.KERNEL32 ref: 004D8409

Strings

x)m, xrefs: 004D83A4
9, xrefs: 004D8413

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastMessageSendTimeout
String ID: 9$x)m
API String ID: 1249123084-1759817317
Opcode ID: b651d8c2682c667833347d6204b036d99cf042202ecce982f17876b54e19754c
Instruction ID: 8492235de1174a1b2b09a9a428b432d55534084a756fc8cce3259d3466b0c225
Opcode Fuzzy Hash: b651d8c2682c667833347d6204b036d99cf042202ecce982f17876b54e19754c
Instruction Fuzzy Hash: CE0139752043069BD310DF08D844B6BB7E4FBD4715F00892EF95897341D375E9099BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00405C80, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40registryCOMMON

Download Yara Rule

APIs

GetClassInfoA.USER32 ref: 00405C94
LoadCursorA.USER32 ref: 00405CD5
RegisterClassA.USER32 ref: 00405CF4

Strings

BmpButt, xrefs: 00405C8E, 00405CEB

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Class$CursorInfoLoadRegister
String ID: BmpButt
API String ID: 1200866038-2086433983
Opcode ID: 1647f6ed1f9c76f21ea48bfc52139b9a4d59a59a1a447d9ea26f777a8bd2f75b
Instruction ID: 61078557bd430e1454ff7d3aca8465cde84b0c0117b52509cfdffea20fdf5d40
Opcode Fuzzy Hash: 1647f6ed1f9c76f21ea48bfc52139b9a4d59a59a1a447d9ea26f777a8bd2f75b
Instruction Fuzzy Hash: EF011A755083019FD3109F1AD84469FBFE8FFD8714F80492EF884D6250D3B895898B96

Uniqueness

Uniqueness Score: -1.00%

Function 004F1B00, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(KERNEL32,004EEE6A), ref: 004F1B05
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 004F1B15

Strings

IsProcessorFeaturePresent, xrefs: 004F1B0F
KERNEL32, xrefs: 004F1B00

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: c0dd50d4814c2da9a36f5b8dcf02b88fb43ce4f8118577f24f3862cc1a8890ea
Instruction ID: 7f2d057f1036fddc1fc1d9521c28613a24cb4820c5fc72590a9d2b3fe0761f26
Opcode Fuzzy Hash: c0dd50d4814c2da9a36f5b8dcf02b88fb43ce4f8118577f24f3862cc1a8890ea
Instruction Fuzzy Hash: D9F09A70608346E7E7006F60D90836BBAE4FFD0741F61C95DF1D8812A0CBBAC0A88706

Uniqueness

Uniqueness Score: -1.00%

Function 00420800, Relevance: 6.6, APIs: 5, Instructions: 334COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 004208B2
CharNextA.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00420A27
CharNextA.USER32(00000000,?,?,00000000,?,?), ref: 00420A54

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CharNext
String ID:
API String ID: 3213498283-0
Opcode ID: 9b04d5c3facb55d6b2d78e89f97a7c389ed8806b0e39d1a55a2a77abfda92f46
Instruction ID: 1e864100e7c68d05d295ed97f8e502d450dc837989101e9721e0630e889808d1
Opcode Fuzzy Hash: 9b04d5c3facb55d6b2d78e89f97a7c389ed8806b0e39d1a55a2a77abfda92f46
Instruction Fuzzy Hash: 0EC1E0756483518FC724DF68D484AABB7E4EF98708F84091EF48583322D378DC85CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00420C20, Relevance: 6.6, APIs: 5, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7bc6da7a5dc69baf0b3d710d0e33965c31d57ad28a9e86c58dbf89dae045b5f
Instruction ID: c1f444c34b2490d0d94dc81027730d58473e9faa30a9bd59752f5abef079d545
Opcode Fuzzy Hash: b7bc6da7a5dc69baf0b3d710d0e33965c31d57ad28a9e86c58dbf89dae045b5f
Instruction Fuzzy Hash: 57B1D2746083118FC324DF65E99067BB7E4BB94748FC8081EF48493312D3B9D886DB6A

Uniqueness

Uniqueness Score: -1.00%

Function 004D0860, Relevance: 6.4, APIs: 4, Instructions: 447stringCOMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004D08CA
lstrlenA.KERNEL32(?), ref: 004D08EE

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: GlobalLocklstrlen
String ID:
API String ID: 1144527523-0
Opcode ID: 70b5d198a243581f4b537a520155e1e64c4600f0e5d02985f8da8c097fbcb097
Instruction ID: 0cd2f162c001579dc0571b4878b60c1497f44d873dc23b2e72aa538b2cf99393
Opcode Fuzzy Hash: 70b5d198a243581f4b537a520155e1e64c4600f0e5d02985f8da8c097fbcb097
Instruction Fuzzy Hash: 63F1BFB5D04208EFDF14DFE4E895BAEBBB5AF08304F14405BE805A7342E739A945CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004596A0, Relevance: 6.4, APIs: 4, Instructions: 416COMMON

Download Yara Rule

APIs

InflateRect.USER32(?,00000001,00000001), ref: 00459755
PtInRect.USER32(?,00000000,?), ref: 004597A1
UnionRect.USER32 ref: 0045999E

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Rect$InflateUnion
String ID:
API String ID: 1986070778-0
Opcode ID: b4bb542c990c7934d9cfbf42518c1d1e65a89860f1220c3b9ed80e9f4c3f1d3d
Instruction ID: 06b16204efeb3e17c97634a4b176c572360f30b145a3e897efc38e7cdb22f45b
Opcode Fuzzy Hash: b4bb542c990c7934d9cfbf42518c1d1e65a89860f1220c3b9ed80e9f4c3f1d3d
Instruction Fuzzy Hash: 13C1CAB6604204ABD704EB55EC81BAB73A8FB85319F44043EFD0486242E77EED5DC7A6

Uniqueness

Uniqueness Score: -1.00%

Function 004CCB40, Relevance: 6.4, APIs: 4, Instructions: 412COMMON

Download Yara Rule

APIs

PtInRect.USER32(?,00000000,?), ref: 004CCB9D
PtInRect.USER32(00000000,00000000,?), ref: 004CCC3D
IntersectRect.USER32 ref: 004CCCD1

Part of subcall function 0041B990: GlobalLock.KERNEL32 ref: 0041B997
Part of subcall function 0041B990: GlobalUnlock.KERNEL32(00000000), ref: 0041B9EE

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Rect$Global$IntersectLockUnlock
String ID:
API String ID: 1947620775-0
Opcode ID: 8f27589702de193ca4f916069ec7cfc5f2320b15edbf95804a37fb15cd31c0b4
Instruction ID: 0228b1dc1aa9e50a8380def61defcb80c500bbdc9b99ed487b25222789944833
Opcode Fuzzy Hash: 8f27589702de193ca4f916069ec7cfc5f2320b15edbf95804a37fb15cd31c0b4
Instruction Fuzzy Hash: C5D1F9BA6006016BD310DB58EC81F67B3A8EF88318F44492EF95983752E739F915CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00401A50, Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 327COMMON

Download Yara Rule

Strings

<null>, xrefs: 00401DAB
@tTt, xrefs: 00401DC1
<invalid>, xrefs: 00401DCB

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: @tTt$<invalid>$<null>
API String ID: 0-3264548974
Opcode ID: 36ae12857b967e0aafb8994a0daba209e0af3b29155f13048b23a88f2785711c
Instruction ID: 3411f2aa223237b4964126516c172ec2812e5204042877e8dfbdab0691cbaa84
Opcode Fuzzy Hash: 36ae12857b967e0aafb8994a0daba209e0af3b29155f13048b23a88f2785711c
Instruction Fuzzy Hash: 97C191709083418FD7108B28D84062B7BF5EF96358F14093AF981A72B2D77AE846CB5B

Uniqueness

Uniqueness Score: -1.00%

Function 004391D0, Relevance: 6.3, APIs: 4, Instructions: 256COMMON

Download Yara Rule

APIs

__ftol.LIBCMT ref: 00439265
__ftol.LIBCMT ref: 004393EE
__ftol.LIBCMT ref: 004394A0

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: __ftol
String ID:
API String ID: 495808979-0
Opcode ID: 0d12d80715cc6f233d95bae861828fe14b7482f429f37b134aa95daa9ed81258
Instruction ID: 6707b26e681beefd14442efe0430719d7a94a26e506fb5e03cf0f51a42bc3243
Opcode Fuzzy Hash: 0d12d80715cc6f233d95bae861828fe14b7482f429f37b134aa95daa9ed81258
Instruction Fuzzy Hash: DF7150B5A4020027EA10BB29BCC3F6B3358DB14755F44143EFD499B383E96DED5982BA

Uniqueness

Uniqueness Score: -1.00%

Function 004A0450, Relevance: 6.2, APIs: 4, Instructions: 236COMMON

Download Yara Rule

APIs

LoadCursorA.USER32 ref: 004A0462
SetCursor.USER32(00000000), ref: 004A0469

Part of subcall function 00455540: lstrlenA.KERNEL32(?,?,?,?,?,00000000,00000001,00000001), ref: 00455593
Part of subcall function 00455540: lstrlenA.KERNEL32(?,?,?,?,?,00000000,00000001,00000001), ref: 0045559C
Part of subcall function 00455540: lstrlenA.KERNEL32(?,?,?,?,?,00000000,00000001,00000001), ref: 004555A8
Part of subcall function 00455540: lstrlenA.KERNEL32(?,?,?,?,?,00000000,00000001,00000001), ref: 004555D6

LoadCursorA.USER32 ref: 004A0707
SetCursor.USER32(00000000), ref: 004A070E

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Cursorlstrlen$Load
String ID:
API String ID: 2137451170-0
Opcode ID: cfe2748ef4793ac020c6346f76bba0435664eda9fe36c7908026de5bf17e21e3
Instruction ID: 6135db1252ab88bae79463184155fe7eb92bc2b9f8f7e513c24ca6d51eeb5a8b
Opcode Fuzzy Hash: cfe2748ef4793ac020c6346f76bba0435664eda9fe36c7908026de5bf17e21e3
Instruction Fuzzy Hash: C9713CB9D003015BE710AB75AD5AB6F32599BB531CF04052EF90A87343FA7DD908C76A

Uniqueness

Uniqueness Score: -1.00%

Function 004117F0, Relevance: 6.2, APIs: 4, Instructions: 209COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 0041185E
GlobalUnlock.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00411889

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID:
API String ID: 2502338518-0
Opcode ID: 66e46e76a0f1eaea0c3d7fbfcce3d58384bdfb6783ca365c38eed1681efef100
Instruction ID: fb2e2d154e3c41f53498eb29ef995093f2dc84e32d773b2c6582bcad804f642f
Opcode Fuzzy Hash: 66e46e76a0f1eaea0c3d7fbfcce3d58384bdfb6783ca365c38eed1681efef100
Instruction Fuzzy Hash: D15106727142415BD320DF6CAC856AF7799EB90314F08493FFA96C3311E229E95CC7A6

Uniqueness

Uniqueness Score: -1.00%

Function 00409750, Relevance: 6.2, APIs: 4, Instructions: 201COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 0040975A
UnionRect.USER32 ref: 004098DB
UnionRect.USER32 ref: 0040991F
ReleaseDC.USER32 ref: 0040994C

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: RectUnion$Release
String ID:
API String ID: 1340391927-0
Opcode ID: 6b515eae2058f3d84513cc14e6db7fbd62ca91d42c4f2c4f6beb7edb6afb4940
Instruction ID: 25cafa2b84518247114b759ee7022169c5196ef2672db94d91fcaf4ea308d037
Opcode Fuzzy Hash: 6b515eae2058f3d84513cc14e6db7fbd62ca91d42c4f2c4f6beb7edb6afb4940
Instruction Fuzzy Hash: 0371F1B2518345AFC314DF55C880DABF7E8FB88304F148A2EF58987251E635E909CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00429A70, Relevance: 6.2, APIs: 4, Instructions: 186stringCOMMON

Download Yara Rule

APIs

lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,00000000), ref: 00429B28
GlobalLock.KERNEL32 ref: 00429B8B
GlobalUnlock.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00429C62

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlocklstrcat
String ID:
API String ID: 4171427385-0
Opcode ID: 7d4a569e79bf1b2aa1fe97c081d1f252fe51737e7284a23c9c56c331acaef284
Instruction ID: 121397b89972a4d05802fd89292a1539843ba12171a063febc8efa60fd2abf90
Opcode Fuzzy Hash: 7d4a569e79bf1b2aa1fe97c081d1f252fe51737e7284a23c9c56c331acaef284
Instruction Fuzzy Hash: 5051E4B1A043404BDB14EF24FC81A6BB794BB84309F84456EFD498B302D639E949C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 004E082E, Relevance: 6.2, APIs: 4, Instructions: 176COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004E094D
GlobalUnlock.KERNEL32(00000000), ref: 004E0BBC

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID:
API String ID: 2502338518-0
Opcode ID: 803e9e9f3b2091d6e87a114c68142a863089bd0192ebc40b75f67c8dcbbb6406
Instruction ID: 2283590b79cdc3710dcddb11d285e097156effb7c5091b10c20af82e1da9b67c
Opcode Fuzzy Hash: 803e9e9f3b2091d6e87a114c68142a863089bd0192ebc40b75f67c8dcbbb6406
Instruction Fuzzy Hash: AE71D874A002489FDB10DFA9C485BAEB7B4FF48315F14806AEC29EB352D775E986CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00471230, Relevance: 6.2, APIs: 4, Instructions: 158COMMON

Download Yara Rule

APIs

InflateRect.USER32(?,000000FF,000000FF), ref: 0047127F

Part of subcall function 00471230: InflateRect.USER32(?,00000001,00000001), ref: 004712BF

RoundRect.GDI32(?,?,?,?,?,?,?), ref: 00471368
RoundRect.GDI32(?,?,?,?,?,?,?), ref: 004713B4

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Rect$InflateRound
String ID:
API String ID: 2416914884-0
Opcode ID: 8dc96bf011528d10364ddb9742046f0fe9bf420abbfade4e69a35de18126e62a
Instruction ID: 49dad96ad73fcbd79d03b38549117419799bbf35f975e6b4088b4ae784dc830b
Opcode Fuzzy Hash: 8dc96bf011528d10364ddb9742046f0fe9bf420abbfade4e69a35de18126e62a
Instruction Fuzzy Hash: BC518AB2108200BFD264EB08DD45DABB7FCEFC9714F40890DF98983251E669E985C7B6

Uniqueness

Uniqueness Score: -1.00%

Function 00430640, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 147stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?), ref: 00430658
lstrlenA.KERNEL32(?), ref: 004306EC

Strings

\, xrefs: 0043078D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrlen
String ID: \
API String ID: 1659193697-2967466578
Opcode ID: ab50a28cc63552c077c7b82bdb9cef4485396bf8693836c58e09695f8ef3eab5
Instruction ID: f04ebfdd09612c43c41212dac8d6878b8a94d2eae1be52a3fff5870b01d83e0e
Opcode Fuzzy Hash: ab50a28cc63552c077c7b82bdb9cef4485396bf8693836c58e09695f8ef3eab5
Instruction Fuzzy Hash: AF51CE701083869FD724DF29D460BABB7E4EF89704F441A5EF88183251D738E949CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 004710A0, Relevance: 6.1, APIs: 4, Instructions: 142COMMON

Download Yara Rule

APIs

InflateRect.USER32(?,000000FF,000000FF), ref: 004710EF

Part of subcall function 004710A0: InflateRect.USER32(?,00000001,00000001), ref: 00471125

Ellipse.GDI32(?,?,?,?,?), ref: 004711BA
Ellipse.GDI32(?,?,?,?,?), ref: 004711FC

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: EllipseInflateRect
String ID:
API String ID: 940095530-0
Opcode ID: 55358e00d35ee5e63e5e6a4f7cc1c33638b41e7f3156136f47c3562f70a787f1
Instruction ID: 954848a3565dcdc981db538fa24e4b4b69c1d294df2d41c2defe045865d82294
Opcode Fuzzy Hash: 55358e00d35ee5e63e5e6a4f7cc1c33638b41e7f3156136f47c3562f70a787f1
Instruction Fuzzy Hash: 1B418C71508344BBD220EB18DC45CBBB7FCEF89318F84890DF99853251D769EA49C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 004300A0, Relevance: 6.1, APIs: 4, Instructions: 136stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?), ref: 00430148

Part of subcall function 00461570: GlobalUnlock.KERNEL32(?,?,00000000,00000000,?,0047DAE6,?,005010AC,00000001,?,?,?,00000000), ref: 0046158E

GlobalLock.KERNEL32 ref: 0043017E
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004301A4
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004301BA

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$Unlocklstrlen$Lock
String ID:
API String ID: 3415593060-0
Opcode ID: c8273cf77fd9a65fedd3210be635946daed10e66cd1960a5575a9507bd0a8450
Instruction ID: 77dce1975c697699e416704a6e157e61fc04063bd1ed212857ce5f03b9759ede
Opcode Fuzzy Hash: c8273cf77fd9a65fedd3210be635946daed10e66cd1960a5575a9507bd0a8450
Instruction Fuzzy Hash: 7941B8B25043016BD214EB55EC56D6FB3ECAFD8708F44092EF94592242FA39EE0987A7

Uniqueness

Uniqueness Score: -1.00%

Function 00491BA0, Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 00491C47
GlobalUnlock.KERNEL32(?), ref: 00491C87

Part of subcall function 00484100: GlobalAlloc.KERNELBASE(?,i,L6}Gy&H,004AF11D,00000810,00000042,?,00000000,00000008,00000008,004C29D5,00000008,00000000,?,?), ref: 00484118

GlobalLock.KERNEL32 ref: 00491CB7
GlobalUnlock.KERNEL32(?), ref: 00491D1D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock$Alloc
String ID:
API String ID: 913218626-0
Opcode ID: 2cf11a0a0de805a0cdef28ea54f79475e2c8e3d7fe556e6f911869e9713fa309
Instruction ID: 527630b1a4e1a3074c4e9a94758f411618a14a5ac193e16ad45d3e4cbe0a3f59
Opcode Fuzzy Hash: 2cf11a0a0de805a0cdef28ea54f79475e2c8e3d7fe556e6f911869e9713fa309
Instruction Fuzzy Hash: C041E4752006028FDB24EF65D980A67B7F6FF68704B11886ED81ACB722E735EC42C754

Uniqueness

Uniqueness Score: -1.00%

Function 004C99A0, Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004C9A5E
GlobalUnlock.KERNEL32(?), ref: 004C9A75
GlobalLock.KERNEL32 ref: 004C9AAD
GlobalUnlock.KERNEL32(?), ref: 004C9ACD

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID:
API String ID: 2502338518-0
Opcode ID: 284c55b152633fdc01b8d955adf673715d15dae5d699a81fe8bfa9d77d4b4f1a
Instruction ID: 25e41fc11430346302f69d8df01abb18df1d7d83ac23312b8535bcd19127a0a0
Opcode Fuzzy Hash: 284c55b152633fdc01b8d955adf673715d15dae5d699a81fe8bfa9d77d4b4f1a
Instruction Fuzzy Hash: 4E31BAB66007416FD310EF75EC49F6B77E8DB84704F04082EFA5A87201EA7AE849C769

Uniqueness

Uniqueness Score: -1.00%

Function 004C1990, Relevance: 6.1, APIs: 4, Instructions: 98stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,00000000,?,00000000), ref: 004C1A0A

Part of subcall function 004C2720: CharNextA.USER32(74E391C0,74E391C0,004780FB,00509124), ref: 004C2726

lstrlenA.KERNEL32(?), ref: 004C1A48
lstrlenA.KERNEL32(?), ref: 004C1A5F
lstrcatA.KERNEL32(?,00502168,?,00000000), ref: 004C1A87

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrlen$CharNextlstrcat
String ID:
API String ID: 602611605-0
Opcode ID: 8447d85f1765d4fc9de41157f1fd3824ff18a84c400612a180b3f7383251803b
Instruction ID: b5dc210968b4e44d30faa53f57b598adc8fd1685af393061adb215c66926f2fe
Opcode Fuzzy Hash: 8447d85f1765d4fc9de41157f1fd3824ff18a84c400612a180b3f7383251803b
Instruction Fuzzy Hash: 4831C3745093819BD3518F14D844B6BBBE4EF96304F08085EF8C583223D379D94ACB56

Uniqueness

Uniqueness Score: -1.00%

Function 0041D040, Relevance: 6.1, APIs: 4, Instructions: 96COMMON

Download Yara Rule

APIs

Part of subcall function 0041E610: GetClipBox.GDI32(?,?), ref: 0041E668
Part of subcall function 0041E610: CreateRectRgn.GDI32(?,?,?,?), ref: 0041E682
Part of subcall function 0041E610: DeleteObject.GDI32(00000000), ref: 0041E6A1

InvertRect.USER32(?,?), ref: 0041D0D3
InvertRect.USER32(?,?), ref: 0041D117
InvertRect.USER32(?,?), ref: 0041D122
InvertRect.USER32(?,?), ref: 0041D12D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Rect$Invert$ClipCreateDeleteObject
String ID:
API String ID: 2846227264-0
Opcode ID: 8fddac57012ceda3e8203e8a7cba6f1ab04356ffee92824a5994dfd21d0c35eb
Instruction ID: 197854608aff2633042ffdb2dde8a0bf4847246a034eccbe30459037290cd9d2
Opcode Fuzzy Hash: 8fddac57012ceda3e8203e8a7cba6f1ab04356ffee92824a5994dfd21d0c35eb
Instruction Fuzzy Hash: 473104B5508745AFC314DF59C8818ABB7F8FB99308F40091EF88583310E775EA45CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 004AC7E0, Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

Part of subcall function 00484100: GlobalAlloc.KERNELBASE(?,i,L6}Gy&H,004AF11D,00000810,00000042,?,00000000,00000008,00000008,004C29D5,00000008,00000000,?,?), ref: 00484118

GlobalLock.KERNEL32 ref: 004AC844
GlobalLock.KERNEL32 ref: 004AC84D
GlobalUnlock.KERNEL32(?), ref: 004AC88E
GlobalUnlock.KERNEL32(00000000), ref: 004AC891

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock$Alloc
String ID:
API String ID: 913218626-0
Opcode ID: b3c78f33edb6ff447be23008f09cb93bfa66c8022a009b2df30d6fbd3d334b9d
Instruction ID: 04572f052f6dcc2b1d52acd8fa6d4228d8728a01dde2c6a60b4a5f89ac256391
Opcode Fuzzy Hash: b3c78f33edb6ff447be23008f09cb93bfa66c8022a009b2df30d6fbd3d334b9d
Instruction Fuzzy Hash: 4C21A1B66042105FD210EB59E880A6FB3E8FB95B66F44057FF94997300D629EC08CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 004A9250, Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004A925B
SetRect.USER32 ref: 004A92C8
SetRect.USER32 ref: 004A9306
GlobalUnlock.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,004A871C,00000000,00000000), ref: 004A9309

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: GlobalRect$LockUnlock
String ID:
API String ID: 5171256-0
Opcode ID: 2f9f0a634e0c6d72493f8aa5d54a86d4abcefc6d82b9beff63c017e6b4375bd1
Instruction ID: 4eae3ca157bfe897e5e7614fb7f05baa5a37ff924c4c44874626c72af3b0984e
Opcode Fuzzy Hash: 2f9f0a634e0c6d72493f8aa5d54a86d4abcefc6d82b9beff63c017e6b4375bd1
Instruction Fuzzy Hash: 90316975604202AFC300DF29D880A5AFBF8FF99304F648A6DF94887241D735E846CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0041D5F0, Relevance: 6.1, APIs: 4, Instructions: 81COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 0041D60A
GetDC.USER32(00000000), ref: 0041D62C
ReleaseDC.USER32 ref: 0041D6AE
GlobalUnlock.KERNEL32(?), ref: 0041D6C0

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockReleaseUnlock
String ID:
API String ID: 169231578-0
Opcode ID: 557280b59a3217edc3e578cc2b265216bf46a969fdf8c27abac214e4eec79e3b
Instruction ID: 2b9313441402b277f7857dddc1ecefb284a88e996fa94cdcd6daad9cce253218
Opcode Fuzzy Hash: 557280b59a3217edc3e578cc2b265216bf46a969fdf8c27abac214e4eec79e3b
Instruction Fuzzy Hash: 052191F2A043409FC710EF68E848B5B77A8EF94314F44056AFC4997212E77CD844CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00491200, Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,?), ref: 00491232

Part of subcall function 004A11D0: GetPaletteEntries.GDI32(?,?,00000001,00000000), ref: 004A11E4

SetTextColor.GDI32(?,00000000), ref: 00491252
SetBkColor.GDI32(?,?), ref: 0049127F
SetBkColor.GDI32(?,00000000), ref: 0049129D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Color$Text$EntriesPalette
String ID:
API String ID: 1580254748-0
Opcode ID: 5533c615f98f0a07b14289e593fc649b997db1d5dc7b0b5b6049a51a7435c20b
Instruction ID: 72936402819847c13c5700f08c54fe5cb9f4ebc4e04a889e52b05b42bcc7224e
Opcode Fuzzy Hash: 5533c615f98f0a07b14289e593fc649b997db1d5dc7b0b5b6049a51a7435c20b
Instruction Fuzzy Hash: B31157712081922BE3199B385C544BFFF98EF89341F0489BAF896C2612D3289C15D3F5

Uniqueness

Uniqueness Score: -1.00%

Function 004ACFA0, Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004ACFB7
GlobalUnlock.KERNEL32(0233014C,?,?,00000000,?,004AB2C7,?,004AB350,00000000,00000000,00000000,00404C89,?), ref: 004AD002
GlobalLock.KERNEL32 ref: 004AD026
GlobalUnlock.KERNEL32(02330144,?,?,00000000,?,004AB2C7,?,004AB350,00000000,00000000,00000000,00404C89,?), ref: 004AD05D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID:
API String ID: 2502338518-0
Opcode ID: 03029de8403d7c60fb23087fed2ae5a48a59333e3a01f3aef7e19a27331efb95
Instruction ID: 2bf467e653701c41897b3af6703fbcdd18f7f407e85f98fb5de06b07435ccb2d
Opcode Fuzzy Hash: 03029de8403d7c60fb23087fed2ae5a48a59333e3a01f3aef7e19a27331efb95
Instruction Fuzzy Hash: 8811B436A042449FEB709F24ED88A6B37A9F766B08F444416F902D7741C779DC0AE726

Uniqueness

Uniqueness Score: -1.00%

Function 0046CB90, Relevance: 6.1, APIs: 4, Instructions: 67stringCOMMON

Download Yara Rule

APIs

lstrcpyA.KERNEL32(?,?), ref: 0046CBF8
lstrlenA.KERNEL32(?), ref: 0046CC02
lstrcpyA.KERNEL32(?,00502CDC), ref: 0046CC30
lstrcatA.KERNEL32(?,?), ref: 0046CC51

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrcpy$lstrcatlstrlen
String ID:
API String ID: 1049500425-0
Opcode ID: ccdc3f0c200c9ff7c57eb4e6fe592ea5214130b197da39bc93a62b64f698b164
Instruction ID: 3f556703c79405638704944ec9d70ecaa34795f007343263d856d5254d278759
Opcode Fuzzy Hash: ccdc3f0c200c9ff7c57eb4e6fe592ea5214130b197da39bc93a62b64f698b164
Instruction Fuzzy Hash: 542184752043096FD724DB64D989EEBB3E8EF98714F00492DB599C3180EA74E909CB66

Uniqueness

Uniqueness Score: -1.00%

Function 004ADCC0, Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 004ADD01
GlobalUnlock.KERNEL32(?,?,?,?,?,?,004ADDC1,?,?,?,?,?,?,?,?), ref: 004ADD07
GlobalLock.KERNEL32 ref: 004ADD2C
GlobalUnlock.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004ADDC1,?,?,?,?), ref: 004ADD32

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID:
API String ID: 2502338518-0
Opcode ID: 86c23a6dfa4334cfa3e9929d7f5a2ee687d8c8f2c3dc4cdb5a8886d842b68a89
Instruction ID: 0da2b7b2ec7b1ddb6022907386d6ac20bd4c1ef1e5b945dbb9c92b5b9870ba60
Opcode Fuzzy Hash: 86c23a6dfa4334cfa3e9929d7f5a2ee687d8c8f2c3dc4cdb5a8886d842b68a89
Instruction Fuzzy Hash: 851106B6604704AFC724EFA9D88496BB7E8EF9D314F40092DF98AC3B10D675E904CB61

Uniqueness

Uniqueness Score: -1.00%

Function 004908D0, Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

ReleaseDC.USER32 ref: 004908FD
SelectObject.GDI32(?,?), ref: 00490930
DeleteObject.GDI32(00000000), ref: 0049093B
DeleteDC.GDI32(?), ref: 00490945

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: DeleteObject$ReleaseSelect
String ID:
API String ID: 668125219-0
Opcode ID: ad59e4976105b5c2e3cc2808284e2563895f487ddf1e9fafeb2cfef4629a8b08
Instruction ID: f0cb45eaf5d699c81e3210d7e851298918a8cbf0d5b6323271eb5fb454859929
Opcode Fuzzy Hash: ad59e4976105b5c2e3cc2808284e2563895f487ddf1e9fafeb2cfef4629a8b08
Instruction Fuzzy Hash: F80152F16047109FDB34DB25E848D57BBA8EB64314B04492EF587C3A51C638EC85C764

Uniqueness

Uniqueness Score: -1.00%

Function 004A8EE0, Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

Part of subcall function 004A9360: GlobalLock.KERNEL32 ref: 004A93A5
Part of subcall function 004A9360: CreateDCA.GDI32(?,?,00000000,00000000), ref: 004A93C0

SetAbortProc.GDI32(00000000,004A9420,?,00000000), ref: 004A8EFE
DeleteDC.GDI32(00000000), ref: 004A8F56

Part of subcall function 004C26E0: LoadStringA.USER32 ref: 004C2706

StartDocA.GDI32 ref: 004A8F3E
StartPage.GDI32(00000000), ref: 004A8F4A

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Start$AbortCreateDeleteGlobalLoadLockPageProcString
String ID:
API String ID: 1417926472-0
Opcode ID: 733bb31dd321884bb1837369423728ad98a951da7d61f154796dc8a68fcd06ec
Instruction ID: 4bc1949727728879f549fd391071de9203a9e7492b81febc0964d52947b068c6
Opcode Fuzzy Hash: 733bb31dd321884bb1837369423728ad98a951da7d61f154796dc8a68fcd06ec
Instruction Fuzzy Hash: F3015E745013529FC320AF1A8809E9FBBECFFAA750B41845FF54497221DB78C609DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004D01D0, Relevance: 6.0, APIs: 4, Instructions: 46stringCOMMON

Download Yara Rule

APIs

LoadResource.KERNEL32(?,?,?,?,00000000,?,004D0170,?,?,?,?,004D031E,?,?,?,?), ref: 004D01E5
LockResource.KERNEL32(00000000,?,?,?,?,004D031E,?,?,?,?,?,?,?,?,?,00000001), ref: 004D01F4
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,004D031E,?,?,?,?), ref: 004D021C
FreeResource.KERNEL32(?,?,?,?,?,004D031E,?,?,?,?,?,?,?,?,?,00000001), ref: 004D0231

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Resource$FreeLoadLocklstrlen
String ID:
API String ID: 3854616578-0
Opcode ID: 49290a93c86acb8c1e4f174597a21f9c65feffcc88faade750f71fedcdb4a808
Instruction ID: a5ca0dac233202a7fa88024ace724379c9914a66a865b7cacd7dd82436724254
Opcode Fuzzy Hash: 49290a93c86acb8c1e4f174597a21f9c65feffcc88faade750f71fedcdb4a808
Instruction Fuzzy Hash: 49018F71A012196FC7209BB4AC4CA6BBBACEB48754F04496AF845C3300C738EC49C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 004CDD30, Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004CDD65
IsDialogMessageA.USER32(00000000,?), ref: 004CDD7A
TranslateMessage.USER32(?), ref: 004CDD85
DispatchMessageA.USER32 ref: 004CDD8C

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Message$DialogDispatchPeekTranslate
String ID:
API String ID: 1266772231-0
Opcode ID: be2652a20be92698bd05c9a7a9d119367d0fc75211e3f09764bb3a27e8cb3080
Instruction ID: 98131286315a1eb158767170bb7a56f17ef1ddee99eca2b75871c96c143ea359
Opcode Fuzzy Hash: be2652a20be92698bd05c9a7a9d119367d0fc75211e3f09764bb3a27e8cb3080
Instruction Fuzzy Hash: 9B0128B5A40309ABD720EB54EC85FAA77BCEB54350F54043AA90093290DB78F94DEB66

Uniqueness

Uniqueness Score: -1.00%

Function 004A9420, Relevance: 6.0, APIs: 4, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004A9455
IsDialogMessageA.USER32(00000000,?), ref: 004A9466
TranslateMessage.USER32(?), ref: 004A9471
DispatchMessageA.USER32 ref: 004A9478

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Message$DialogDispatchPeekTranslate
String ID:
API String ID: 1266772231-0
Opcode ID: 67c91e87f641d4c8b6c7df6d910e1ed3e95aa5b888d699472cece6402498c3bf
Instruction ID: 5835d5b18d689280161853e136ad5129990ff75f5051096c9f93e8ed7cdc77b0
Opcode Fuzzy Hash: 67c91e87f641d4c8b6c7df6d910e1ed3e95aa5b888d699472cece6402498c3bf
Instruction Fuzzy Hash: D6016DB2544309EBD620DF94EC85FAF33ACE7A5310F14442AEA00D3290D779E94DDB66

Uniqueness

Uniqueness Score: -1.00%

Function 004BCBB0, Relevance: 6.0, APIs: 4, Instructions: 41stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,?,?), ref: 004BCBE2
lstrlenA.KERNEL32(?), ref: 004BCBEA

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrlen
String ID:
API String ID: 1659193697-0
Opcode ID: cdba8225d786763e3e29bdefec4b9625aee98ae8998f9d5749dd298818cfcf9d
Instruction ID: 5441786dadb787b820d688f7d019789140007b9eb666350ff31758a3eb69e991
Opcode Fuzzy Hash: cdba8225d786763e3e29bdefec4b9625aee98ae8998f9d5749dd298818cfcf9d
Instruction Fuzzy Hash: 9BF030366081116BD661971AFC85BEF77A8EBD5221F18443BF500D2210D728AC4A9BB5

Uniqueness

Uniqueness Score: -1.00%

Function 00404ED0, Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 00404EFF
GlobalLock.KERNEL32 ref: 00404F04
GlobalUnlock.KERNEL32(?), ref: 00404F19
GlobalUnlock.KERNEL32(?), ref: 00404F1C

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID:
API String ID: 2502338518-0
Opcode ID: 99dfd7f4136656f3d5826dadd8cdb2fd54be12a951769ca17c970b0453bc6e26
Instruction ID: a037235a6ea0644c513f76568adde665ce56ebdb1977209d30f7167b5094b893
Opcode Fuzzy Hash: 99dfd7f4136656f3d5826dadd8cdb2fd54be12a951769ca17c970b0453bc6e26
Instruction Fuzzy Hash: A8F0B4767002256FD3209B5A9D80D2BFBACDEC5A21719407AFE08E3321DA74EC008BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00470F30, Relevance: 6.0, APIs: 4, Instructions: 37windowCOMMON

Download Yara Rule

APIs

SelectPalette.GDI32(?,?,00000000), ref: 00470F49
SelectObject.GDI32(?,?), ref: 00470F57
DeleteDC.GDI32(?), ref: 00470F63
DeleteObject.GDI32(00000000), ref: 00470F6A

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: DeleteObjectSelect$Palette
String ID:
API String ID: 823320552-0
Opcode ID: 41c8a8dfbb45b8939a2f2a5dc35577f0b3b6bbbd1644093cf61526494b197fef
Instruction ID: 29891029a26488c3e3f4efe960e59103c08ec4317bf49a7d9b9ea6f53f1c25d2
Opcode Fuzzy Hash: 41c8a8dfbb45b8939a2f2a5dc35577f0b3b6bbbd1644093cf61526494b197fef
Instruction Fuzzy Hash: 46F0E276600700ABC6309B69EC48F9BB7ECEB94621F048829F54AD3A50D674E8489B65

Uniqueness

Uniqueness Score: -1.00%

Function 004158F6, Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

SetWindowLongA.USER32(?,00000006,?), ref: 00415908
InvalidateRect.USER32(?,00000000,00000000), ref: 004159DC
UpdateWindow.USER32(?), ref: 004159E3
DefWindowProcA.USER32(?,?,?,?), ref: 00415A09

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$InvalidateLongProcRectUpdate
String ID:
API String ID: 3597511396-0
Opcode ID: 45f620ed3df4ae392dfa91069b161d0b65e30dc10ebb5047d85c648efd9c2c28
Instruction ID: 40cb778ddd33debc801e4fa4ea8a95f376e824a7f199ddcbbdf5980756105f21
Opcode Fuzzy Hash: 45f620ed3df4ae392dfa91069b161d0b65e30dc10ebb5047d85c648efd9c2c28
Instruction Fuzzy Hash: FCF03C75248705EFE231CF14D84ABEFB7A4FB88311F10441AF94592290DB795989CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0041596C, Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

SetWindowLongA.USER32(?,00000002,?), ref: 0041597E
InvalidateRect.USER32(?,00000000,00000000), ref: 004159DC
UpdateWindow.USER32(?), ref: 004159E3
DefWindowProcA.USER32(?,?,?,?), ref: 00415A09

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$InvalidateLongProcRectUpdate
String ID:
API String ID: 3597511396-0
Opcode ID: 65be28d12b1720f93b6820bfcaf40ecb75e51de050619b386e0e1f1796ea307d
Instruction ID: 54131b81a0d5f9d8b0f7d1783c9c28664f7094803bda93722d47f383455b169f
Opcode Fuzzy Hash: 65be28d12b1720f93b6820bfcaf40ecb75e51de050619b386e0e1f1796ea307d
Instruction Fuzzy Hash: FFF03C75248705EFE231CF14D84ABEFB7A4FB88311F10441AF94492290DB795989CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0041598E, Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

SetWindowWord.USER32(?,00000016,?), ref: 004159A0
InvalidateRect.USER32(?,00000000,00000000), ref: 004159DC
UpdateWindow.USER32(?), ref: 004159E3
DefWindowProcA.USER32(?,?,?,?), ref: 00415A09

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$InvalidateProcRectUpdateWord
String ID:
API String ID: 4178853006-0
Opcode ID: bf9042430f395381214821f66af880e713845546b4ec29a35745575009404cf8
Instruction ID: 14a1ff229092912a0588dc9083fcbec9427013a4b8f0a8488bd5b6d98a9d4998
Opcode Fuzzy Hash: bf9042430f395381214821f66af880e713845546b4ec29a35745575009404cf8
Instruction Fuzzy Hash: 3CF03775248705EFE231CF14DC4ABEFB7A4FB88311F10441AF98492290DB795A89DB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00415950, Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

SetWindowLongA.USER32(?,00000002,00000000), ref: 0041595C
InvalidateRect.USER32(?,00000000,00000000), ref: 004159DC
UpdateWindow.USER32(?), ref: 004159E3
DefWindowProcA.USER32(?,?,?,?), ref: 00415A09

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$InvalidateLongProcRectUpdate
String ID:
API String ID: 3597511396-0
Opcode ID: 46659793bb652e9da9f1f50faa22bde9fcb2987cfa9673296b6d8ef07baa3d29
Instruction ID: 6f2eefbc9f8a4da0ecdde32f991bc2d86f0e52cc776351c6aba320739a604b48
Opcode Fuzzy Hash: 46659793bb652e9da9f1f50faa22bde9fcb2987cfa9673296b6d8ef07baa3d29
Instruction Fuzzy Hash: D6F04935248701EBE230CF14DC4ABEFB7A4FB88311F20442AF94452290CB795989CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0041591B, Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

GetWindowWord.USER32 ref: 00415925
InvalidateRect.USER32(?,00000000,00000000), ref: 004159DC
UpdateWindow.USER32(?), ref: 004159E3
DefWindowProcA.USER32(?,?,?,?), ref: 00415A09

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$InvalidateProcRectUpdateWord
String ID:
API String ID: 4178853006-0
Opcode ID: 12572b8a437dd1690db3221b65fa2d6d2f2a09189b5a97297a31efa64c70cd34
Instruction ID: b5f02f5c65f326e0798538861c0ddeab9d004b40dd0df18577a10d730cd5ec50
Opcode Fuzzy Hash: 12572b8a437dd1690db3221b65fa2d6d2f2a09189b5a97297a31efa64c70cd34
Instruction Fuzzy Hash: FDF04931248601EFE230CF14DC4ABEFB7A4FB88311F10442AF98592280DB79594ACB9A

Uniqueness

Uniqueness Score: -1.00%

Function 004159B0, Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

GetWindowWord.USER32 ref: 004159BA
InvalidateRect.USER32(?,00000000,00000000), ref: 004159DC
UpdateWindow.USER32(?), ref: 004159E3
DefWindowProcA.USER32(?,?,?,?), ref: 00415A09

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$InvalidateProcRectUpdateWord
String ID:
API String ID: 4178853006-0
Opcode ID: 389c767509652e6183905f6d0d50a164636c1a022f645d974b60ce7c008c270e
Instruction ID: 857aeb1ece09d535d1858ffbaf048cb522fd3aaed204c4c8c6b006224f666693
Opcode Fuzzy Hash: 389c767509652e6183905f6d0d50a164636c1a022f645d974b60ce7c008c270e
Instruction Fuzzy Hash: 4DF04931248605EFE230CF14DC4ABEFB7A4FB88311F10442AF98592280DB79594ADB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0041D7C0, Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32(?,?,?,00000001,0041BBD3,?,?), ref: 0041D7E4
GlobalUnlock.KERNEL32(?), ref: 0041D7EA
GlobalUnlock.KERNEL32(?), ref: 0041D7F0
GlobalUnlock.KERNEL32(?), ref: 0041D7F6

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: GlobalUnlock
String ID:
API String ID: 3141859582-0
Opcode ID: dc3320c63c6e9f864e3f19b63ed78ea47f74adbbb994422b86bf19d7e263a30b
Instruction ID: d9d82b16732539baa69189554a2fb6643e2264debecbfda781a305e175dd3bfe
Opcode Fuzzy Hash: dc3320c63c6e9f864e3f19b63ed78ea47f74adbbb994422b86bf19d7e263a30b
Instruction Fuzzy Hash: 21F070B66147109BC720DBADC880857F7F8FF9C250740091EE59AC3B10C675F801C728

Uniqueness

Uniqueness Score: -1.00%

Function 00415937, Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32 ref: 00415941
InvalidateRect.USER32(?,00000000,00000000), ref: 004159DC
UpdateWindow.USER32(?), ref: 004159E3
DefWindowProcA.USER32(?,?,?,?), ref: 00415A09

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$InvalidateLongProcRectUpdate
String ID:
API String ID: 3597511396-0
Opcode ID: 0c4d1e2ac927319e0521a8134ef50181c64292af49fc6a7b3795aecc3382ce0d
Instruction ID: b529deb2c6e5d0c12947c50b71306b2eb5a6f47711476d65708c953a669ec0b4
Opcode Fuzzy Hash: 0c4d1e2ac927319e0521a8134ef50181c64292af49fc6a7b3795aecc3382ce0d
Instruction Fuzzy Hash: EEF04935248701EFE230CF14D84ABEFB7A4FB88311F10442AF94592280DB79594ACB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00419B40, Relevance: 6.0, APIs: 4, Instructions: 30windowCOMMON

Download Yara Rule

APIs

SendDlgItemMessageA.USER32(?,?,0000000B,?,00000000), ref: 00419B56
GetDlgItem.USER32 ref: 00419B62
InvalidateRect.USER32(00000000,00000000,00000001), ref: 00419B73
UpdateWindow.USER32(00000000), ref: 00419B7A

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Item$InvalidateMessageRectSendUpdateWindow
String ID:
API String ID: 3918709878-0
Opcode ID: 42e5e0625710457c2a50a019ffa0f650d48637b1fa24c452fe9b64fcae3f7a80
Instruction ID: e997da98bbcea3acb36b25a07d4fadaa37c35e5a36f77b539ce7b48e6002d246
Opcode Fuzzy Hash: 42e5e0625710457c2a50a019ffa0f650d48637b1fa24c452fe9b64fcae3f7a80
Instruction Fuzzy Hash: 5CE0653264562577E2314B54AD5AF8F776CFFD9F51F140025FE00661408B64AC0997BA

Uniqueness

Uniqueness Score: -1.00%

Function 0041D770, Relevance: 6.0, APIs: 4, Instructions: 28COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 0041D790
GlobalLock.KERNEL32 ref: 0041D799
GlobalLock.KERNEL32 ref: 0041D7A2
GlobalLock.KERNEL32 ref: 0041D7AB

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: GlobalLock
String ID:
API String ID: 2848605275-0
Opcode ID: 6cb887f57e0186cfc2f0d7d13b5a38744922249bbf8595b66f751b3374c9a972
Instruction ID: c411e20eb130090f443df02a7cd78d7d1978e34786d26d86e82a0169ca59c015
Opcode Fuzzy Hash: 6cb887f57e0186cfc2f0d7d13b5a38744922249bbf8595b66f751b3374c9a972
Instruction Fuzzy Hash: FFF07479604B109FC760EFA9D944997F7F8FF98610305091EE98AC3B10DA74F801CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00405B80, Relevance: 6.0, APIs: 4, Instructions: 28windowCOMMON

Download Yara Rule

APIs

CreateBitmap.GDI32(00000008,00000008,00000001,00000001), ref: 00405BA1
CreatePatternBrush.GDI32(00000000), ref: 00405BAA
DeleteObject.GDI32(00000000), ref: 00405BB3
UnrealizeObject.GDI32(00000000), ref: 00405BBA

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CreateObject$BitmapBrushDeletePatternUnrealize
String ID:
API String ID: 3494567017-0
Opcode ID: 11f3b1b4fa6f45666e823ed76fadffbbd39307ce47d3551c57f4697322a0f26d
Instruction ID: e6e4d66de4159eb283170e06dea316e4e535d9615a2c392dc176aa3066577070
Opcode Fuzzy Hash: 11f3b1b4fa6f45666e823ed76fadffbbd39307ce47d3551c57f4697322a0f26d
Instruction Fuzzy Hash: 31F03075600300BFE3109F78DC09A7E3FA4EB85715F54846EFA04CA251E676880ADB62

Uniqueness

Uniqueness Score: -1.00%

Function 004A10A0, Relevance: 6.0, APIs: 4, Instructions: 26COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 004A10A6
GetDeviceCaps.GDI32(00000000,0000000C), ref: 004A10BB
GetDeviceCaps.GDI32(00000000,0000000E), ref: 004A10C2
ReleaseDC.USER32 ref: 004A10CA

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 05e35feb163f826d14134bfb9199af2ac4f5972ab53b82eba5ba06095019a848
Instruction ID: 70b6d5c8102e87c35a02edcb05436c21f65e6eb3603e9891b15823fcdd709e4a
Opcode Fuzzy Hash: 05e35feb163f826d14134bfb9199af2ac4f5972ab53b82eba5ba06095019a848
Instruction Fuzzy Hash: B1E0C2733002143BF32023766C88F6F2B5EDBD56A2F140433F600D7590CAA08C445770

Uniqueness

Uniqueness Score: -1.00%

Function 0041C1A0, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

(, xrefs: 0041C3B7

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: GlobalLock
String ID: (
API String ID: 2848605275-3887548279
Opcode ID: 10f3949e7bf41f8efbd166ea65b573ea7ad57919ab6edfffe9331a6430ae0303
Instruction ID: 011165cfa359d3087012725a1904c32d88ffecb8bd9cea8b70cda9c7ea0f6480
Opcode Fuzzy Hash: 10f3949e7bf41f8efbd166ea65b573ea7ad57919ab6edfffe9331a6430ae0303
Instruction Fuzzy Hash: CD911874A88614AEE230BB148CC27FF72E5AF25704F44041AFA4642351E66DA9C2C7EF

Uniqueness

Uniqueness Score: -1.00%

Function 004B5B60, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 166COMMON

Download Yara Rule

APIs

OffsetRect.USER32(?,?,?), ref: 004B5C07

Strings

UNK, xrefs: 004B5D58
Format, xrefs: 004B5D5D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: OffsetRect
String ID: Format$UNK
API String ID: 177026234-4073283197
Opcode ID: 49c11ac10dc4ad60044393e28e4a62a364b4a8b3d88124ba8645a1974ac3bac8
Instruction ID: 95c77894c044d20ff96cc8fa89090d9e0c38ea7ddc423b93760193201e624263
Opcode Fuzzy Hash: 49c11ac10dc4ad60044393e28e4a62a364b4a8b3d88124ba8645a1974ac3bac8
Instruction Fuzzy Hash: 555183712047459BE720DB25CC55FEBB7E9AF84305F00492EEA4987381EB79E944CB26

Uniqueness

Uniqueness Score: -1.00%

Function 0048CC70, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 0048CCFF
GlobalUnlock.KERNEL32(?), ref: 0048CD2A

Strings

P, xrefs: 0048CDD5

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID: P
API String ID: 2502338518-3110715001
Opcode ID: 9cb32cb578aef3f81861423c612c8c28bdf9021e419618a58a49f35b05a32c9d
Instruction ID: be6298c32e93ed5fb590b7355a88ea028851fb129c7951d09f4dcc69628d3f46
Opcode Fuzzy Hash: 9cb32cb578aef3f81861423c612c8c28bdf9021e419618a58a49f35b05a32c9d
Instruction Fuzzy Hash: 3B510375604300CFC714EF19D584A2ABBE1FB88308F44896EE9495B742D739E949CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 004942C0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 00494396
GlobalUnlock.KERNEL32(?), ref: 004943B6

Strings

X, xrefs: 00494369

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID: X
API String ID: 2502338518-3081909835
Opcode ID: 9adbc0d60845fd02fd6c5f91927c573a68ecc1a230f4be04116208c9635d7b76
Instruction ID: 750982c21ad3022cf2e3d4da21edb652ac78369d59f64fd9c641c890b5f5f288
Opcode Fuzzy Hash: 9adbc0d60845fd02fd6c5f91927c573a68ecc1a230f4be04116208c9635d7b76
Instruction Fuzzy Hash: 42314FB5704305DFCB20DF15D880A2ABBA1EBC4315F5446AEED494B342D73AE81ACB69

Uniqueness

Uniqueness Score: -1.00%

Function 004E0690, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

Part of subcall function 004D9200: GlobalLock.KERNEL32 ref: 004D9216

GlobalLock.KERNEL32 ref: 004E0763

Part of subcall function 004DFF20: GlobalLock.KERNEL32 ref: 004DFF2F
Part of subcall function 004DFF20: GlobalUnlock.KERNEL32(00000000,?,?,?,?,004E078B), ref: 004DFFE8

GlobalUnlock.KERNEL32(?), ref: 004E0795

Part of subcall function 00484210: GlobalFree.KERNELBASE ref: 00484219

Strings

`nP, xrefs: 004E0746

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$Lock$Unlock$Free
String ID: `nP
API String ID: 3197494858-662898159
Opcode ID: fd50af3b94cc389ebb8c3af5a1043972f17674a612937f03d4a1ed4dff2f1bef
Instruction ID: 6710797d68d9a21f38ae34077fe378143e4d688ef72d5771d8bd391d1fe02563
Opcode Fuzzy Hash: fd50af3b94cc389ebb8c3af5a1043972f17674a612937f03d4a1ed4dff2f1bef
Instruction Fuzzy Hash: E6316AB9D00204EFDB00EBD6D886A9E7BB4AF04309F144467F515E7341E778AA84CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004B57E0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

OffsetRect.USER32(?,?,?), ref: 004B5896

Strings

BMP, xrefs: 004B58C5
Format, xrefs: 004B58CA

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: OffsetRect
String ID: BMP$Format
API String ID: 177026234-1343775672
Opcode ID: f9634f28a125cee021fc6b208c3b3fb6fd7c730958acf686476f409f2be8a0df
Instruction ID: d31dd5c160f51552d4aae16eb237676ef8e2c30eaf17614738f00d8c627b7066
Opcode Fuzzy Hash: f9634f28a125cee021fc6b208c3b3fb6fd7c730958acf686476f409f2be8a0df
Instruction Fuzzy Hash: 56318DB0904701ABD714DF15D881BBBB7F8FF84704F10482EF84996242EB35E989C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 00468EA0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001,00000000,00000000,?,?), ref: 00468EAE

Strings

0bt@Mt, xrefs: 00468EAE, 00468F69

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorMode
String ID: 0bt@Mt
API String ID: 2340568224-2323819115
Opcode ID: 52a2b366682206b6d3ad7b6894e958607900c9c2178bf918f950ae14d1e51df5
Instruction ID: 875073e5c884a4134b0370039dfb7dd4ed9667bb08a115ba8fdfbc4f223a31f5
Opcode Fuzzy Hash: 52a2b366682206b6d3ad7b6894e958607900c9c2178bf918f950ae14d1e51df5
Instruction Fuzzy Hash: C821F975A042009BD720DB65EC8596BB3A8EF54714F14062FF805C7201FB3ED8988797

Uniqueness

Uniqueness Score: -1.00%

Function 004E0510, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

`nP, xrefs: 004E05B6

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID: `nP
API String ID: 2502338518-662898159
Opcode ID: 2d0185cda14229d5a35f69bd106ab9efe65a7da429687cb32c18fe809e7f9c9b
Instruction ID: 8c7e0d2231cc7ee08ba95de4b484284f470ff96857af452c4127c783aa7d720f
Opcode Fuzzy Hash: 2d0185cda14229d5a35f69bd106ab9efe65a7da429687cb32c18fe809e7f9c9b
Instruction Fuzzy Hash: D02164B5D00209EBDB00EBE6E846BAF77B8EF54349F040027F515E6281E7789654CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00448C90, Relevance: 5.3, APIs: 4, Instructions: 316stringCOMMON

Download Yara Rule

APIs

CharNextA.USER32(?,00000001), ref: 00448CFA
lstrlenA.KERNEL32(?,?,?,?,00000000,00446EDB,?,00000000,?,00000000,?,00000001,00000001,00447030,?,00000001), ref: 00448D0A
lstrlenA.KERNEL32(?), ref: 00448D5D
lstrlenA.KERNEL32(?), ref: 00448D6D

Part of subcall function 004D7240: GetTickCount.KERNEL32 ref: 004D7254

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrlen$CharCountNextTick
String ID:
API String ID: 1786607560-0
Opcode ID: 92e8e4b8bb4a244c58c4d6be6616f96e1d9fa85b82495d9f8ad31e22bad1bb97
Instruction ID: 95819179d5a181dea36485e55ee3123fc4d3c502910a190c50651dde227a4f8c
Opcode Fuzzy Hash: 92e8e4b8bb4a244c58c4d6be6616f96e1d9fa85b82495d9f8ad31e22bad1bb97
Instruction Fuzzy Hash: CDC182B59083419BE730DF14D9457EFB3E4EB94308F00082FE98D96281EB799949CB5B

Uniqueness

Uniqueness Score: -1.00%

Function 00489D00, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

Strings

"kI, xrefs: 00489D02, 00489D26, 00489D38, 00489D60

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID: "kI
API String ID: 2502338518-1300299972
Opcode ID: dbaaa86676a4d78baee8c8dde6a9169c95d4c1a1b47288eb322792c0dcc81f43
Instruction ID: f92a66ba4bb7aef873f452c73a1f8b434a8508d3ae063559418091a778b5e9ef
Opcode Fuzzy Hash: dbaaa86676a4d78baee8c8dde6a9169c95d4c1a1b47288eb322792c0dcc81f43
Instruction Fuzzy Hash: B0F03CBA7046116BD210FB6AFC009AF73A9DFD9625F05482EF945C3301E625DC4AC7B6

Uniqueness

Uniqueness Score: -1.00%

Function 004010A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 004010BB
GetWindowPlacement.USER32(?,0000002C), ref: 004010E6

Strings

,, xrefs: 004010D8

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$PlacementVisible
String ID: ,
API String ID: 2234912828-3772416878
Opcode ID: e4a40dbf4fa70712f2656e6b15beca38a7b01bd7baa94b930c8894108d9e73f6
Instruction ID: 7dfb7a416f00e637b94ef3218178aedbb3aea7cbf227d9839808d0aed9d5d402
Opcode Fuzzy Hash: e4a40dbf4fa70712f2656e6b15beca38a7b01bd7baa94b930c8894108d9e73f6
Instruction Fuzzy Hash: D5F08C316013519EE7258E65DD8875B72E8EF89312F44043EE641E62A0E3B89948CBA7

Uniqueness

Uniqueness Score: -1.00%

Function 00419380, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21stringCOMMON

Download Yara Rule

APIs

GetClassNameA.USER32(?,?,00000014), ref: 0041938F
lstrcmpiA.KERNEL32(00000000,AWModalDialog,?,?,?,00418D39,?), ref: 004193A3

Strings

AWModalDialog, xrefs: 0041939D

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: ClassNamelstrcmpi
String ID: AWModalDialog
API String ID: 1927859406-3094060241
Opcode ID: 37f31a3ca17106455fa42e6f32ad5077fc5c768468683e4ed96b87d56e04ccc1
Instruction ID: e85ce15382c0d55b82f8de241f84a0ff51224bb6c2569867ed9cf1df4aee2887
Opcode Fuzzy Hash: 37f31a3ca17106455fa42e6f32ad5077fc5c768468683e4ed96b87d56e04ccc1
Instruction Fuzzy Hash: F5E08CB16006056BD710EA64CC09AAF3698BB44B04FC88478F90AC2291F778C808A76A

Uniqueness

Uniqueness Score: -1.00%

Function 00404180, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00404164,?,?), ref: 004041A5

Strings

pIt8t @tTt, xrefs: 004041A5
dA@, xrefs: 00404181

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeLibrary
String ID: dA@$pIt8t @tTt
API String ID: 3664257935-2032201886
Opcode ID: d761236b58c6c444e54824f19a547925b253618a9ce9ac850e26eeca7cf937b8
Instruction ID: 18bc8834a37750c7854831b6c54a315456551e04b5ea06194f1342de4b57600d
Opcode Fuzzy Hash: d761236b58c6c444e54824f19a547925b253618a9ce9ac850e26eeca7cf937b8
Instruction Fuzzy Hash: 91E0ECB55003119BDB209F15E804707B7E8AF54360F15082EECD4A7340D738E8848B95

Uniqueness

Uniqueness Score: -1.00%

Function 004D9640, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 004D9646
GetPropA.USER32 ref: 004D9656

Strings

Windoid, xrefs: 004D9650

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: PropWindow
String ID: Windoid
API String ID: 1558329881-2076706335
Opcode ID: ab1174fdc1df2f32eab861a556164bde3ee79ec3f0790ea396e7831965c7ab99
Instruction ID: a19bf333c902f015ec8277d94aa2d40aee2c2e8943731f5dbd6e8fa39c419eed
Opcode Fuzzy Hash: ab1174fdc1df2f32eab861a556164bde3ee79ec3f0790ea396e7831965c7ab99
Instruction Fuzzy Hash: 88D0C93232972156DB206B24BC18ADF379CAF52751F0500A7B404D7690E769DD829BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00424C80, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 00424C86
GlobalUnlock.KERNEL32(?,?,?), ref: 00424C9B

Strings

e&B, xrefs: 00424C8C, 00424C90

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: Global$LockUnlock
String ID: e&B
API String ID: 2502338518-3931206465
Opcode ID: af772baf0e4e0ee2ec4404bf68bda79e072746a3decc0f53f61c883d3ed9fba6
Instruction ID: 5d83a029eb1cfab8b8e27dc6ac6eadadd7b03eddfb6b0b2172c565d719af2307
Opcode Fuzzy Hash: af772baf0e4e0ee2ec4404bf68bda79e072746a3decc0f53f61c883d3ed9fba6
Instruction Fuzzy Hash: 38C0127A505520AFC5006B55FC0D8CF77ACEE99221B01441AF90993511D73469058BA6

Uniqueness

Uniqueness Score: -1.00%

Function 004D1D20, Relevance: 5.1, APIs: 4, Instructions: 125stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004C26E0: LoadStringA.USER32 ref: 004C2706

lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 004D1D4E
lstrlenA.KERNEL32(?,?,?,00000000), ref: 004D1D75
lstrlenA.KERNEL32(?,?,?,00000000), ref: 004D1D9C
lstrlenA.KERNEL32(?,?,?,00000000), ref: 004D1DC3

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrlen$LoadString
String ID:
API String ID: 7093501-0
Opcode ID: 0071384dc0d699dbca0be2b9e8f5adce3dbcf300e87c7ad0a1bb4a75c9787159
Instruction ID: 1183b4ce243001f935c534661be43337a990bb14101912e48552c3e60e29de90
Opcode Fuzzy Hash: 0071384dc0d699dbca0be2b9e8f5adce3dbcf300e87c7ad0a1bb4a75c9787159
Instruction Fuzzy Hash: 7741B2B164434676E770E664CC5AFFFB6CC9B80308F040C3EB684961D3EAB8924487A6

Uniqueness

Uniqueness Score: -1.00%

Function 004A0890, Relevance: 5.1, APIs: 4, Instructions: 107stringCOMMON

Download Yara Rule

APIs

CharNextA.USER32(00000000,?,?,?,?,?,?,?), ref: 004A093C
lstrcmpiA.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,?,?,?), ref: 004A096D
lstrcmpiA.KERNEL32(?,00000001), ref: 004A099E
lstrcmpiA.KERNEL32(?,00000001), ref: 004A09C7

Part of subcall function 004C26E0: LoadStringA.USER32 ref: 004C2706

Memory Dump Source

Source File: 00000000.00000002.359715657.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.359710423.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359815222.00000000004FD000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359819809.0000000000501000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359825292.0000000000509000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359830123.000000000050F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.359833670.0000000000510000.00000008.00020000.sdmp Download File
Associated: 00000000.00000002.359838144.0000000000512000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359847437.0000000000526000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359852652.000000000052D000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.359858001.0000000000536000.00000002.00020000.sdmp Download File

Similarity

API ID: lstrcmpi$CharLoadNextString
String ID:
API String ID: 2814368029-0
Opcode ID: b0d97e3d213333176412a71accb5657e0133b780e9b62892760d22aae8c59753
Instruction ID: 61930878c442e68699d4290f28b8a258376a980f23689d3a590b1bc8bee948be
Opcode Fuzzy Hash: b0d97e3d213333176412a71accb5657e0133b780e9b62892760d22aae8c59753
Instruction Fuzzy Hash: 70312BB5A4070567F320D7219C02FAB328C9B66744F04042BFA44D62C2F7BDE909C7BA

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used or give context to information collected by a keylogger.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	API monitoring, File monitoring, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report SecuriteInfo.com.Trojan.BrowseBan.32054.8200

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

Compliance:

Spreading:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

UDP Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: SecuriteInfo.com.Trojan.BrowseBan.32054.exe PID: 4192 Parent PID: 5020

General

Chronological Activities

Disassembly

Code Analysis

Analysis Process: SecuriteInfo.com.Trojan.BrowseBan.32054.exe PID: 4192 Parent PID: 5020 SecuriteInfo.com.Trojan.BrowseBan.32054.exeCOMMON

Executed Functions

Function 00401280, Relevance: 66.5, APIs: 44, Instructions: 487timeCOMMON

Function 004828B0, Relevance: 28.5, APIs: 15, Strings: 1, Instructions: 479windowCOMMON

Function 0046C520, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 150stringCOMMON