Play interactive tour

Edit tour

Windows Analysis Report manager.exe

Overview

General Information

Sample Name:	manager.exe
Analysis ID:	494994
MD5:	1479371ef0752f027661fc1b7748b318
SHA1:	3bf6809d0987cd82ec328b7bbdbcc5618743cf38
SHA256:	183923330057af95cedb73d0aa2e7f844dba89df8866995f483be4c5780298b3
Infos:
Most interesting Screenshot:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Sigma detected: NanoCore

Detected Nanocore Rat

Antivirus / Scanner detection for submitted sample

Yara detected Nanocore RAT

Machine Learning detection for sample

.NET source code contains potential unpacker

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses 32bit PE files

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Installs a raw input device (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected TCP or UDP traffic on non-standard ports

Classification

Process Tree

System is w10x64

manager.exe (PID: 6836 cmdline: 'C:\Users\user\Desktop\manager.exe' MD5: 1479371EF0752F027661FC1B7748B318)

cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "69d5e1dd-adbf-4c76-9eba-4ac963b0", "Group": "Manager", "Domain1": "findmyservice.ignorelist.com", "Port": 4001, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
manager.exe	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
manager.exe	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
manager.exe	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
manager.exe	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.613548998.0000000004E00000.00000004.00020000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
00000000.00000002.613548998.0000000004E00000.00000004.00020000.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000000.00000002.612976062.0000000003A28000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.612976062.0000000003A28000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x123f5:$a: NanoCore 0x1244e:$a: NanoCore 0x1248b:$a: NanoCore 0x12504:$a: NanoCore 0x25baf:$a: NanoCore 0x25bc4:$a: NanoCore 0x25bf9:$a: NanoCore 0x3e67b:$a: NanoCore 0x3e690:$a: NanoCore 0x3e6c5:$a: NanoCore 0x12457:$b: ClientPlugin 0x12494:$b: ClientPlugin 0x12d92:$b: ClientPlugin 0x12d9f:$b: ClientPlugin 0x2596b:$b: ClientPlugin 0x25986:$b: ClientPlugin 0x259b6:$b: ClientPlugin 0x25bcd:$b: ClientPlugin 0x25c02:$b: ClientPlugin 0x3e437:$b: ClientPlugin 0x3e452:$b: ClientPlugin
Process Memory Space: manager.exe PID: 6836	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: manager.exe PID: 6836	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x31ff:$a: NanoCore 0x3492:$a: NanoCore 0x34e5:$a: NanoCore 0x351e:$a: NanoCore 0x3591:$a: NanoCore 0xcd8b:$a: NanoCore 0xcd9e:$a: NanoCore 0xcdd0:$a: NanoCore 0x143c9:$a: NanoCore 0x143d8:$a: NanoCore 0x145cc:$a: NanoCore 0x145de:$a: NanoCore 0x1461a:$a: NanoCore 0x4ab6b:$a: NanoCore 0x4e264:$a: NanoCore 0x4e277:$a: NanoCore 0x4e2a9:$a: NanoCore 0x53819:$a: NanoCore 0x5382c:$a: NanoCore 0x5385e:$a: NanoCore 0x344f:$b: ClientPlugin
Click to see the 10 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.manager.exe.51b0000.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
0.2.manager.exe.51b0000.7.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
0.2.manager.exe.51b0000.7.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.manager.exe.3a42a75.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0x23c50:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost 0x23c7d:$x2: IClientNetworkHost
0.2.manager.exe.3a42a75.3.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0x23c50:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0x24d2b:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost 0x23c6a:$s5: IClientLoggingHost
0.2.manager.exe.3a42a75.3.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.manager.exe.4e00000.5.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
0.2.manager.exe.4e00000.5.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
0.2.manager.exe.290000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.manager.exe.290000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
0.2.manager.exe.290000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.manager.exe.290000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
0.2.manager.exe.3a39616.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0x145e3:$x1: NanoCore.ClientPluginHost 0x2d0af:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost 0x14610:$x2: IClientNetworkHost 0x2d0dc:$x2: IClientNetworkHost
0.2.manager.exe.3a39616.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x145e3:$x2: NanoCore.ClientPluginHost 0x2d0af:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0x156be:$s4: PipeCreated 0x2e18a:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost 0x145fd:$s5: IClientLoggingHost 0x2d0c9:$s5: IClientLoggingHost
0.2.manager.exe.3a39616.2.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.manager.exe.3a39616.2.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xddf:$a: NanoCore 0xe38:$a: NanoCore 0xe75:$a: NanoCore 0xeee:$a: NanoCore 0x14599:$a: NanoCore 0x145ae:$a: NanoCore 0x145e3:$a: NanoCore 0x2d065:$a: NanoCore 0x2d07a:$a: NanoCore 0x2d0af:$a: NanoCore 0xe41:$b: ClientPlugin 0xe7e:$b: ClientPlugin 0x177c:$b: ClientPlugin 0x1789:$b: ClientPlugin 0x14355:$b: ClientPlugin 0x14370:$b: ClientPlugin 0x143a0:$b: ClientPlugin 0x145b7:$b: ClientPlugin 0x145ec:$b: ClientPlugin 0x2ce21:$b: ClientPlugin 0x2ce3c:$b: ClientPlugin
0.2.manager.exe.3a3e44c.4.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
0.2.manager.exe.3a3e44c.4.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
0.2.manager.exe.3a3e44c.4.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.manager.exe.51b4629.6.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost
0.2.manager.exe.51b4629.6.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
0.2.manager.exe.51b4629.6.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.manager.exe.51b0000.7.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
0.2.manager.exe.51b0000.7.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
0.2.manager.exe.51b0000.7.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.manager.exe.2a01770.1.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
0.2.manager.exe.2a01770.1.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
0.2.manager.exe.3a3e44c.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0x28279:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost 0x282a6:$x2: IClientNetworkHost
0.2.manager.exe.3a3e44c.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x28279:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0x29354:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost 0x28293:$s5: IClientLoggingHost
0.2.manager.exe.3a3e44c.4.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.0.manager.exe.290000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.0.manager.exe.290000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
0.0.manager.exe.290000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.0.manager.exe.290000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
Click to see the 29 entries

Sigma Overview

AV Detection:

Sigma detected: NanoCore

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\manager.exe, ProcessId: 6836, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

E-Banking Fraud:

Sigma detected: NanoCore

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\manager.exe, ProcessId: 6836, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Stealing of Sensitive Information:

Sigma detected: NanoCore

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\manager.exe, ProcessId: 6836, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Remote Access Functionality:

Sigma detected: NanoCore

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\manager.exe, ProcessId: 6836, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000000.00000002.612976062.0000000003A28000.00000004.00000001.sdmp

Malware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "69d5e1dd-adbf-4c76-9eba-4ac963b0", "Group": "Manager", "Domain1": "findmyservice.ignorelist.com", "Port": 4001, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Multi AV Scanner detection for submitted file

Show sources

Source: manager.exe	Virustotal: Detection: 88%	Perma Link
Source: manager.exe	Metadefender: Detection: 85%	Perma Link
Source: manager.exe	ReversingLabs: Detection: 97%

Antivirus / Scanner detection for submitted sample

Show sources

Source: manager.exe

Avira: detected

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: manager.exe, type: SAMPLE
Source: Yara match	File source: 0.2.manager.exe.51b0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a42a75.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.290000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a39616.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a3e44c.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.51b4629.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.51b0000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a3e44c.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.manager.exe.290000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.612976062.0000000003A28000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: manager.exe PID: 6836, type: MEMORYSTR

Machine Learning detection for sample

Show sources

Source: manager.exe

Joe Sandbox ML: detected

Source: 0.0.manager.exe.290000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 0.2.manager.exe.51b0000.7.unpack	Avira: Label: TR/NanoCore.fadte
Source: 0.2.manager.exe.290000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7

Source: manager.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED

Source: C:\Users\user\Desktop\manager.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	URLs:
Source: Malware configuration extractor	URLs: findmyservice.ignorelist.com

Source: global traffic

TCP traffic: 192.168.2.6:49753 -> 37.0.10.38:4001

Source: unknown

DNS traffic detected: queries for: findmyservice.ignorelist.com

Source: manager.exe, 00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp

Binary or memory string: RegisterRawInputDevices

E-Banking Fraud:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: manager.exe, type: SAMPLE
Source: Yara match	File source: 0.2.manager.exe.51b0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a42a75.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.290000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a39616.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a3e44c.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.51b4629.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.51b0000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a3e44c.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.manager.exe.290000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.612976062.0000000003A28000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: manager.exe PID: 6836, type: MEMORYSTR

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: manager.exe, type: SAMPLE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: manager.exe, type: SAMPLE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.manager.exe.51b0000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.manager.exe.3a42a75.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.manager.exe.4e00000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.manager.exe.290000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.manager.exe.290000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.manager.exe.3a39616.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.manager.exe.3a39616.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.manager.exe.3a3e44c.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.manager.exe.51b4629.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.manager.exe.51b0000.7.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.manager.exe.2a01770.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.manager.exe.3a3e44c.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.0.manager.exe.290000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.0.manager.exe.290000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000002.613548998.0000000004E00000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000002.612976062.0000000003A28000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: manager.exe PID: 6836, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>

Source: manager.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED

Source: manager.exe, type: SAMPLE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: manager.exe, type: SAMPLE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: manager.exe, type: SAMPLE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.manager.exe.51b0000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.manager.exe.51b0000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.manager.exe.3a42a75.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.manager.exe.3a42a75.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.manager.exe.4e00000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.manager.exe.4e00000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.manager.exe.290000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.manager.exe.290000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.manager.exe.290000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.manager.exe.3a39616.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.manager.exe.3a39616.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.manager.exe.3a39616.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.manager.exe.3a3e44c.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.manager.exe.3a3e44c.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.manager.exe.51b4629.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.manager.exe.51b4629.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.manager.exe.51b0000.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.manager.exe.51b0000.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.manager.exe.2a01770.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.manager.exe.2a01770.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.manager.exe.3a3e44c.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.manager.exe.3a3e44c.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.0.manager.exe.290000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.0.manager.exe.290000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.0.manager.exe.290000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000002.613548998.0000000004E00000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.613548998.0000000004E00000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000002.612976062.0000000003A28000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: manager.exe PID: 6836, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore

Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_0029524A	0_2_0029524A
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_0263AF3C	0_2_0263AF3C
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_026323A0	0_2_026323A0
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_02632FA8	0_2_02632FA8
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_02638468	0_2_02638468
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_02639068	0_2_02639068
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_02633850	0_2_02633850
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_0263306F	0_2_0263306F
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_0263912F	0_2_0263912F

Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_0269116A NtQuerySystemInformation,		0_2_0269116A
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_0269112F NtQuerySystemInformation,		0_2_0269112F

Source: manager.exe, 00000000.00000002.613548998.0000000004E00000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs manager.exe
Source: manager.exe, 00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs manager.exe
Source: manager.exe, 00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs manager.exe

Source: manager.exe

Static PE information: Section: .rsrc ZLIB complexity 0.999810267857

Source: manager.exe	Virustotal: Detection: 88%
Source: manager.exe	Metadefender: Detection: 85%
Source: manager.exe	ReversingLabs: Detection: 97%

Source: C:\Users\user\Desktop\manager.exe

File read: C:\Users\user\Desktop\manager.exe

Jump to behavior

Source: manager.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\manager.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\manager.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_02690F2A AdjustTokenPrivileges,		0_2_02690F2A
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_02690EF3 AdjustTokenPrivileges,		0_2_02690EF3

Source: C:\Users\user\Desktop\manager.exe

File created: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/1@6/2

Source: 0.0.manager.exe.290000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 0.0.manager.exe.290000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.manager.exe.290000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 0.2.manager.exe.290000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: manager.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: manager.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)

Source: C:\Users\user\Desktop\manager.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior

Source: C:\Users\user\Desktop\manager.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Users\user\Desktop\manager.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{69d5e1dd-adbf-4c76-9eba-4ac963b03999}

Source: manager.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: manager.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: manager.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.0.manager.exe.290000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.0.manager.exe.290000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.0.manager.exe.290000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.manager.exe.290000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.2.manager.exe.290000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.manager.exe.290000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: C:\Users\user\Desktop\manager.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\manager.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: manager.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Data Obfuscation:

.NET source code contains potential unpacker

Show sources

Source: manager.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: manager.exe, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.0.manager.exe.290000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.0.manager.exe.290000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.2.manager.exe.290000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.2.manager.exe.290000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_009A74B8 push ebp; ret	0_2_009A74B9
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_009A74AC push ecx; ret	0_2_009A74AD
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_009AABD8 push cs; retf	0_2_009AABEF
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_009AAAEF push cs; retf	0_2_009AAB07
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_009AAB63 push cs; retf	0_2_009AAB7B
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_026912B0 push ebx; retn 0004h	0_2_026912CF
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_026A0D9B push 00000002h; retn 0008h	0_2_026A0DA4

Source: manager.exe, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: manager.exe, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 0.0.manager.exe.290000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 0.0.manager.exe.290000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 0.2.manager.exe.290000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 0.2.manager.exe.290000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Users\user\Desktop\manager.exe

File opened: C:\Users\user\Desktop\manager.exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\manager.exe TID: 6916	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\manager.exe TID: 6892	Thread sleep time: -160000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\manager.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\manager.exe	Window / User API: threadDelayed 703			Jump to behavior
Source: C:\Users\user\Desktop\manager.exe	Window / User API: foregroundWindowGot 1042			Jump to behavior

Source: C:\Users\user\Desktop\manager.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\manager.exe

Code function: 0_2_02690BB6 GetSystemInfo,

0_2_02690BB6

Source: C:\Users\user\Desktop\manager.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\manager.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\manager.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: manager.exe, 00000000.00000002.612860744.0000000002C7E000.00000004.00000001.sdmp	Binary or memory string: Program Manager
Source: manager.exe, 00000000.00000002.611367017.0000000001110000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: manager.exe, 00000000.00000002.611367017.0000000001110000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: manager.exe, 00000000.00000002.611872127.0000000002A7E000.00000004.00000001.sdmp	Binary or memory string: Program Managerp
Source: manager.exe, 00000000.00000002.611367017.0000000001110000.00000002.00020000.sdmp	Binary or memory string: &Program Manager
Source: manager.exe, 00000000.00000002.611367017.0000000001110000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\manager.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\manager.exe

Code function: 0_2_0099AF9A GetUserNameW,

0_2_0099AF9A

Stealing of Sensitive Information:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: manager.exe, type: SAMPLE
Source: Yara match	File source: 0.2.manager.exe.51b0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a42a75.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.290000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a39616.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a3e44c.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.51b4629.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.51b0000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a3e44c.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.manager.exe.290000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.612976062.0000000003A28000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: manager.exe PID: 6836, type: MEMORYSTR

Remote Access Functionality:

Detected Nanocore Rat

Show sources

Source: manager.exe	String found in binary or memory: NanoCore.ClientPluginHost
Source: manager.exe, 00000000.00000002.613548998.0000000004E00000.00000004.00020000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: manager.exe	String found in binary or memory: NanoCore.ClientPluginHost

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: manager.exe, type: SAMPLE
Source: Yara match	File source: 0.2.manager.exe.51b0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a42a75.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.290000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a39616.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a3e44c.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.51b4629.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.51b0000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.manager.exe.3a3e44c.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.manager.exe.290000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.612976062.0000000003A28000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: manager.exe PID: 6836, type: MEMORYSTR

Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_0269247A bind,		0_2_0269247A
Source: C:\Users\user\Desktop\manager.exe	Code function: 0_2_02692428 bind,		0_2_02692428

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Access Token Manipulation1	Masquerading1	Input Capture11	Process Discovery2	Remote Services	Input Capture11	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Process Injection1	Disable or Modify Tools1	LSASS Memory	Virtualization/Sandbox Evasion21	Remote Desktop Protocol	Archive Collected Data11	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion21	Security Account Manager	Application Window Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Remote Access Software1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Access Token Manipulation1	NTDS	Account Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Process Injection1	LSA Secrets	System Owner/User Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol11	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Deobfuscate/Decode Files or Information1	Cached Domain Credentials	System Information Discovery3	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Hidden Files and Directories1	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Obfuscated Files or Information1	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Software Packing12	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
manager.exe	88%	Virustotal		Browse
manager.exe	86%	Metadefender		Browse
manager.exe	98%	ReversingLabs	ByteCode-MSIL.Backdoor.NanoCore
manager.exe	100%	Avira	TR/Dropper.MSIL.Gen7
manager.exe	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
0.0.manager.exe.290000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
0.2.manager.exe.51b0000.7.unpack	100%	Avira	TR/NanoCore.fadte	Download File
0.2.manager.exe.290000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
findmyservice.ignorelist.com	127.0.0.2	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
	true	Avira URL Cloud: safe	low
findmyservice.ignorelist.com	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
37.0.10.38	unknown	Netherlands		198301	WKD-ASIE	false

Private

IP
127.0.0.2

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	494994
Start date:	01.10.2021
Start time:	09:45:19
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	manager.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/1@6/2
EGA Information:	Successful, ratio: 100%
HDC Information:	Failed
HCA Information:	Successful, ratio: 99% Number of executed functions: 239 Number of non-executed functions: 3
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 20.82.209.183, 23.0.174.184, 23.0.174.200, 20.54.110.249, 40.112.88.60, 23.10.249.26, 23.10.249.43, 95.100.54.203, 20.50.102.62 Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, arc.msn.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtAllocateVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:46:17	API Interceptor	1006x Sleep call for process: manager.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37.0.10.38	manager.exe	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
WKD-ASIE	manager.exe	Get hash	malicious	Browse	37.0.10.38
	37B2718705E2CDCBE38E2E27173BA95467B68D45187A2.exe	Get hash	malicious	Browse	37.0.8.119
	20F43079CF75825C5E909B04F3C0B8BDB2F71BE7477FB.exe	Get hash	malicious	Browse	37.0.8.119
	A6A0C59A5F4C53AC5DF74AAE93D700CF287A370505D81.exe	Get hash	malicious	Browse	37.0.10.214
	63301A39B93B63ACAB80E0A05B909F733D792C7AE829A.exe	Get hash	malicious	Browse	37.0.8.119
	F2F9785308BB396F5EB8C14E746228D3298A5984313EF.exe	Get hash	malicious	Browse	37.0.10.214
	3153CAF54366C0DDEDDD293791B8F05EABD7343D9A73C.exe	Get hash	malicious	Browse	37.0.8.119
	Circular PSSB Parts Disc Credit Term (Dlr) s.exe	Get hash	malicious	Browse	37.0.10.22
	view_2021-09-29_07-17.exe	Get hash	malicious	Browse	37.0.8.36
	IznT1D3bT1.exe	Get hash	malicious	Browse	37.0.8.154
	T.T.exe	Get hash	malicious	Browse	37.0.10.22
	manager.exe	Get hash	malicious	Browse	37.0.10.38
	EXTRACTO_SERFINANZA_4295529724698441156_542157354638_25702910368262995_65000377634382740.exe	Get hash	malicious	Browse	37.0.10.149
	PPT-0000084510027306.exe	Get hash	malicious	Browse	37.0.10.190
	071F6BD61AEF9F209BE1BFB16EF1FB14BD44804FCAB51.exe	Get hash	malicious	Browse	37.0.8.119
	2awEYXkQvX.exe	Get hash	malicious	Browse	37.0.8.119
	DOCU_SIGN8289292930001028838.PDF.exe	Get hash	malicious	Browse	37.0.8.37
	Product List.exe	Get hash	malicious	Browse	37.0.8.14
	A4B51BD72DFFD28AD3841217FFEC9E43D21EE3C6F889B.exe	Get hash	malicious	Browse	37.0.8.119
	44F3C573B5D6D77D97C2EBF5D4A235DA5AED3A18EB5B7.exe	Get hash	malicious	Browse	37.0.8.119

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat Download File
Process:	C:\Users\user\Desktop\manager.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:Ffqtn:lWn
MD5:	9B62CE3A1EEDE3F40D94989F6205DEC5
SHA1:	2A90D0264E08BCCF4B5802F4854DE614FADA3010
SHA-256:	EBE4EAF950A638CD915D08F8F92868B77A7534F14BF984B7CBB58F0592193391
SHA-512:	0090E5A0A6246E4568AAFC1DFCD9FF0FF1C8E5182211528B00D161A36B492FFFB1E852862419CAD87BF082EB54C2294B3DEA3B81BCC85C93AAC64DB88181A50A
Malicious:	true
Reputation:	low
Preview:	.......H

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.4485585447335865
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	manager.exe
File size:	207360
MD5:	1479371ef0752f027661fc1b7748b318
SHA1:	3bf6809d0987cd82ec328b7bbdbcc5618743cf38
SHA256:	183923330057af95cedb73d0aa2e7f844dba89df8866995f483be4c5780298b3
SHA512:	cb10d09a5fc39acf2b799534900d0af2196df00123c6bbc485646960da69a0012d9423c60ae2d04687351fee52fc132c48bc62cc109f88588f766f9d977ce6f2
SSDEEP:	3072:gzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIi1fO32vT/T6BQ1bxjOhdiinvX:gLV6Bta6dtJmakIM5xfO32vTj19B+1
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T.....................`........... ........@.. .....................................................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x41e792
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
DLL Characteristics:
Time Stamp:	0x54E927A1 [Sun Feb 22 00:49:37 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:	v2.0.50727
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1e738	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x22000	0x15da0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x20000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1c798	0x1c800	False	0.594512404057	data	6.59809023975	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.reloc	0x20000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x22000	0x15da0	0x15e00	False	0.999810267857	data	7.9978283616	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_RCDATA	0x22058	0x15d48	TIM image, Pixel at (65439,30114) Size=50258x8211

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2021 09:46:33.840734959 CEST	49753	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:46:36.853905916 CEST	49753	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:46:42.854413033 CEST	49753	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:46:52.688483953 CEST	49756	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:46:55.839907885 CEST	49756	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:47:01.887850046 CEST	49756	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:47:11.117002010 CEST	49789	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:47:14.200654030 CEST	49789	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:47:20.201174974 CEST	49789	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:47:45.189544916 CEST	49811	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:47:48.203573942 CEST	49811	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:47:54.206561089 CEST	49811	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:48:03.043108940 CEST	49858	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:48:06.056700945 CEST	49858	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:48:12.057307005 CEST	49858	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:48:22.137379885 CEST	49859	4001	192.168.2.6	37.0.10.38
Oct 1, 2021 09:48:25.152106047 CEST	49859	4001	192.168.2.6	37.0.10.38

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2021 09:46:18.304255962 CEST	54513	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:46:18.421449900 CEST	53	54513	8.8.8.8	192.168.2.6
Oct 1, 2021 09:46:23.521905899 CEST	62044	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:46:23.664788961 CEST	53	62044	8.8.8.8	192.168.2.6
Oct 1, 2021 09:46:28.798232079 CEST	63791	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:46:28.815990925 CEST	53	63791	8.8.8.8	192.168.2.6
Oct 1, 2021 09:46:39.926908016 CEST	64267	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:46:39.946476936 CEST	53	64267	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:00.902137041 CEST	49448	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:00.921397924 CEST	53	49448	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:01.719419003 CEST	60342	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:01.808943987 CEST	53	60342	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:02.564899921 CEST	61346	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:02.637130022 CEST	53	61346	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:03.148363113 CEST	51774	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:03.171910048 CEST	53	51774	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:03.713520050 CEST	56023	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:03.727274895 CEST	53	56023	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:04.135634899 CEST	58384	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:04.146080971 CEST	60261	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:04.159434080 CEST	53	60261	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:04.166239023 CEST	53	58384	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:04.589643002 CEST	56061	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:04.655890942 CEST	53	56061	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:05.240114927 CEST	58336	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:05.253782034 CEST	53	58336	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:06.149307013 CEST	53781	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:06.163247108 CEST	53	53781	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:07.197725058 CEST	54064	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:07.211199045 CEST	53	54064	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:07.697747946 CEST	52811	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:07.711743116 CEST	53	52811	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:19.903994083 CEST	55299	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:19.922951937 CEST	53	55299	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:29.904046059 CEST	63745	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:29.917476892 CEST	53	63745	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:35.054523945 CEST	50055	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:35.066550970 CEST	53	50055	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:40.144175053 CEST	61374	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:40.157917023 CEST	53	61374	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:40.650233030 CEST	50339	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:40.668459892 CEST	53	50339	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:50.243451118 CEST	63307	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:50.256509066 CEST	53	63307	8.8.8.8	192.168.2.6
Oct 1, 2021 09:47:51.066883087 CEST	49694	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:47:51.080729961 CEST	53	49694	8.8.8.8	192.168.2.6
Oct 1, 2021 09:48:23.092674017 CEST	54982	53	192.168.2.6	8.8.8.8
Oct 1, 2021 09:48:23.121841908 CEST	53	54982	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Oct 1, 2021 09:46:18.304255962 CEST	192.168.2.6	8.8.8.8	0x6672	Standard query (0)	findmyservice.ignorelist.com	A (IP address)	IN (0x0001)
Oct 1, 2021 09:46:23.521905899 CEST	192.168.2.6	8.8.8.8	0x87ff	Standard query (0)	findmyservice.ignorelist.com	A (IP address)	IN (0x0001)
Oct 1, 2021 09:46:28.798232079 CEST	192.168.2.6	8.8.8.8	0x72d9	Standard query (0)	findmyservice.ignorelist.com	A (IP address)	IN (0x0001)
Oct 1, 2021 09:47:29.904046059 CEST	192.168.2.6	8.8.8.8	0x5557	Standard query (0)	findmyservice.ignorelist.com	A (IP address)	IN (0x0001)
Oct 1, 2021 09:47:35.054523945 CEST	192.168.2.6	8.8.8.8	0x94bf	Standard query (0)	findmyservice.ignorelist.com	A (IP address)	IN (0x0001)
Oct 1, 2021 09:47:40.144175053 CEST	192.168.2.6	8.8.8.8	0xdf6f	Standard query (0)	findmyservice.ignorelist.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Oct 1, 2021 09:46:18.421449900 CEST	8.8.8.8	192.168.2.6	0x6672	No error (0)	findmyservice.ignorelist.com	127.0.0.2	A (IP address)	IN (0x0001)
Oct 1, 2021 09:46:23.664788961 CEST	8.8.8.8	192.168.2.6	0x87ff	No error (0)	findmyservice.ignorelist.com	127.0.0.2	A (IP address)	IN (0x0001)
Oct 1, 2021 09:46:28.815990925 CEST	8.8.8.8	192.168.2.6	0x72d9	No error (0)	findmyservice.ignorelist.com	127.0.0.2	A (IP address)	IN (0x0001)
Oct 1, 2021 09:47:29.917476892 CEST	8.8.8.8	192.168.2.6	0x5557	No error (0)	findmyservice.ignorelist.com	127.0.0.2	A (IP address)	IN (0x0001)
Oct 1, 2021 09:47:35.066550970 CEST	8.8.8.8	192.168.2.6	0x94bf	No error (0)	findmyservice.ignorelist.com	127.0.0.2	A (IP address)	IN (0x0001)
Oct 1, 2021 09:47:40.157917023 CEST	8.8.8.8	192.168.2.6	0xdf6f	No error (0)	findmyservice.ignorelist.com	127.0.0.2	A (IP address)	IN (0x0001)

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

Analysis Process: manager.exe PID: 6836 Parent PID: 5560

General

Start time:	09:46:16
Start date:	01/10/2021
Path:	C:\Users\user\Desktop\manager.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\manager.exe'
Imagebase:	0x290000
File size:	207360 bytes
MD5 hash:	1479371EF0752F027661FC1B7748B318
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.613548998.0000000004E00000.00000004.00020000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.613548998.0000000004E00000.00000004.00020000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.613718440.00000000051B0000.00000004.00020000.sdmp, Author: Joe Security Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000000.341607342.0000000000292000.00000002.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.612976062.0000000003A28000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000002.612976062.0000000003A28000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: manager.exe PID: 6836 Parent PID: 5560 manager.exeCOMMON

Execution Graph

Execution Coverage:	21.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	8.7%
Total number of Nodes:	196
Total number of Limit Nodes:	17

Executed Functions

Function 02633850, Relevance: 2.0, Strings: 1, Instructions: 750
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>_Ir, xrefs: 02633F9D

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: >_Ir
API String ID: 0-3386957151
Opcode ID: 0a2100e4f8309104ad52bf33f5a8d8a743864f0ca64939a0972e63cbff4fd334
Instruction ID: f4a6fcf63bb24910cdee5bc0887757d40e834428695dc66c9d57bfc9517b08ed
Opcode Fuzzy Hash: 0a2100e4f8309104ad52bf33f5a8d8a743864f0ca64939a0972e63cbff4fd334
Instruction Fuzzy Hash: A552C271A04215CFCB16CF68C9849A9FBB2FF85300B2985AAD9159F352D731EC52CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 0263AF3C, Relevance: 1.8, Strings: 1, Instructions: 561
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

}, xrefs: 0263AF5F

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: }
API String ID: 0-4239843852
Opcode ID: 121ae02fded39db3c1c1a9b503b7aae196d3f286985da90cda4375de67d76e0a
Instruction ID: 316f90c2680a6ca41d597a29c94cde9030cc522a4354a5880ead3fcdf0872639
Opcode Fuzzy Hash: 121ae02fded39db3c1c1a9b503b7aae196d3f286985da90cda4375de67d76e0a
Instruction Fuzzy Hash: F5421275A00609CFCB15CF68C580AADFBF2FF88314F248669C45AAB656D734E981CF94

Uniqueness

Uniqueness Score: -1.00%

Function 02692428, Relevance: 1.6, APIs: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,CDD88FDF,00000000,00000000,00000000,00000000), ref: 026924DB

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: 1806d426dd76e49fb9887005451a24736e762e5baa8525c59e8e3f93f2efd20f
Instruction ID: 2dec9bb578707e20c694672f39c7854d161830b3ffe8c0828b25c03f113b3703
Opcode Fuzzy Hash: 1806d426dd76e49fb9887005451a24736e762e5baa8525c59e8e3f93f2efd20f
Instruction Fuzzy Hash: 75315A7150A3C06FD7138B24DC64B56BFB89F07614F0984DBE984DF2A3D268A809CB72

Uniqueness

Uniqueness Score: -1.00%

Function 02690EF3, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 02690F73

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: dff4f2e2e4801519716efc45acf6a0843acf7195fdfc94d6fd9d749eaf9c13f6
Instruction ID: 24264d673778d474b160da931e19031a8d46aea1b2d24da97e75a514b4dbee06
Opcode Fuzzy Hash: dff4f2e2e4801519716efc45acf6a0843acf7195fdfc94d6fd9d749eaf9c13f6
Instruction Fuzzy Hash: C1219175509784AFDB238F25DC44B52BFB8EF06310F0884DAE9858B663D3759908DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0269112F, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 026911A5

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: c39d70b2405bb13cb838ac51742f35e5183949b81c22a07742088edffd4cc02c
Instruction ID: bc2858ddf4cb562a9b98c838d840dba21fcd4bc733aa6e1d6f64d10dd83ed9c6
Opcode Fuzzy Hash: c39d70b2405bb13cb838ac51742f35e5183949b81c22a07742088edffd4cc02c
Instruction Fuzzy Hash: CF21AE754097C0AFDB238B21DC41A52FFB4EF17214F0980DBED888B1A3D265A90DDB62

Uniqueness

Uniqueness Score: -1.00%

Function 0269247A, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,CDD88FDF,00000000,00000000,00000000,00000000), ref: 026924DB

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: 5fe94e393f05a36a3f8ab0bcbe4ab9857c983951628a43aaa981e0b094e1425b
Instruction ID: b2c2b6d5b624659f0a4b1c59177ddd8f090ab7abe46402300b6489b5854af85e
Opcode Fuzzy Hash: 5fe94e393f05a36a3f8ab0bcbe4ab9857c983951628a43aaa981e0b094e1425b
Instruction Fuzzy Hash: 03118E71500204AEEB20CF55DC84FAABBACEF45720F14846BEE049B242DA74A548CA71

Uniqueness

Uniqueness Score: -1.00%

Function 02690F2A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 02690F73

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: cbf2a1add82f6f6ad11475c142d736ec7786ff5d130ef57623e3d836860e0678
Instruction ID: 4a078da002b884628a5b10ce7ac2d096fc10bb67b4e77e92f613f646cc9de096
Opcode Fuzzy Hash: cbf2a1add82f6f6ad11475c142d736ec7786ff5d130ef57623e3d836860e0678
Instruction Fuzzy Hash: DD117C359006049FDB21CF65D884B66FBE8EF08320F08C4AAEE4A8B652D775E558CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0099AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 0099AFEA

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 278a7b8218fcfb9efa1e3e62faaad88219489dfc6c7fdbdb53f5e82e99cb7f2d
Instruction ID: 50321ec4d43b9d9e1c72c8373f1804ccb0b3dde1c017e0736d2dbbf9a9150cbd
Opcode Fuzzy Hash: 278a7b8218fcfb9efa1e3e62faaad88219489dfc6c7fdbdb53f5e82e99cb7f2d
Instruction Fuzzy Hash: D7018F71500600ABD210DF16DC82F36FBA8EB88A20F14815AED085B741E331B915CAE5

Uniqueness

Uniqueness Score: -1.00%

Function 02690BB6, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 02690BE8

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 0cad0447f719ff9512c76942a856776df36a04c30938d0c0a99ba12e334d5567
Instruction ID: f3704d097cd9331cbbb5be5c3b5a3453456162462c307797d14f692f14cca0b7
Opcode Fuzzy Hash: 0cad0447f719ff9512c76942a856776df36a04c30938d0c0a99ba12e334d5567
Instruction Fuzzy Hash: E3016D71808244DFDB50CF19D985766FFA8EF45320F18C4AADE499F306E6B5A448CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0269116A, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 026911A5

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 763343e4d422ce3242fd8ee5a05a256710df382b658c58c5f4214a89b97171a5
Instruction ID: a6805b997dd0b2df2a10df4274b716016b594dfafaa6fcefc5d386d56a631976
Opcode Fuzzy Hash: 763343e4d422ce3242fd8ee5a05a256710df382b658c58c5f4214a89b97171a5
Instruction Fuzzy Hash: FF018B35500640EFDB218F59E884B66FFA4EF09320F18C49ADE494B716D7B5A458CF62

Uniqueness

Uniqueness Score: -1.00%

Function 026323A0, Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fbffb015bbf647008f54deb421d313ac7de3ae154e9ca1e384bbd513a478545
Instruction ID: 869dfce9ac20554be3ae6161e9551f18a12efa5de6f1db558b4cc96794e341ea
Opcode Fuzzy Hash: 4fbffb015bbf647008f54deb421d313ac7de3ae154e9ca1e384bbd513a478545
Instruction Fuzzy Hash: B512BD30A18215CFDB29DF29C9A47ADBBF2FF85314F24812AD8169B355DB709D46CB80

Uniqueness

Uniqueness Score: -1.00%

Function 02638468, Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4318d05e3a15a8a6eb2b2d01048cebdddba324e370e1f29e2dd79ab069380c17
Instruction ID: ba2ddd8ea08e2650d598e6845ebb7e81d4bfa18380ecd97024ad08ec99c98f63
Opcode Fuzzy Hash: 4318d05e3a15a8a6eb2b2d01048cebdddba324e370e1f29e2dd79ab069380c17
Instruction Fuzzy Hash: 5D12BC70A14215DFCB2ACF28C5847ADBBF2FF88314F54816AE4069B395DBB99842CB50

Uniqueness

Uniqueness Score: -1.00%

Function 02632FA8, Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 788afec2c24507e1507a4803f348d036930deba134f86851863fba5a7df39c25
Instruction ID: 7fdbfb1aaf591a81f757ecd0023995041a22bf7238e72bf5c4720131a6f9d370
Opcode Fuzzy Hash: 788afec2c24507e1507a4803f348d036930deba134f86851863fba5a7df39c25
Instruction Fuzzy Hash: 52816A31F001559BD719DB69D990A6EBBE3EFC8310B2A81B9E415EB365DF319C01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02639068, Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a22b7ea3bd2908cfb5a897d4174e84e8d31bf34353f674fc91cbdbb61a97870
Instruction ID: b0fe12165207399328073e9580eee0d1bee7e2990a4304d31b0cd31d1f0b851a
Opcode Fuzzy Hash: 6a22b7ea3bd2908cfb5a897d4174e84e8d31bf34353f674fc91cbdbb61a97870
Instruction Fuzzy Hash: F2817D71F011159BDB19DB69C884A6EBBF3AFC8310F2A8169D406EB395DEB1DC01CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0263912F, Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b61d76f026145c153476c9973f4dda3d359d11ef362217a331e7377760777a1
Instruction ID: 7f2e36309f5d9a2e5defb416a941795c5b3b1e156594996f788483c8d7040011
Opcode Fuzzy Hash: 9b61d76f026145c153476c9973f4dda3d359d11ef362217a331e7377760777a1
Instruction Fuzzy Hash: ED516D72F014159BD718DB6DC980A5EBBE3AFC8310F2A8165D409EB3A9DE71DD018B84

Uniqueness

Uniqueness Score: -1.00%

Function 026309A5, Relevance: 5.2, Strings: 4, Instructions: 175
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X1kr, xrefs: 02630A5A
X1kr, xrefs: 02630A98
X1kr, xrefs: 02630AA2
X1kr, xrefs: 02630A50

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: X1kr$X1kr$X1kr$X1kr
API String ID: 0-2451847431
Opcode ID: 720e5deb0ef00b33fcf84764782ab03d537e56154f6004e1da998d49ab85ad1d
Instruction ID: e6da00cf8822f0be30c89813a0924fe18803c8042e5720fdc2fe918192204ba8
Opcode Fuzzy Hash: 720e5deb0ef00b33fcf84764782ab03d537e56154f6004e1da998d49ab85ad1d
Instruction Fuzzy Hash: 0251D631B04115DFCB159BA8DC54BAEB7F2EF85704F2185A9E5079B361DB31AC06CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0263937B, Relevance: 2.7, Strings: 2, Instructions: 187
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>_Ir, xrefs: 026393EF
, xrefs: 026394BB

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: $>_Ir
API String ID: 0-1787506450
Opcode ID: b4e317f8c1812d2ae4b25d2b61909874e22dcacb3a665b99eaac480193f3077f
Instruction ID: 67ed626cf7582713190bd3e6a470575fef0e05aa51564828620f2b27d56964f0
Opcode Fuzzy Hash: b4e317f8c1812d2ae4b25d2b61909874e22dcacb3a665b99eaac480193f3077f
Instruction Fuzzy Hash: 3251E071F091458FCB09DF78C8845AEBBA2EBC5324724847AC50ADB356DBB59806CF41

Uniqueness

Uniqueness Score: -1.00%

Function 026302E8, Relevance: 2.7, Strings: 2, Instructions: 180
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`5kr, xrefs: 026303A5
:@Dr, xrefs: 02630537

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: :@Dr$`5kr
API String ID: 0-2548079215
Opcode ID: ef80bc73b3399b2c2c0833abcb61caac68bc0100948ba3cdec49bb3011c6ee47
Instruction ID: f4fc548deb4d879fc9a9d1a7b74b77eeed6709457ecb7c1aee7594caaa1400be
Opcode Fuzzy Hash: ef80bc73b3399b2c2c0833abcb61caac68bc0100948ba3cdec49bb3011c6ee47
Instruction Fuzzy Hash: 01618035B09205CFDB09DF68C550B6DBBF2EF89710F14806AD506AB3A1DB75AC05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 026343C0, Relevance: 2.6, Strings: 2, Instructions: 125
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X1kr, xrefs: 026343A2
X1kr, xrefs: 026343AC

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: X1kr$X1kr
API String ID: 0-2397868964
Opcode ID: a75fccf26d9b43f23b1bfeb57d6c55256dd4b9277cf0ce334dbbe13d3b9ae33d
Instruction ID: 4a284af0390a7f2dbe284f7d64e4b9997123a64f7f984cb6a8857d8932cda09f
Opcode Fuzzy Hash: a75fccf26d9b43f23b1bfeb57d6c55256dd4b9277cf0ce334dbbe13d3b9ae33d
Instruction Fuzzy Hash: E341D331608150CFCB05EFB8EC5489EBBF2FF8631431580AAE5069B276DB319916DB91

Uniqueness

Uniqueness Score: -1.00%

Function 02638E18, Relevance: 2.6, Strings: 2, Instructions: 123
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 02638F36
>_Ir, xrefs: 02638E65

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: $>_Ir
API String ID: 0-1787506450
Opcode ID: c351825003d989db441de0df1345b3fe22033ec4dbc29e6e7d30df6920b11cb9
Instruction ID: dfb2eb0f7c6595d54427475ae53888a10106314bcc425a34402c68f3398197aa
Opcode Fuzzy Hash: c351825003d989db441de0df1345b3fe22033ec4dbc29e6e7d30df6920b11cb9
Instruction Fuzzy Hash: 6741DC70E082558FCB16CF69C8805EEBBB3ABC1354B29C96AE412DB705C735E803CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0263C488, Relevance: 2.6, Strings: 2, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

-?Yr^, xrefs: 0263C504
=?Yr^, xrefs: 0263C4E3

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: -?Yr^$=?Yr^
API String ID: 0-2537128688
Opcode ID: ebfc07a1cafbac02339b02bbd228f0dc9299e36a8e52a55dc390ccde620e1803
Instruction ID: 8a8013b343f68255633deee23688bac1b1f8b297f4aad6699de3a62d58e3ae4d
Opcode Fuzzy Hash: ebfc07a1cafbac02339b02bbd228f0dc9299e36a8e52a55dc390ccde620e1803
Instruction Fuzzy Hash: 8F11C4712082809BD31AA738851162EBB979FC2728754846EE14BAF692CE62EC03C791

Uniqueness

Uniqueness Score: -1.00%

Function 0263C498, Relevance: 2.6, Strings: 2, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

-?Yr^, xrefs: 0263C504
=?Yr^, xrefs: 0263C4E3

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: -?Yr^$=?Yr^
API String ID: 0-2537128688
Opcode ID: f99a26e57651166cb9a313d883654e2ff3a82192162cdbdd19e1ed9f5dc5a259
Instruction ID: 31cafea8d42cd4294e638c8d932da855b2c0f34c1cdece8448f9857de52d9790
Opcode Fuzzy Hash: f99a26e57651166cb9a313d883654e2ff3a82192162cdbdd19e1ed9f5dc5a259
Instruction Fuzzy Hash: A411B6313082409BD21DA738851113EBB939FC2728754886EA04BAF751CFB6EC03C795

Uniqueness

Uniqueness Score: -1.00%

Function 02635AA0, Relevance: 2.5, Strings: 2, Instructions: 27
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

lir, xrefs: 02635ABE
-SYr^, xrefs: 02635ACA, 02635ACF

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: lir$-SYr^
API String ID: 0-3724501251
Opcode ID: a6d410fe45911c5bc9389adc43f101d28075524dc21524693ecdd06eda1be48a
Instruction ID: 2d5409b55ac7728d0b40f003a25ab2ee877806a13bd14dbd81cafb71ffa4956a
Opcode Fuzzy Hash: a6d410fe45911c5bc9389adc43f101d28075524dc21524693ecdd06eda1be48a
Instruction Fuzzy Hash: 15E0261974A2A42FE7025ABC99103BE3F5A8EC325134904E7E441CF292EE118C0683EA

Uniqueness

Uniqueness Score: -1.00%

Function 02635AB0, Relevance: 2.5, Strings: 2, Instructions: 20
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

lir, xrefs: 02635ABE
-SYr^, xrefs: 02635ACA, 02635ACF

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: lir$-SYr^
API String ID: 0-3724501251
Opcode ID: 58ec96cef3be294a95d540e3427af4af8ee22fa23531f3a2b8a6be47b093a98e
Instruction ID: acbcd9ecd6d9dec92308ed5c6249069a95304f7b060fe4e289b2b9f881a5645a
Opcode Fuzzy Hash: 58ec96cef3be294a95d540e3427af4af8ee22fa23531f3a2b8a6be47b093a98e
Instruction Fuzzy Hash: E3D0A724749214275A146E7E981173F378D5FC2A52340446AE506CB380DE158C0143D9

Uniqueness

Uniqueness Score: -1.00%

Function 026312A0, Relevance: 1.7, Strings: 1, Instructions: 460
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$ghr, xrefs: 02631349

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: $ghr
API String ID: 0-1352911727
Opcode ID: 8a1a20f0e0009ca700bd6fa0d9948943e99fe7251d56f99bffee702b56094a4a
Instruction ID: c744e736157d3eecad2c8d80bccc1f1a3422fe91915328688ccc376e0d2260ab
Opcode Fuzzy Hash: 8a1a20f0e0009ca700bd6fa0d9948943e99fe7251d56f99bffee702b56094a4a
Instruction Fuzzy Hash: 0D22F534A04605CFCB25DF28C490A6ABBF2FF89310F108599D85A9B756DB35ED86CF81

Uniqueness

Uniqueness Score: -1.00%

Function 02691BDD, Relevance: 1.6, APIs: 1, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 02691CED

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 6fec20be9a12fd09b14e109501fa7bb681a2fbdf82190e158357921a87496daa
Instruction ID: 2b1cc5d7ab3583b499fad478d2d478d528b6836348be86c4bb5da18405fb0606
Opcode Fuzzy Hash: 6fec20be9a12fd09b14e109501fa7bb681a2fbdf82190e158357921a87496daa
Instruction Fuzzy Hash: 3141B271549380AFE7128B25DC45F92FFB8EF03220F1884DBEA849B293D365A909C771

Uniqueness

Uniqueness Score: -1.00%

Function 026912D9, Relevance: 1.6, APIs: 1, Instructions: 105
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 026913A6

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: Query_
String ID:
API String ID: 428220571-0
Opcode ID: 756117eaad6d6e4c13ecd9914eb53c1ad4788b73612e7f410b1a71f3f024e3fa
Instruction ID: 814ad67542e691226cdf8094ff8082a834b4c947fb540573c29e787dfee7319a
Opcode Fuzzy Hash: 756117eaad6d6e4c13ecd9914eb53c1ad4788b73612e7f410b1a71f3f024e3fa
Instruction Fuzzy Hash: 62317A6510E7C06FD7138B319C61A21BF74EF47614B1E85CBE884CB5A3D6186909C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 026921B0, Relevance: 1.6, APIs: 1, Instructions: 95
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessTimes.KERNELBASE(?,00000E2C,CDD88FDF,00000000,00000000,00000000,00000000), ref: 0269224D

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: c0b41318931b78b8df6ef1253eefe21a2522e69c88c31801ce53c1a3883b3f11
Instruction ID: afa6465aa017fbd5e6a51fe9c9c0fbcb769ea54db17d5458bff7cc88528b327b
Opcode Fuzzy Hash: c0b41318931b78b8df6ef1253eefe21a2522e69c88c31801ce53c1a3883b3f11
Instruction Fuzzy Hash: DE31E775009380AFEB128F60DD55F56BFB8EF06310F04849BEA859F252D325A509CB71

Uniqueness

Uniqueness Score: -1.00%

Function 02690390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0269045E

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 8586533272d041c2902a7ab16f80e064d4aec438584d0da4b357af344db37b81
Instruction ID: c3d75ad52823962602bd9a065df51e98134312a5d78ae0f6004c6b73f03f0398
Opcode Fuzzy Hash: 8586533272d041c2902a7ab16f80e064d4aec438584d0da4b357af344db37b81
Instruction Fuzzy Hash: F431B572004344AFE7228F21DC41FA6FFB8EF06714F14859EFA859B192D3A5A949CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0099AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0099AAB1

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 5e68a67833a84e093553057c2722a5e2da63819b163f75099f36ed7a6ab50e4f
Instruction ID: f907a96d5a0e3ee9847251cd3ba5cef1c717878f81ec6116b244aabf748f4ab4
Opcode Fuzzy Hash: 5e68a67833a84e093553057c2722a5e2da63819b163f75099f36ed7a6ab50e4f
Instruction Fuzzy Hash: 6531B472544384AFE7228B25CC45F67BFACEF16710F08849BED819B152D264A849CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 026907F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 02690899

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 4e1023d9b91ae1c9e82068624823c9090246d384f9c4dc3cee2d71d897fec3f1
Instruction ID: 309ab1506dd2c93ac94e28abe75af120874facf02f599a62d8c436b40238fc15
Opcode Fuzzy Hash: 4e1023d9b91ae1c9e82068624823c9090246d384f9c4dc3cee2d71d897fec3f1
Instruction Fuzzy Hash: B1317E71504380AFEB22CF65DD44F66BFE8EF45610F0884AEE9858B252D375E809CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0269270F, Relevance: 1.6, APIs: 1, Instructions: 90windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 026927CA

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 35bf3b9d333802aacd6c940edbdc7182596df279546689ae58a7bb0574a16b36
Instruction ID: 1068689bdfe37dbd50ac2b2e21c6998b889ab3b2794feda5793af7f207659d6f
Opcode Fuzzy Hash: 35bf3b9d333802aacd6c940edbdc7182596df279546689ae58a7bb0574a16b36
Instruction Fuzzy Hash: 0A31817240D3C05FD7038B218C61A62BFB4EF47610F1A80CBD984CF2A3E6246909C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 0099AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,CDD88FDF,00000000,00000000,00000000,00000000), ref: 0099ABB4

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e7e084e63aa9ee4f9d92b9cda2851decfbab89681d0c883f9bbddc35bea3d15b
Instruction ID: 163b5b244f57ba27a50e83b8b97f5188c79ddd080b17b3345c0e5cba67b97027
Opcode Fuzzy Hash: e7e084e63aa9ee4f9d92b9cda2851decfbab89681d0c883f9bbddc35bea3d15b
Instruction Fuzzy Hash: 4931A7715093846FDB22CB25CC44F62BFFCEF06310F18849AE945CB153D264E949CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 026900F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0269019D

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 197251bcf12ed39e648ceeacaa60c098c8548c5cc32aad78bb9123f2d6616c33
Instruction ID: 59fa50478d254b05953f149df4073689107f0249ba9aa476141e8fea060b3226
Opcode Fuzzy Hash: 197251bcf12ed39e648ceeacaa60c098c8548c5cc32aad78bb9123f2d6616c33
Instruction Fuzzy Hash: ED319171509780AFE712CB65DC85F56FFE8EF06210F08849AE984CB293D375A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 02691D44, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 02691DF6

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 0d322cd9f4aaeecd8e019d359007864ec0b9a8c0bdaafcfeef852249337e621c
Instruction ID: 4aa8fbaacffcbd03fc85ab363928428c2777b4150b55422408750aeff10d1254
Opcode Fuzzy Hash: 0d322cd9f4aaeecd8e019d359007864ec0b9a8c0bdaafcfeef852249337e621c
Instruction Fuzzy Hash: 7731A772404740AFE722CB55DC45F56FFF8EF06310F04459AE9849B252D365A549CB61

Uniqueness

Uniqueness Score: -1.00%

Function 026904AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,CDD88FDF,00000000,00000000,00000000,00000000), ref: 0269055C

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 17909b2ea7b848708b89e928be164a88c677addf2c1bed7dab9426080c67db66
Instruction ID: c58f27c190117f86935a6ca947921aed5e8f54032e7cd8e3c776c8500062dfd2
Opcode Fuzzy Hash: 17909b2ea7b848708b89e928be164a88c677addf2c1bed7dab9426080c67db66
Instruction Fuzzy Hash: 86317171509780AFDB228B65DD44F52BFB8AF07310F0885DAE9859B262D364A809CB71

Uniqueness

Uniqueness Score: -1.00%

Function 026908F0, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,CDD88FDF,00000000,00000000,00000000,00000000), ref: 02690985

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: c1668d6e93f8c562224a22258b6ddf74070c5f0d884443eacf042f73b52e4567
Instruction ID: bc2fdc54ef25f0eea61d103df77853daece37b2220ecf7e37da43823b62739a4
Opcode Fuzzy Hash: c1668d6e93f8c562224a22258b6ddf74070c5f0d884443eacf042f73b52e4567
Instruction Fuzzy Hash: 2521D6B54093806FE7128B25DC41FA2BFACEF47720F1880D7EE848B293D2646909C771

Uniqueness

Uniqueness Score: -1.00%

Function 026902AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 02690353

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: d05d49d465b22259979abb9f9d08714421f67f8674468692d4f4776c4e8d35c4
Instruction ID: fea94f37031f4f2538b271853796299d56be937c2b4675f475f64576d6e35f22
Opcode Fuzzy Hash: d05d49d465b22259979abb9f9d08714421f67f8674468692d4f4776c4e8d35c4
Instruction Fuzzy Hash: A221A675009380AFE7228B21DC41FA6FFB8EF06310F1884DAE9849B193D365A949C771

Uniqueness

Uniqueness Score: -1.00%

Function 02690A9B, Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNELBASE(?,00000E2C), ref: 02690B3F

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 0861df83d745ff3c3280eca083b83787f9640daaf8c7ee25059296bb5ab13693
Instruction ID: 289006e74670a8c307b51e59254014fea9ebc835254a51fe333d95fa13f1d57f
Opcode Fuzzy Hash: 0861df83d745ff3c3280eca083b83787f9640daaf8c7ee25059296bb5ab13693
Instruction Fuzzy Hash: 0E21D6715083806FE722CB24DC55FA6BFA8EF06314F1880DAED849B193D765A949C761

Uniqueness

Uniqueness Score: -1.00%

Function 0099AF50, Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 0099AFEA

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 879dfdc6143b66ad01774ac62bef53192c9bcefa083e4bf2d6a4662bb6ae5723
Instruction ID: 6710a97d382eb17326514efe8ca3571dc5bfad4c157cd9e8a25f8840a3920b3c
Opcode Fuzzy Hash: 879dfdc6143b66ad01774ac62bef53192c9bcefa083e4bf2d6a4662bb6ae5723
Instruction Fuzzy Hash: 1921B67144D3C06FD3138B259C51B22BFB8EF87610F0A81DBE884CB553D225A919C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 0099A078, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(?,00000E2C,?,?), ref: 0099A10E

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: c4517a61869d0d49bf23856c9aecef0a5eb2779a5c9380dde9d8e8241872a3de
Instruction ID: 5cbb751e73372ee3f0ff59a1dce7ce8fafb4694e54139ca317ef23f81e3c001b
Opcode Fuzzy Hash: c4517a61869d0d49bf23856c9aecef0a5eb2779a5c9380dde9d8e8241872a3de
Instruction Fuzzy Hash: 6F21A47140D3C06FD3128B658C55B66BFB4EF87620F1985DBE984CF293D224A919CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 026913D2, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 0269145E

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 88e51286a32d15022620385fc31b062feb3b31c3e00245b0a1bcb614c78d2c79
Instruction ID: 0448ecfc3ca2dbfe0f6a8187d434fba8b539d61925ebbb349d6c08a212c8fcaf
Opcode Fuzzy Hash: 88e51286a32d15022620385fc31b062feb3b31c3e00245b0a1bcb614c78d2c79
Instruction Fuzzy Hash: 6621B171404380AFE722CF61DC44F56FFF8EF46220F08849EEA849B652D375A408CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0269081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 02690899

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 8665d7a0d04f3fa58ffe4d33385b35b246442a1a5dc413e182690e72f2221e48
Instruction ID: d2abb4aee83e6fbedf6862aced48d1b62f7c5dd56cf4b3449abb0cb6c099aede
Opcode Fuzzy Hash: 8665d7a0d04f3fa58ffe4d33385b35b246442a1a5dc413e182690e72f2221e48
Instruction Fuzzy Hash: 32217A75600600AFEB21DF65DD85F66FBE8EF08610F14846AEA858B252D771E409CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 026903CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0269045E

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 392f78a506335e61afa961ca51ac3c8d86bf42a4dbf023466cbc52715bfd7cec
Instruction ID: 8ed554a75317d3ffca138a3779105e0c1146b067779468367e4c64157464f75a
Opcode Fuzzy Hash: 392f78a506335e61afa961ca51ac3c8d86bf42a4dbf023466cbc52715bfd7cec
Instruction Fuzzy Hash: 4F21B072100204AFEB219F15DD41FA6FBACEF05710F14895AEE459A281D6B1A949CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 026909C0, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E2C,CDD88FDF,00000000,00000000,00000000,00000000), ref: 02690A51

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: e05b5a0fbae1670175ae3b2d00a8b522ef258132aca3adf3f83b774565831111
Instruction ID: ea246885adce61ff9c1f87df0524fd5dce45fdfa82ff4b24920b09b131dbc6f6
Opcode Fuzzy Hash: e05b5a0fbae1670175ae3b2d00a8b522ef258132aca3adf3f83b774565831111
Instruction Fuzzy Hash: 5A217471409380AFDB228F65DD44F56FFB8EF46314F0884DBEA449B253D265A509CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0099AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0099AAB1

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 852d0f0558c34c40f9ad72fd1924d089b7bff86058d86e7e13853f10f884c830
Instruction ID: 623342b564c038898f99fb96e9b2214cc25e022191a916d2bed220ee36ac6127
Opcode Fuzzy Hash: 852d0f0558c34c40f9ad72fd1924d089b7bff86058d86e7e13853f10f884c830
Instruction Fuzzy Hash: 6C21AE72500604AFEB219B69DD84F6BFBECEF14710F14895BEE459B241D664E808CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 0269012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0269019D

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: bda7499858b09c8df55ce3a06b7a7452b00efa4944bcfcb7180f59570e14f2a9
Instruction ID: 16682e624f31bf59f47aae0c961d13e073fb7012128e64cfc959d216a23209b6
Opcode Fuzzy Hash: bda7499858b09c8df55ce3a06b7a7452b00efa4944bcfcb7180f59570e14f2a9
Instruction Fuzzy Hash: 4221BE71500200AFEB20DF65DD85F6AFBECEF05610F14846AED448B342E770E504CA71

Uniqueness

Uniqueness Score: -1.00%

Function 02690723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 0269079F

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 163307c5fb9fd3732163838cd5f5c5d4f2c39f110cd0c2cb18da6766b59fe1a6
Instruction ID: be03ae0543afe09697e5abd77641f9a83d6b233358ecf6a5cc74e3ff62065c24
Opcode Fuzzy Hash: 163307c5fb9fd3732163838cd5f5c5d4f2c39f110cd0c2cb18da6766b59fe1a6
Instruction Fuzzy Hash: CB21AF725093809FDB12CB25DC84B52BFE8EF06224F0984EAE944CF253E365A908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0099AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,CDD88FDF,00000000,00000000,00000000,00000000), ref: 0099ABB4

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c5868ee46d80763de720478c6b3b3c21072d793f3c91b32a9dbf106c1374d985
Instruction ID: 3b28ec00e55bdfb0a2b8ea2e954bdbea64a086780e5f13e2bfe9f5cca356d08f
Opcode Fuzzy Hash: c5868ee46d80763de720478c6b3b3c21072d793f3c91b32a9dbf106c1374d985
Instruction Fuzzy Hash: FF218C71600604AFEB20CF29DC80F67FBECEF15720F14846AEE459B251D664E808CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 02690FC0, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0269102C

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: a8fe22998ae6b46864988e19678ac58f9f070ab31cff83b8d625219456dfe6e1
Instruction ID: 20e40404ffa7db2992e66cb2728edcd7bec1466918372b025c5c60ebd52cfcaa
Opcode Fuzzy Hash: a8fe22998ae6b46864988e19678ac58f9f070ab31cff83b8d625219456dfe6e1
Instruction Fuzzy Hash: 2321DE725093C05FDB028B25DC54B92BFA8AF03224F0880DAED848F663D675A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 02691C82, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 02691CED

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 512ef13e7e5fca0e9f6594169eb45d5276afd4bbe5ec5f737e5561a39322d16d
Instruction ID: b8435f1c5f4ec416822411f499918693ae9cb0974e3863c90c9e25c02357e50a
Opcode Fuzzy Hash: 512ef13e7e5fca0e9f6594169eb45d5276afd4bbe5ec5f737e5561a39322d16d
Instruction Fuzzy Hash: 4E21AE71500600AFEB20DF29DC45F66FBE8EF05320F1484AAEE488B242D775E909CA71

Uniqueness

Uniqueness Score: -1.00%

Function 02691075, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,CDD88FDF,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 026910E6

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: b64c8ad45f2cb5f2f2a2c320a3f9df9b3ba73051fb39104da46a343526110b99
Instruction ID: 9d33e55ac1ac92a363ddbffa2d5bce96cb202a67b5ca553ed778c0c8648ddc7e
Opcode Fuzzy Hash: b64c8ad45f2cb5f2f2a2c320a3f9df9b3ba73051fb39104da46a343526110b99
Instruction Fuzzy Hash: 852150715093849FDB12CF65DC45B92BFE8EF06210F1984EAE989CB263D275A908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 026913F2, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 0269145E

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: c3eb870fb3792d814d8b67eafe13f73ebf3f0b860a860596629378fd1fb7a5cb
Instruction ID: 8cb61c1493f29124c3605bbb480f72d4648abf510acfa1866dddd8e8d1547cc9
Opcode Fuzzy Hash: c3eb870fb3792d814d8b67eafe13f73ebf3f0b860a860596629378fd1fb7a5cb
Instruction Fuzzy Hash: E521CF71500240AFEB21DF65DD44F66FBE8EF09720F1484AAEE899B642D771A408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 02691D82, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 02691DF6

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: cdebaf4cfc5de3d5ee94648b1a2eec20a312a48a47f024a29035ec47de2e89ae
Instruction ID: 08e810ea1fcb24aec1568ab3593b9f78571b436aeb134838d1867972bd050f7c
Opcode Fuzzy Hash: cdebaf4cfc5de3d5ee94648b1a2eec20a312a48a47f024a29035ec47de2e89ae
Instruction Fuzzy Hash: FC21C071500200AFEB21CF15DC44FA6FBECEF09320F14849EEA889B251D7B1A549CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 026904EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,CDD88FDF,00000000,00000000,00000000,00000000), ref: 0269055C

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b0e0f3b1f8cfc4a07c528df2b4d6a2a2a751de68e6466c8fd936d299d2b37fdd
Instruction ID: ce5f801f46a516077e27acf1a2c06c68282d3a51243e440ed84a21bc6b1cfa0f
Opcode Fuzzy Hash: b0e0f3b1f8cfc4a07c528df2b4d6a2a2a751de68e6466c8fd936d299d2b37fdd
Instruction Fuzzy Hash: 68117C72500604AEEB21CF19DD80F67FBECEF09720F14846AEE469B252DB60E449CB71

Uniqueness

Uniqueness Score: -1.00%

Function 02690CEC, Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 02690D56

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 4a51efa5925cca4d821d3b90091225de9a62fb7d8b4d0c6095be745653bca3a5
Instruction ID: 67bf030c2ee742f25c3edba237799ae77c4a100e7a518fe4aad38cfc25392d29
Opcode Fuzzy Hash: 4a51efa5925cca4d821d3b90091225de9a62fb7d8b4d0c6095be745653bca3a5
Instruction Fuzzy Hash: C0116071505380AFDB21CF29DC85B56BFE8EF05210F0884AAED45CB292D375E948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 026921EE, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E2C,CDD88FDF,00000000,00000000,00000000,00000000), ref: 0269224D

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 4db9e793fb525391857a0bdd34f26f5af1eba4598986a42559420db09da340f1
Instruction ID: d58cefbc6b4e28e8e5cc7ddbc027d2a64905b7201da5fcd6f215275e1fc57930
Opcode Fuzzy Hash: 4db9e793fb525391857a0bdd34f26f5af1eba4598986a42559420db09da340f1
Instruction Fuzzy Hash: B811E272504200AFEB21CF65DD85F6BFBACEF05320F14846BEE458B251D670A419CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0099B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 0099B841

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: fde376d844a031929ce9e67c8b1835931167a4437af8ee9b6a99e21cf64c8d8a
Instruction ID: be8d63f8f8c043441807474e227bee8d09fa2399439ef68229743fc1db0fdc0f
Opcode Fuzzy Hash: fde376d844a031929ce9e67c8b1835931167a4437af8ee9b6a99e21cf64c8d8a
Instruction Fuzzy Hash: 18218E714097C09FDB128B25DC50AA2BFB4EF1B310F0D84DAEDC44F163D265A958DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0099A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0099A58A

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 6d023c0880f40639770e63a75a8a4f7872b324aebe5ddbaadd7680cc8a9a5d89
Instruction ID: 1312e7323d2340570756dc330d6c7a076ddbff354b074019d5a106d79b5853eb
Opcode Fuzzy Hash: 6d023c0880f40639770e63a75a8a4f7872b324aebe5ddbaadd7680cc8a9a5d89
Instruction Fuzzy Hash: 23118771409380AFDB228F55DC44E62FFF8EF4A310F0884DAEE858B553D275A518DB62

Uniqueness

Uniqueness Score: -1.00%

Function 026909F2, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E2C,CDD88FDF,00000000,00000000,00000000,00000000), ref: 02690A51

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: d089197ddf7feda3a280efdd299be0ce7aac87a0ee7e477b539cb4bc1d90f822
Instruction ID: 4f8b3141851bda943c774e9f9256dfc04d4013edf5acc47c757f98210fa47313
Opcode Fuzzy Hash: d089197ddf7feda3a280efdd299be0ce7aac87a0ee7e477b539cb4bc1d90f822
Instruction Fuzzy Hash: E811BF71400200AFEB21CF55DC45F66FBA8EF05320F14846BEE499B252D675A409CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 026902DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 02690353

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 95d866b53be35dc4e4ee2d0dd59a17f16721cce83f132a65da2f6f0f7d09d437
Instruction ID: e7001545802553d09eeb0393206971207849f1743f6c56064317a47e3879dbfc
Opcode Fuzzy Hash: 95d866b53be35dc4e4ee2d0dd59a17f16721cce83f132a65da2f6f0f7d09d437
Instruction Fuzzy Hash: 3D110E31000700EFEB318F15DC81F66FFA8EF05720F14849AEE459A292C7B1A909CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 02690AD6, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNELBASE(?,00000E2C), ref: 02690B3F

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: fbcc33141c56f740e586a57779e644ff5e1369f0fe0bb1fecd70b0f2b2f4305c
Instruction ID: ed1f9b0ff7c1c14a653358fd9d23eb92034e626ebe46bf929fbac2a8de79e03f
Opcode Fuzzy Hash: fbcc33141c56f740e586a57779e644ff5e1369f0fe0bb1fecd70b0f2b2f4305c
Instruction Fuzzy Hash: 9E110671600200AFFB209B19DC81F76FB9CDF05720F14806AEE459B285D6A5A949CA71

Uniqueness

Uniqueness Score: -1.00%

Function 0099BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0099BBB9

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 02e7456047f3399b816ec350181ea7e9cb808cae604d24f029a3841379bb720f
Instruction ID: d42062afd8b967dbd8363fb4226c40449aa206a46b7527ad35f19c25342a7db1
Opcode Fuzzy Hash: 02e7456047f3399b816ec350181ea7e9cb808cae604d24f029a3841379bb720f
Instruction Fuzzy Hash: CB11D3354093C0AFDB228F25DC45B52FFB4EF16220F0884DEED858B563D365A858DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 026901FF, Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 02690264

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 91096ea92fc9aa029644170c7d9357118808d9aa3bc769b7fbe52aea461acc2f
Instruction ID: 239eb1e868386e2119208ee27ec9a9f96906a41749e22bceb504f7cb4fcebbca
Opcode Fuzzy Hash: 91096ea92fc9aa029644170c7d9357118808d9aa3bc769b7fbe52aea461acc2f
Instruction Fuzzy Hash: FB11D3714043849FD712CF15DD85B52BFA8EF42220F0880ABED459B652D375A948CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0099BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 0099BE70

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 902108a491370ac595fe221734b202388e2b420fc95de1171a10706becde1e6a
Instruction ID: 0a33a733af017846dc65c70bd8d2bf3c7b6bfd69fb09a3259212042ebcf8ffed
Opcode Fuzzy Hash: 902108a491370ac595fe221734b202388e2b420fc95de1171a10706becde1e6a
Instruction Fuzzy Hash: 14118E754093C4AFDB138B25DC44B62BFB8DF47624F0980DAED848F263D2696848CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0099B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32 ref: 0099B78A

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 3375ec2e1cd1fd9ad708a2bf2c0642a9ed90cdd0dc6b4b941de544c59ca94501
Instruction ID: 901c1c238abbb4a4f50786419d3a7e3278f55d1818f4aa713b2176f7c20e8755
Opcode Fuzzy Hash: 3375ec2e1cd1fd9ad708a2bf2c0642a9ed90cdd0dc6b4b941de544c59ca94501
Instruction Fuzzy Hash: D2117231408384AFDB228F55DC44E52FFF4EF4A310F08859EEE858B662D375A458DB61

Uniqueness

Uniqueness Score: -1.00%

Function 02690B83, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 02690BE8

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: bb06133c4ddd2941b5f4a3440ae93e43a3fcd589767813a81bb74fba29c28785
Instruction ID: 8375c2e5ba677a6e534dc466dab81c16917ab839ade66cc9710414dd9d030b0f
Opcode Fuzzy Hash: bb06133c4ddd2941b5f4a3440ae93e43a3fcd589767813a81bb74fba29c28785
Instruction Fuzzy Hash: DF1190714093C4AFD7128B24DC44B52FFB4EF02224F0984DBED848F253D275A849CB61

Uniqueness

Uniqueness Score: -1.00%

Function 02690D0E, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 02690D56

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 3bb3ff081dc8e1051d7d9936227e0f70590e38a18a60da44797adddab169944f
Instruction ID: 05f7f0417846c0cf46791c59d6f3ad561869f4392169eb50f607df2f60342ed5
Opcode Fuzzy Hash: 3bb3ff081dc8e1051d7d9936227e0f70590e38a18a60da44797adddab169944f
Instruction Fuzzy Hash: D6115E756006409FDB60CF29D885B66FBDCEF05620F1884AAED49CB786DB75E408CA71

Uniqueness

Uniqueness Score: -1.00%

Function 0099A75B, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 0099A7BC

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 833342c15b42e6c09c13cf5e7600eb2d722ae302b58a690e4476478c1488811e
Instruction ID: e519f8aef467a8d115a9b2559b77836430053979119f47da78f4758e37ca4d34
Opcode Fuzzy Hash: 833342c15b42e6c09c13cf5e7600eb2d722ae302b58a690e4476478c1488811e
Instruction Fuzzy Hash: 13119171449384AFDB12CF15DC45B52BFB8EF46220F1884DAED449F253D275A948CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0269075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 0269079F

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 3c3780aea4b6420c711645b4777acc2c42ee01d1935eba8fca331408dcd5c84b
Instruction ID: d8df4a0d999518a0cf575465fe66a6a1a76e840c1ebe711ff050a7892a58f0fd
Opcode Fuzzy Hash: 3c3780aea4b6420c711645b4777acc2c42ee01d1935eba8fca331408dcd5c84b
Instruction Fuzzy Hash: 6F112A756002449FDB50CF29D885B66BBD8AF04220F1884AADD09DF642EA65E448CB61

Uniqueness

Uniqueness Score: -1.00%

Function 02690932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,CDD88FDF,00000000,00000000,00000000,00000000), ref: 02690985

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 74e8e17bbb756a93e6be631c04d41ffc1840d6a2394360d6f3ede10a72477ca1
Instruction ID: 792d930d11c77b525927c47488144094b73e554a0ccd8babc34a43d45369bbba
Opcode Fuzzy Hash: 74e8e17bbb756a93e6be631c04d41ffc1840d6a2394360d6f3ede10a72477ca1
Instruction Fuzzy Hash: 4E01D271500604AEEB20CB19DC85F67FBACDF15720F14C097EE449B342C6B4A449CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 026910A6, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,CDD88FDF,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 026910E6

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: 95aec365ceb70987958035e05d033af272b77f11a7e0689e0d8c8ccbcda031ec
Instruction ID: ebb6f96f7f65042cc7fce33d0141ca59694c8c7a8815a69374efe944df1ed5a2
Opcode Fuzzy Hash: 95aec365ceb70987958035e05d033af272b77f11a7e0689e0d8c8ccbcda031ec
Instruction Fuzzy Hash: C1118E315002459FDB10CF69D884B66FBE8EF05220F18C4AADD498B216DB71E408CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0099A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 0099A926

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 3b24379b14d1b7f96bf111f9662776716b7cbe9ce593a3a92e2ca709db38bbb0
Instruction ID: a223c5295c7ece42be438c9a823339a87a712ca3bc42e99e38c8b23a3ec66aff
Opcode Fuzzy Hash: 3b24379b14d1b7f96bf111f9662776716b7cbe9ce593a3a92e2ca709db38bbb0
Instruction Fuzzy Hash: 3A117031409784AFD7228F15DC85A52FFF4EF06220F09C49AEE854B262C275A858CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0099A0BE, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(?,00000E2C,?,?), ref: 0099A10E

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: e991c3ee18e7ab11b995a254f8047d6bbe7409b96ed4db2825c7969784f23bb8
Instruction ID: 922405e2c894dda632c2b6660c94694a1ba5e0bebc911dd36eb46156997439cb
Opcode Fuzzy Hash: e991c3ee18e7ab11b995a254f8047d6bbe7409b96ed4db2825c7969784f23bb8
Instruction Fuzzy Hash: 6A017171900600ABD710DF16DD86F36FBA8EF88A20F14816AED089B741E375B915CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 0269277A, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 026927CA

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 6b9cbce7505b4d122e880e8def1e8f12a9159c3a428f08af73cd1b81c8290fe2
Instruction ID: dbaab09f89572e9b30a9357b7f1457a84cc191541ef12945acb09d473808e9ef
Opcode Fuzzy Hash: 6b9cbce7505b4d122e880e8def1e8f12a9159c3a428f08af73cd1b81c8290fe2
Instruction Fuzzy Hash: 33017172900600ABD710DF16DD86F36FBA8EF88B20F14816AED089B741E371B915CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 0099A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0099A58A

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 6abde7284f66aec6f5467b0a5aa19dfb94367a7f0a22775f754a99881dd3ad63
Instruction ID: 168a76747e1a07f73aeee70e27e87d39866111ddcaf45084cdc2ecca029662aa
Opcode Fuzzy Hash: 6abde7284f66aec6f5467b0a5aa19dfb94367a7f0a22775f754a99881dd3ad63
Instruction Fuzzy Hash: FB016D31500600EFDB218F59D944B66FFE4EF08320F18C99AEE498B616D276A418DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 0099B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32 ref: 0099B78A

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: be4dd8e9b4b783ef2dcb47b24204f0ab18ecdbe6306884752d865af8fe5985b6
Instruction ID: 260b9255c10226745c3f14b851298ad410258f673d010d7fee1c4740cb98e330
Opcode Fuzzy Hash: be4dd8e9b4b783ef2dcb47b24204f0ab18ecdbe6306884752d865af8fe5985b6
Instruction Fuzzy Hash: 88015E314006009FDB218F99E944B66FFE4EF48310F18859ADE454AA12D375A418DB61

Uniqueness

Uniqueness Score: -1.00%

Function 02691356, Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON

Download Yara Rule

APIs

DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 026913A6

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: Query_
String ID:
API String ID: 428220571-0
Opcode ID: 1597e9f661fc72ec3c2125c6569404721b7664b1f5814d61df9ff41ac99f1f08
Instruction ID: 9f117830e148add4a9d77e63b4266662a12c6d9187800887a18052f30b5f3ca9
Opcode Fuzzy Hash: 1597e9f661fc72ec3c2125c6569404721b7664b1f5814d61df9ff41ac99f1f08
Instruction Fuzzy Hash: 5F014F76500604ABD210DF16DC86F36FBA8EB89B20F14815AED085B741E371B955CAE5

Uniqueness

Uniqueness Score: -1.00%

Function 02690232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 02690264

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 6e37b8d9c83a2b9619102e4683c5425d4d7e67e0f1df26529d2bcbe4be784090
Instruction ID: cf59e775fe95c6c5ac32e33adb86ae50814321357a67dd32b940c2a347d75ddb
Opcode Fuzzy Hash: 6e37b8d9c83a2b9619102e4683c5425d4d7e67e0f1df26529d2bcbe4be784090
Instruction Fuzzy Hash: 0901DF359002009FDB108F29D984766FF98EF40320F18C0ABDD098F746DAB5A448CB61

Uniqueness

Uniqueness Score: -1.00%

Function 02690FFA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0269102C

Memory Dump Source

Source File: 00000000.00000002.611720310.0000000002690000.00000040.00000001.sdmp, Offset: 02690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2690000_manager.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 361ae4bf3de8f1ce67b5425e7cb8ee3d005f64e3224a5dcf0c2b0ab55c0979af
Instruction ID: 673b2c70a72af6048c2b4842fb5e0141269388bdd7bdf176b638d84569c81775
Opcode Fuzzy Hash: 361ae4bf3de8f1ce67b5425e7cb8ee3d005f64e3224a5dcf0c2b0ab55c0979af
Instruction Fuzzy Hash: AB01D4315002849FDB10CF19D985756FF98DF01620F18C0ABDD499B742DAB5A448CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0099BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0099BBB9

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 220412e00c79f7a55826ede68f48c37bff986b02a9d1b8937eab12f99a321e25
Instruction ID: d19a1f3827edfcb44c9f9695ac57809fdd5e3a232a4c69acfcf63d23b7009783
Opcode Fuzzy Hash: 220412e00c79f7a55826ede68f48c37bff986b02a9d1b8937eab12f99a321e25
Instruction Fuzzy Hash: 5B01B135504600DFDB208F19E944B66FFA4EF14320F18C4AADE458B666C379A858DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0099A78A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 0099A7BC

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: e0238d92a70a3f84b4396e520879959d22e413dc0d2e125156a6ec4f5e7c4748
Instruction ID: 1656435d02f8f4e481badf1ddc588c046a7ec6bd94aa011cf825c7ea841007f9
Opcode Fuzzy Hash: e0238d92a70a3f84b4396e520879959d22e413dc0d2e125156a6ec4f5e7c4748
Instruction Fuzzy Hash: 6701AD748042409FDB10CF59D885766FFE8EF04320F18C4AADE088F606D2B9A848CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 0099B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 0099B841

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 713eea9d472a847780ff89237c308ed1b361f9979499cbda200748c743d96b32
Instruction ID: 6ce69122691e4c5f0185514cbb6e72132385159fb4ae803de65bf89e0ba8dfc0
Opcode Fuzzy Hash: 713eea9d472a847780ff89237c308ed1b361f9979499cbda200748c743d96b32
Instruction Fuzzy Hash: 9C01A731400644DFDB208F1AD944B66FFA4EF08720F18C49ADE454B612D379A458DF71

Uniqueness

Uniqueness Score: -1.00%

Function 0099A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 0099A926

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 61e60172d830187bf295e8849685a478bb3e402f6a9f93e704d3f16c54f796a8
Instruction ID: 6784475566c4b4d04422bd40814b3ddf67a0bcd89208a90ef2a6b5aa7fa9afa8
Opcode Fuzzy Hash: 61e60172d830187bf295e8849685a478bb3e402f6a9f93e704d3f16c54f796a8
Instruction Fuzzy Hash: A0018635404644DFDB208F19D885762FFE4EF05720F18C49ADE464B656C3B5A858DFB2

Uniqueness

Uniqueness Score: -1.00%

Function 0099BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 0099BE70

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 00bfc8c50d22cb001d11612d5768d6da558907e90311254cf1fc864eada3525f
Instruction ID: 2205c47dca6c1a511e4bb28b299ec0cebb4883d693d59734c4503331308ee269
Opcode Fuzzy Hash: 00bfc8c50d22cb001d11612d5768d6da558907e90311254cf1fc864eada3525f
Instruction Fuzzy Hash: 64F0A435804644DFDB208F59E984766FF98DF04321F18C49ADE494B316D3B9A848CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 0099A372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0099A3A4

Memory Dump Source

Source File: 00000000.00000002.610777941.000000000099A000.00000040.00000001.sdmp, Offset: 0099A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_99a000_manager.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 00bfc8c50d22cb001d11612d5768d6da558907e90311254cf1fc864eada3525f
Instruction ID: d4ec212252b03d7b01d69258af86b6cc42b2914d136614647fe669f49c66cb65
Opcode Fuzzy Hash: 00bfc8c50d22cb001d11612d5768d6da558907e90311254cf1fc864eada3525f
Instruction Fuzzy Hash: CEF0AF34804644DFDB208F19D885766FFA4EF04324F28C49ADE494B716D6B9A848CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 02630681, Relevance: 1.4, Strings: 1, Instructions: 139COMMON

Download Yara Rule

Strings

ZYr^, xrefs: 026306A1, 026306A6

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: ZYr^
API String ID: 0-3777793673
Opcode ID: 42cb7a25ae1825390d493b1f6d19ce418d9c6f1db153c1bb439b30f1a5cd4fdf
Instruction ID: f95ac4c9900c739953d9569ea3a52dd1ad4b9bd64430d6739f665b08723f97e4
Opcode Fuzzy Hash: 42cb7a25ae1825390d493b1f6d19ce418d9c6f1db153c1bb439b30f1a5cd4fdf
Instruction Fuzzy Hash: 1D416E3171C2008FCB057BB8EC1A66D7BA6EFC2302B15457AE802CA2B1DF704C45ABD1

Uniqueness

Uniqueness Score: -1.00%

Function 02631458, Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

$ghr, xrefs: 026314C7

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: $ghr
API String ID: 0-1352911727
Opcode ID: 1474a5c7164067bd7d4711f2f88b9ae6c1ae805b67111db184eecc86ba82be3a
Instruction ID: 385a46c9e0188123e94ec3ef2eb1744dd95e1054eb911409125c6329651fb6f5
Opcode Fuzzy Hash: 1474a5c7164067bd7d4711f2f88b9ae6c1ae805b67111db184eecc86ba82be3a
Instruction Fuzzy Hash: FC51C134A04219CFDB55DF68D894B99BBB2FF49300F1040EAD40AAB366DB359D85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0263CE10, Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

=Yr^, xrefs: 0263CF44

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: =Yr^
API String ID: 0-4187495311
Opcode ID: 1d3afc308e58f1c9433529a51145a284a184a327f5c588b5c1f3abeb2ef0f9fd
Instruction ID: 8ff1e34999390ce001a838dad9de0a046e70cdc4d11f023c68abedb6656cba08
Opcode Fuzzy Hash: 1d3afc308e58f1c9433529a51145a284a184a327f5c588b5c1f3abeb2ef0f9fd
Instruction Fuzzy Hash: 6C315274715340CFCB059F3896112597FA1EB8631D31584AEA5069F396DB779C07CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 026382C0, Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

r*+, xrefs: 026383D7

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: 9e3a16ce72dd6924f253dc42f56ea9eed1a7b874bd283990debe6c9558394457
Instruction ID: 2f15dd3d9bce80e0696f4c5c73c1227b186ea2b6db681034d538c6a24399b803
Opcode Fuzzy Hash: 9e3a16ce72dd6924f253dc42f56ea9eed1a7b874bd283990debe6c9558394457
Instruction Fuzzy Hash: ED41F670E04209DFEB59DBE9C5956EEBBB1FF44304F1080AAE402A7760D7759A42CF52

Uniqueness

Uniqueness Score: -1.00%

Function 026321F8, Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

r*+, xrefs: 0263230F

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: 11627e216f1552136a5bd8831435eb43b3d3719773e8168e239a63382f65f88e
Instruction ID: 3c8b5962c80f40bfc3d030066c6d1f43ae1a1c5a46622989a0909dda6a43164d
Opcode Fuzzy Hash: 11627e216f1552136a5bd8831435eb43b3d3719773e8168e239a63382f65f88e
Instruction Fuzzy Hash: F0411030E08209DFDB49DFA5C9956BEBBB1FF45304F10806AD81297261DB359E45CF92

Uniqueness

Uniqueness Score: -1.00%

Function 02631291, Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

$ghr, xrefs: 02631349

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: $ghr
API String ID: 0-1352911727
Opcode ID: 880874f9a2e7f4e59d0cd0ab4712354912c0dddf6df349e7bee5dba776aa9ed2
Instruction ID: 8b8a4fe8dc66fe61692e2cb36ddad33b8cb30195ed4120a6905f8edd15dd0182
Opcode Fuzzy Hash: 880874f9a2e7f4e59d0cd0ab4712354912c0dddf6df349e7bee5dba776aa9ed2
Instruction Fuzzy Hash: AE41E534A08219CFDB55DB68D890B9DBBB1BF4A310F1040EAD40EAB755DB309D85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 02638100, Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

]DYr^, xrefs: 0263812E, 02638133

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: ]DYr^
API String ID: 0-1777951214
Opcode ID: 83543e9d1c8b7ccd5879179754bc8c328fe55558db3c4e0b81537339ad8d6461
Instruction ID: bf5309c39348f4bf7087a3f0441c010f5e955fdf843e758d81c5f4e49619b436
Opcode Fuzzy Hash: 83543e9d1c8b7ccd5879179754bc8c328fe55558db3c4e0b81537339ad8d6461
Instruction Fuzzy Hash: B8317A34A19201CFC759AB78E4586AD3BB2FF8531135585AAE006CB395DF768C02CB85

Uniqueness

Uniqueness Score: -1.00%

Function 0263D94B, Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

lir, xrefs: 0263DA03

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: lir
API String ID: 0-3872640509
Opcode ID: d226c47b41e0af7713165794d409d4ac705c0183000f75ced721e1d400e42279
Instruction ID: ccac472b596c3234d165f41898801b4c44924d99c1aac9d935fd998a22a464ce
Opcode Fuzzy Hash: d226c47b41e0af7713165794d409d4ac705c0183000f75ced721e1d400e42279
Instruction Fuzzy Hash: 6B21D035A08214CBCB1A9B69D5003BEBBE6FB88314F10406AE586EB384DB71EC42C791

Uniqueness

Uniqueness Score: -1.00%

Function 0263C080, Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

]?Yr^, xrefs: 0263C111, 0263C116

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: ]?Yr^
API String ID: 0-3586606707
Opcode ID: c0f2378a56fb9d72ba5011c3bc6dd234e640eab04db83ff9276c80dd4f901a4f
Instruction ID: 3da7d0e120afcf0ce17ec59ea0abd2428ab504589a2e839fb17d4d40763f82af
Opcode Fuzzy Hash: c0f2378a56fb9d72ba5011c3bc6dd234e640eab04db83ff9276c80dd4f901a4f
Instruction Fuzzy Hash: 4B110E357183509FE305AB38D85472E3BA7EBC9301F1504A9E406EB788CB769C42CB94

Uniqueness

Uniqueness Score: -1.00%

Function 02637040, Relevance: 1.3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

Strings

Huir, xrefs: 02637073

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: Huir
API String ID: 0-669697419
Opcode ID: 91c7800881dcb654bd785ca9884b847561b16db3ac2bfe2d14bd0ba79102e8ce
Instruction ID: f53d119c9bab39ffbd1992b50287862ace05faeea3588cad6d3706e49b495af9
Opcode Fuzzy Hash: 91c7800881dcb654bd785ca9884b847561b16db3ac2bfe2d14bd0ba79102e8ce
Instruction Fuzzy Hash: C7F02DB170825057C7562A7C589066D7F56EBC6370724022AD505CF2D6DE659C4383A2

Uniqueness

Uniqueness Score: -1.00%

Function 02634710, Relevance: 1.3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

Strings

X1kr, xrefs: 02634747

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: X1kr
API String ID: 0-844551562
Opcode ID: 9d0705c2c01ac29a2c6296e667e7093aa43b2d87b2919e97d92ef6b823f02682
Instruction ID: fe1baee8ae1bfeb688528ff391f077398eb713cab3165e4bc5aa2cb007ba2ff2
Opcode Fuzzy Hash: 9d0705c2c01ac29a2c6296e667e7093aa43b2d87b2919e97d92ef6b823f02682
Instruction Fuzzy Hash: 0AF0B4323012509BCB6A66B998103BE72EA8BC6761F54003FE60AC7781DD66DC828391

Uniqueness

Uniqueness Score: -1.00%

Function 02637050, Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

Huir, xrefs: 02637073

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: Huir
API String ID: 0-669697419
Opcode ID: 4130e992a4ad9754e639e7b9b3907da998fd8b21577e671a11c1d4a6f5f50b51
Instruction ID: 23647f188e3491f20ed6e9a9643fe3a949d1925aeda92dc015f7f1343a5768b6
Opcode Fuzzy Hash: 4130e992a4ad9754e639e7b9b3907da998fd8b21577e671a11c1d4a6f5f50b51
Instruction Fuzzy Hash: 6BF0E9B130815053CA9A3A6C9C81A3EBA4BABC6770774432EA516CB3D5DE619C0283A6

Uniqueness

Uniqueness Score: -1.00%

Function 02639CFF, Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

Huir, xrefs: 02639D23

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: Huir
API String ID: 0-669697419
Opcode ID: 26d815b8168d0b64654cc4759f610e15f1e7aec4fb9681e74b35f45b591a1cc7
Instruction ID: 4b1eb58022932626e3330ad4fe9c1690ad2d71862074a0875b81a576eec53ed0
Opcode Fuzzy Hash: 26d815b8168d0b64654cc4759f610e15f1e7aec4fb9681e74b35f45b591a1cc7
Instruction Fuzzy Hash: 7CF0E93130911093CB593A6CA882A7D7E4AEBC5770774432EE51ACF3D5DE949C0287A2

Uniqueness

Uniqueness Score: -1.00%

Function 02635B41, Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

=RYr^, xrefs: 02635B60, 02635B65

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: =RYr^
API String ID: 0-2243501792
Opcode ID: 8cca51a4bbbd9be1036bc8c912405b4a7a90851af2c9bb935fbb53b653d58c97
Instruction ID: 859aa3d4584cc1937be1d01436c6c6251f9a37b724b8a037fefbf6310a441092
Opcode Fuzzy Hash: 8cca51a4bbbd9be1036bc8c912405b4a7a90851af2c9bb935fbb53b653d58c97
Instruction Fuzzy Hash: 04E0922264D2945FEB01DB78D8619797BE59F93300308409FD846D7282C91A9C02C7E2

Uniqueness

Uniqueness Score: -1.00%

Function 02635B50, Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

=RYr^, xrefs: 02635B60, 02635B65

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: =RYr^
API String ID: 0-2243501792
Opcode ID: 8654b16e51601c289f81f9c0612cccde0543ff9bd54ecdfd2e4b53a3d6672f73
Instruction ID: cfad0ba3ec9b78e5fff8adaf1ca895b48749296686197f5afb8a35cda5873986
Opcode Fuzzy Hash: 8654b16e51601c289f81f9c0612cccde0543ff9bd54ecdfd2e4b53a3d6672f73
Instruction Fuzzy Hash: 47D0A72034421427BB04E6ACC81293A73CEDBC6711304846EE40ADB341CD639C0283D1

Uniqueness

Uniqueness Score: -1.00%

Function 026A025D, Relevance: .5, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611736598.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_26a0000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cd6ded0df84e6af9debbd0b02e32e9c5a5d2a709f6f1990b80426e541b0c745
Instruction ID: a5637a6fc7b2314857b2d4b18b7908803bcd8dacdea207510185904317f84ab8
Opcode Fuzzy Hash: 0cd6ded0df84e6af9debbd0b02e32e9c5a5d2a709f6f1990b80426e541b0c745
Instruction Fuzzy Hash: 13417AA254E3C05FD3138B34AC66AA2BFB4AF53120B0E85CBD4C4CF5A3D1595949CB72

Uniqueness

Uniqueness Score: -1.00%

Function 02635B98, Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee133b065730c2f8865d09812a7fe437cb6a73b4b1e988241b355b75b25711d3
Instruction ID: aa34cd0618d82e32c90d346b6521a5a0ea9363dd4e752c4f69d22702d8261ef8
Opcode Fuzzy Hash: ee133b065730c2f8865d09812a7fe437cb6a73b4b1e988241b355b75b25711d3
Instruction Fuzzy Hash: 08816D31A00619CFDF16DF14C890ADAB7B2FF89304F558599D80AAF251DB71AE86CF90

Uniqueness

Uniqueness Score: -1.00%

Function 026351F2, Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 828c4c1ec2951045fe9983eab4bfdec56eeff13589093a374d133f51b9822d1c
Instruction ID: d0e0b0ac45bfdfb229ef8c03105048f04f211bf39fae267a127e3d75dd767345
Opcode Fuzzy Hash: 828c4c1ec2951045fe9983eab4bfdec56eeff13589093a374d133f51b9822d1c
Instruction Fuzzy Hash: 1291A131A04105DFDB0ADBB8C458AAD7BF2FF89304F5444AAD502EB2B5EB716D09CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0263E528, Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 159612087a60be7c513a57734eb6f93415d2515167589077738b4716fd511b01
Instruction ID: 563379065141ebbc4e4b3fe1818cefde9126473c61fa0d6f45351e869c995259
Opcode Fuzzy Hash: 159612087a60be7c513a57734eb6f93415d2515167589077738b4716fd511b01
Instruction Fuzzy Hash: EA712B34A00605DFDB19CF69C494BA9BBF1FF49324F148459D516A77A1CB72E882CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02634DA7, Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f46db21892ae75c7b98befb7c6afcd3346a9f187b463d4fd96640e43e3368fa8
Instruction ID: a8350d13b3c9da890f880b87379d033a4c4839e71a6641a1baebe3c1157d3245
Opcode Fuzzy Hash: f46db21892ae75c7b98befb7c6afcd3346a9f187b463d4fd96640e43e3368fa8
Instruction Fuzzy Hash: DA619035209144CFC70AEB68D89096EBBE2EFC5310759856AD506CF3AADF31AC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0263DDC0, Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed318b617bd8767dd9d42ff942abb40af8e54183565387d24b1f4baa1aefe8a5
Instruction ID: 3dc74c833303f7fec8014d9dff958d5fb6333e8ba763bdcff94412ea6d432403
Opcode Fuzzy Hash: ed318b617bd8767dd9d42ff942abb40af8e54183565387d24b1f4baa1aefe8a5
Instruction Fuzzy Hash: 3D51AE31A00518DFDF09DFA4C9909AEBBB7FF84304B058069E906AF255DB74ED46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 026371B8, Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b0dd0b52317399be21466b8bc43cd917db0630a5321133d59f82c519e678447
Instruction ID: 0ea0eb1a7c18a17fa0cd6c8340c813388e43eacc619d4d12207674eb275a3d80
Opcode Fuzzy Hash: 9b0dd0b52317399be21466b8bc43cd917db0630a5321133d59f82c519e678447
Instruction Fuzzy Hash: F5310771904619CFDF16DF64C8946DAFBB2FF89304F5184A4D909BB215DBB06A8ACF80

Uniqueness

Uniqueness Score: -1.00%

Function 02636D20, Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c62e1d5013ebcaa1b8f58d9aefdc58eb93115d4cbab2a0681a7e339f5898e89a
Instruction ID: 090eeda9d11f4ac195eeb36aaafa2ce6cf18e4dd1e900be35e55700b8ce20fff
Opcode Fuzzy Hash: c62e1d5013ebcaa1b8f58d9aefdc58eb93115d4cbab2a0681a7e339f5898e89a
Instruction Fuzzy Hash: 7B515131B042149BCB09DBB9C4606AEB7F7AFC8714B248569C806AB395DF70AD46CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 02637EC8, Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1cc5068d7ea8b33d5a36c9a12048941483b34f18ae28c5e276e82a98525f97d
Instruction ID: 4c84b0a5c0f6d45bdf6e22dea55e6103beadf44341e2e28947e96fa671ba74ed
Opcode Fuzzy Hash: e1cc5068d7ea8b33d5a36c9a12048941483b34f18ae28c5e276e82a98525f97d
Instruction Fuzzy Hash: 8F5106B5D04618CFCB1ADFA8C98469DFBF1FF48310F20866AD45AA7294E7316946CF90

Uniqueness

Uniqueness Score: -1.00%

Function 026376F1, Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6b32d6842d200f114e9a3530ed7b0df66f250735873d6bcbdccc1ffdc0089fe
Instruction ID: 6fa6437d024cb559656936de7b83be971ea0279935dd532ab737e227e3b15a67
Opcode Fuzzy Hash: c6b32d6842d200f114e9a3530ed7b0df66f250735873d6bcbdccc1ffdc0089fe
Instruction Fuzzy Hash: A6514B74A00214CFDB16DB78C584BADBBF2FF85304F2482A9D80A9B395DB70AC41CB61

Uniqueness

Uniqueness Score: -1.00%

Function 02630BC0, Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e361cbffad08423971194c69c17d23f64655235a9a89281c92244af2e391d67a
Instruction ID: d1c3392f93afaaa1fec6ab8132395d566e8b018a2746530b1ba56874cf6488f5
Opcode Fuzzy Hash: e361cbffad08423971194c69c17d23f64655235a9a89281c92244af2e391d67a
Instruction Fuzzy Hash: 4D418331B05114DFC71A9F6CC4546AE7BE6AFC6310F1580A6E906DF3A1CEB29C0AC791

Uniqueness

Uniqueness Score: -1.00%

Function 0263A79A, Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f03500d528ffb0885b8bd60af0fc15a8614cb3e6949fb529adbec61ab4eeae5
Instruction ID: 412e76abf60e976348a1c1ebd83a1005f34660035e0dc2aa2a2512622c99d56f
Opcode Fuzzy Hash: 1f03500d528ffb0885b8bd60af0fc15a8614cb3e6949fb529adbec61ab4eeae5
Instruction Fuzzy Hash: 46416E31B001559BDB089BB8C859B7EBBF3AFC9701F15406AE206EB3A1DE758C069791

Uniqueness

Uniqueness Score: -1.00%

Function 026368A0, Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4b724dc4804944f2dabbdca0c2d6fea3ecaa529fdd31427eecaaa5c3b7d5037
Instruction ID: bb545c0c97eb0cc9abb1f9cdd0b9a26a8febe0d5ff8654179eb05e84e900af47
Opcode Fuzzy Hash: b4b724dc4804944f2dabbdca0c2d6fea3ecaa529fdd31427eecaaa5c3b7d5037
Instruction Fuzzy Hash: B2413938605600CFCB16AB7895A026A77F3FB8D341358406DE94AAB787DF369C45CB92

Uniqueness

Uniqueness Score: -1.00%

Function 026368B0, Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d1ffaa4a97821e5158409226042b442c9e3685d2f57fbf24a78a7f5b761e6d7
Instruction ID: ae8248d916c3bf9ba8ab855f4c0a57a7e9f4928a8566ebe55874a5cf62c0ea27
Opcode Fuzzy Hash: 0d1ffaa4a97821e5158409226042b442c9e3685d2f57fbf24a78a7f5b761e6d7
Instruction Fuzzy Hash: 6A414B34701210CF8B16AF7995A02AE77E3FB8D741358406DE90AAB787DF36AC45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0263AB30, Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 157f4cdc817a1c80bc2a9b39e6dbe08bf48828eaa98084fc60252bb8d82b15fd
Instruction ID: dc34cf41db8dd6f9f1485111cfb3b0f6a9141e201bcbd797d8484010527e8458
Opcode Fuzzy Hash: 157f4cdc817a1c80bc2a9b39e6dbe08bf48828eaa98084fc60252bb8d82b15fd
Instruction Fuzzy Hash: 6031D271B006658BCB19DBA9C8806AEFBF2FF88310B20442EE44AD7740DB75ED41DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0263DDB1, Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fa70f698cd36b2a5a87f5c0294169e263ca3fe658c2c5482049a4557c66b821
Instruction ID: 5fa05c4bd1ea04615fdb27137b1738077729aa74ac6e50e6ce39d1f5e979e4bc
Opcode Fuzzy Hash: 3fa70f698cd36b2a5a87f5c0294169e263ca3fe658c2c5482049a4557c66b821
Instruction Fuzzy Hash: 0131B371A04218DFDF0ADFA4C9509ADBFB7FF94700F01406AE506AB2A1DB719D06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0263DC99, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f94b54a5c43a38c062ec660ee7887dc46eb6849985d4a20f3afab1c2439df67
Instruction ID: 20fd74fdddacf07d65206136e7651bc5114552f198840e7d60179022cfffaa49
Opcode Fuzzy Hash: 6f94b54a5c43a38c062ec660ee7887dc46eb6849985d4a20f3afab1c2439df67
Instruction Fuzzy Hash: C9315875A00204DFCB59CF68C540BAEBBF5FB89310F14816AD40AA7381CB719C42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02637D18, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ecfc939217d01758771f857936421b48bf414fffbc25fa9dd38d6708fcf9c09
Instruction ID: 44605f6df8754ece8ce35fd16a5fcb30100732d055c546fcde044c839a2eb484
Opcode Fuzzy Hash: 7ecfc939217d01758771f857936421b48bf414fffbc25fa9dd38d6708fcf9c09
Instruction Fuzzy Hash: D1319AB5A0015ADFCB06CFA8C884ABEF7F0FB85324F148666D4169B6D1D730E856CB91

Uniqueness

Uniqueness Score: -1.00%

Function 026302D9, Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c0ecfbb1c22573dceb62e6ec102e2baddabacb30a2862d7728da3b5f1138e8c
Instruction ID: 19ad1c67679560267acf53c9d74c676d782d990f419108ca5930571ab96a219c
Opcode Fuzzy Hash: 6c0ecfbb1c22573dceb62e6ec102e2baddabacb30a2862d7728da3b5f1138e8c
Instruction Fuzzy Hash: FD317E34B05206CFEB19CF68C1A0BAE7BF2EF89710F144469D502AB7A1DB75AC49CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02636F61, Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbc8ff2957055d8ebb3706765ab555d0864b8923cc1675c216e31e8b8b49828f
Instruction ID: 1e231fd26c0fa8d637b73160b70994ef40c9d4b7c51bbc015d6b9bf651dd49e4
Opcode Fuzzy Hash: bbc8ff2957055d8ebb3706765ab555d0864b8923cc1675c216e31e8b8b49828f
Instruction Fuzzy Hash: 2931F7307051509BDB0AA7B9D860ABFBBE7AFC9304B94417ED807DB391EE714C058BA1

Uniqueness

Uniqueness Score: -1.00%

Function 026320D0, Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f68684dd55a69c1e7aa34f4443a3a8ae5c99e684f7953494ec372a4e18733ed4
Instruction ID: 460a87ec18b008f86f3c8122a12d3b0c4ce080aeb254ec9afa177b44ba929cc1
Opcode Fuzzy Hash: f68684dd55a69c1e7aa34f4443a3a8ae5c99e684f7953494ec372a4e18733ed4
Instruction Fuzzy Hash: 12319230B08245DFDB06DF68D9A067E7BB1FF85300B118466CE06DB255E770AC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 026366CC, Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eb0f76508931be54858a42cb1ae213e47d8954fb2a8f51a9e7905bf4ee1a86b
Instruction ID: 67c17be6d255d57e2540815d89b51c7b1c8a736e65fab42ae07b5ca2c12fb70a
Opcode Fuzzy Hash: 3eb0f76508931be54858a42cb1ae213e47d8954fb2a8f51a9e7905bf4ee1a86b
Instruction Fuzzy Hash: 75319C30214301CFC715AB38D65426D3BA2EB82359358867DE106DF386DFB69C468BC1

Uniqueness

Uniqueness Score: -1.00%

Function 026345C8, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33fcba0b15a09f5ef77ffd6e0f785c9edace70e400466336cfb83e4edacface4
Instruction ID: 05563cd4f894342998f7e8f51f17bddfdd7e45e0c3632f094601faea943931d4
Opcode Fuzzy Hash: 33fcba0b15a09f5ef77ffd6e0f785c9edace70e400466336cfb83e4edacface4
Instruction Fuzzy Hash: B3216D71B04119AFDB05DEA9D981BBEF7B9EBC9200F204126E619D7241EF705905C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 0263E818, Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b80bf83db315da33c1dee8d300887f52de956838b9ecb00098efcb6044b905ca
Instruction ID: 531bb384886e6568bbb92a413a1c12e954d0caf0fdba2ae31d71dcbdb05da319
Opcode Fuzzy Hash: b80bf83db315da33c1dee8d300887f52de956838b9ecb00098efcb6044b905ca
Instruction Fuzzy Hash: 3F41FA30D05B51CFD77ACB2AC550766BBE2BF85309F14C86EC19786AA0DB76A441CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0263AAE2, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2d5ca65ebabf36f8e1d7a0a80b6db26a08c4527c99e019940547f3165d21102
Instruction ID: c6ae48df4d7a57fb4fd8bf33dda76ce93edd93b84bf635fe05b3fab84da1dd3b
Opcode Fuzzy Hash: d2d5ca65ebabf36f8e1d7a0a80b6db26a08c4527c99e019940547f3165d21102
Instruction Fuzzy Hash: 5131F3B6B042A58BCB05CBA8D8441AEBBF2FF89200B14816ED49AD7211D3359D41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0263E208, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c92e62e594ffca61ac996a0eb55d2278a81312eb5d25aa358abc6a87bcd2aa0
Instruction ID: 53660fc7d89e403edcb6aba1cda2cd31ebe39dfda6d643e8676a5d4a972435d3
Opcode Fuzzy Hash: 5c92e62e594ffca61ac996a0eb55d2278a81312eb5d25aa358abc6a87bcd2aa0
Instruction Fuzzy Hash: 77311C34B00604DFCB55DBA9C581AAEBBF6FF88300B504429E506A7751DA76DC42CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 026350E0, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80c92e777f1cfe2af718d76f73903eaa34dc019106ef2a325e4002d38e3d03f5
Instruction ID: 8587bbbf1e92188198d1a9195c318b5bedc5b569fb080c93618d701bf5d4da06
Opcode Fuzzy Hash: 80c92e777f1cfe2af718d76f73903eaa34dc019106ef2a325e4002d38e3d03f5
Instruction Fuzzy Hash: 5D215E31A043099FDF05DFA9C4146AEFBF6AFC9300F544529D506AF355EB706946CB81

Uniqueness

Uniqueness Score: -1.00%

Function 02636D10, Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15c15405418e1fc95ba4aa7a2cffccff4b045516e92849ae7d416e0a4a3bb697
Instruction ID: 504f73e4c6ab810e174f49747f2ded8ce58dec0042091a1b30a137621b7b9fcb
Opcode Fuzzy Hash: 15c15405418e1fc95ba4aa7a2cffccff4b045516e92849ae7d416e0a4a3bb697
Instruction Fuzzy Hash: 89312F31E042099FCB09DBB9C5605AEB7F3EF88304B14856AD816AB395DB30AD46CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0263DAAC, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbecf79d0e27b38922a1578b94bf1d37885dc02e353b3ac877e97d7713972abf
Instruction ID: 01534625123840989f92403d8b60d065ba958882e2bb3d8c702e052275412418
Opcode Fuzzy Hash: fbecf79d0e27b38922a1578b94bf1d37885dc02e353b3ac877e97d7713972abf
Instruction Fuzzy Hash: 7E311B303047018FC669A77C846166A7BE3AFC13147649A2CD5469B798DEB6E9038BC4

Uniqueness

Uniqueness Score: -1.00%

Function 026343D0, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 281d8eaf9802149848ce7c4ed58615b09477329382414e6a516c6e61d97984f6
Instruction ID: b1a598cd9d21d3da61d6c69b8f89173e5150291057970e19812328d4f847dd8f
Opcode Fuzzy Hash: 281d8eaf9802149848ce7c4ed58615b09477329382414e6a516c6e61d97984f6
Instruction Fuzzy Hash: E5319F35618105CFCB05EF68EC448ADBBF2FF853147148069E5065B27ADF31AA56EBD0

Uniqueness

Uniqueness Score: -1.00%

Function 026350D0, Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efe753608c1df9402af11e51bd7affe34bee883862d138b5b4e210dbb576c9ad
Instruction ID: 214fa244c0bcead242ade6f04e2a3bba963828697a54ad9cb45b5ce92bec4d72
Opcode Fuzzy Hash: efe753608c1df9402af11e51bd7affe34bee883862d138b5b4e210dbb576c9ad
Instruction Fuzzy Hash: EE217C31904349DFDF01DFA8C8146EEBBB1EF89310F508529C50AAB255D770594ACBC1

Uniqueness

Uniqueness Score: -1.00%

Function 02637EB9, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f59030449c10943392f90c4a299ffc6fbe1bee58df1a73e0a7e082238904b888
Instruction ID: 90f2793a75866db391b263453d5aa0acfe842b34a14d9cc184a927c9ab005231
Opcode Fuzzy Hash: f59030449c10943392f90c4a299ffc6fbe1bee58df1a73e0a7e082238904b888
Instruction Fuzzy Hash: C9215CB5908145DFDB1BCB68C844AAEFBF1EF49300F1444AAD502EB2A1DB719D06CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0263A418, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af8fef25c5c68fb111e92b80f238eac91402dd75c8cf4d6892eb0034b559905f
Instruction ID: efa8afb6b26faa08cea758dce27cbb9f8c16d038f6f569816ef498cf9a357a7f
Opcode Fuzzy Hash: af8fef25c5c68fb111e92b80f238eac91402dd75c8cf4d6892eb0034b559905f
Instruction Fuzzy Hash: 20219430B04245DBCB19DFB8D845AAEB7B1BF88720F104969E942AB742DB70AC45D7D0

Uniqueness

Uniqueness Score: -1.00%

Function 02634F10, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4388aed821dc711a2fab459679cfe3e2e33bf7f875e20359ec3bb4afed6e3b4
Instruction ID: 76c7ae74b5db391303f09457b518ae07ee5264d7d61f548d8622a3ecea0791e9
Opcode Fuzzy Hash: f4388aed821dc711a2fab459679cfe3e2e33bf7f875e20359ec3bb4afed6e3b4
Instruction Fuzzy Hash: C321C035209204CFC30AE625E8909B9BB62FBC0351768862FD403CB28EEF709C07C796

Uniqueness

Uniqueness Score: -1.00%

Function 02634510, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a399b607cfabacc13f91f442cfe187597d6620593a6fb0f289cdc849a676489
Instruction ID: e73366082a965ee4418d4ac78ba0f1844156634281abed6ff68726c63468a1ac
Opcode Fuzzy Hash: 3a399b607cfabacc13f91f442cfe187597d6620593a6fb0f289cdc849a676489
Instruction Fuzzy Hash: F411B432E081518BDB06DA6898101EFBBA2DFC6221F09407EE946DB251DB659D06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 026386A6, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08dd5f76d7919dadbd61378b65117818babd2aeea91257fec97bec6780eba3c9
Instruction ID: 33b9401d38213a3df2121b7763670e501803f791679a10070cc7342dcd67c372
Opcode Fuzzy Hash: 08dd5f76d7919dadbd61378b65117818babd2aeea91257fec97bec6780eba3c9
Instruction Fuzzy Hash: 74318874A1020ACFDB21DF69C58479EBBF2FF88314F1492A9D0069B654DBB99885CF81

Uniqueness

Uniqueness Score: -1.00%

Function 026348B9, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 254bd7bccacb799de31c863123441ba69ed39c4618a4582c2dbe9e2088832fa8
Instruction ID: 21bc5a0ed42ab2cab1cf4d7190431f96011f756e1114af29602dbc32ddc456cc
Opcode Fuzzy Hash: 254bd7bccacb799de31c863123441ba69ed39c4618a4582c2dbe9e2088832fa8
Instruction Fuzzy Hash: 6211B732A00119DADB0EDA78D8506EDB7B6BFC5314F18442AD503B7291DE305A07C791

Uniqueness

Uniqueness Score: -1.00%

Function 026325DE, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 888a9df089f480a0f72980fb638762adea3a22cfa684514648808d0262d34692
Instruction ID: e8c39191e40ee386312997689cf38f1f26664af1dfdbe52063dbe5e9e0c097bf
Opcode Fuzzy Hash: 888a9df089f480a0f72980fb638762adea3a22cfa684514648808d0262d34692
Instruction Fuzzy Hash: 5831AB70A18245CFDB21DF69C85478AFBF2FF86314F20D12AD8159B265DBB49989CF80

Uniqueness

Uniqueness Score: -1.00%

Function 026321E8, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94229317bc6d0c9ab2ff8b9ea81fa7e526e8b57bdf102466ba15ad588e2d8f00
Instruction ID: 65b55ffb9a4448fceaa5b2ddfac2fe944f41edc75e23e4edc76df4a5226de380
Opcode Fuzzy Hash: 94229317bc6d0c9ab2ff8b9ea81fa7e526e8b57bdf102466ba15ad588e2d8f00
Instruction Fuzzy Hash: AB315170D08205DFCB4ADFE8C9E46AD7BB1FF45304F14849AD8129B2A2D7319E46CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0263AB20, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45c58222c10fe775413520c6440adee36b42fcedc9d2ea9e91cc84ffc528ddc8
Instruction ID: 862f66c0fc5db963d54a49ea64aacdbb845d60a89743dee7c2da57aae4459ec8
Opcode Fuzzy Hash: 45c58222c10fe775413520c6440adee36b42fcedc9d2ea9e91cc84ffc528ddc8
Instruction Fuzzy Hash: 5A219FB5E042698BCB05DF98D8945AEFBF2FB89210B14816EE45AE3311D3359D51CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 02634788, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3b4ba5edb0d3c6ab51e990e5252dd0609f4737ff94a3e55586d71bee587c4d
Instruction ID: 67b3a9edfb672b357d8e611d74990b1f91ca73e7eb5a64e8a13f0edc64be1bbc
Opcode Fuzzy Hash: 7f3b4ba5edb0d3c6ab51e990e5252dd0609f4737ff94a3e55586d71bee587c4d
Instruction Fuzzy Hash: D2118E32A001148FCB65EBB8D9506FEBBF2EB86350F60447AD40AE7281EF358946C791

Uniqueness

Uniqueness Score: -1.00%

Function 02636F70, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6e24dab80759c1bb338fad21c96a399bd545e7a10528682d949fcfeb802e8e2
Instruction ID: 63dd727171d007843007e03b5c6cdfb4a7071b0bb897aa55f205df818defb70d
Opcode Fuzzy Hash: b6e24dab80759c1bb338fad21c96a399bd545e7a10528682d949fcfeb802e8e2
Instruction Fuzzy Hash: 9011B270714010ABDB09B7BAC86097FBAEBAFC9344BA0453E9407DB391DD719C0187E5

Uniqueness

Uniqueness Score: -1.00%

Function 026382BF, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4e66211eb4160e186f523a66458349927bad927c76214c07195be9d4f4d0e05
Instruction ID: 16485faeec7a0c57bab1aa74a1615ebd818c68ee1f571dab8040d3680800ae9a
Opcode Fuzzy Hash: f4e66211eb4160e186f523a66458349927bad927c76214c07195be9d4f4d0e05
Instruction Fuzzy Hash: 0021F770E04209DFEB59DFE8C5956EEBBB1FB44304F1040AAE402A7350D7759E42CB52

Uniqueness

Uniqueness Score: -1.00%

Function 02634FF0, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8bfcd73c2b2a1442d2822177a22af65c6a9a9f776adccc96f91e91ce76bf9b5
Instruction ID: ff044797429c19bd1a6fbb73d48e168ed04da7847b01847486cfc7593b8bcfdf
Opcode Fuzzy Hash: c8bfcd73c2b2a1442d2822177a22af65c6a9a9f776adccc96f91e91ce76bf9b5
Instruction Fuzzy Hash: 43119631A04244CFCB45EBB9D8907AE7BE1FB88310B94417AC506DB285EB714A46CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 0263E0B0, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb49e5b7e32677f72d2c7fbb0e8203d12193035e8529c61961637d9a4459b902
Instruction ID: 02a9aff0bfde717308c08250ceba3071ce3eaf47485f98f4885a05c0e6ceea2c
Opcode Fuzzy Hash: eb49e5b7e32677f72d2c7fbb0e8203d12193035e8529c61961637d9a4459b902
Instruction Fuzzy Hash: 83216071A00514DFCB5DDFA9C551ABEB7F5EF88310B20806AE806E7740D732AD12CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 026346A7, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5df848dc3d77788d68fc19cff498fbedb631380ccd6cc5850b027bff235eeec4
Instruction ID: e6090a356383a2418546ad10ac7d30148add1aa2673296a69c9c9e009276b899
Opcode Fuzzy Hash: 5df848dc3d77788d68fc19cff498fbedb631380ccd6cc5850b027bff235eeec4
Instruction Fuzzy Hash: 41118275B081149FDB169FA8ECA1AFEB7F9EFC6700B2440A6E506DB252DE214C06C791

Uniqueness

Uniqueness Score: -1.00%

Function 02635000, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b123f3add9a9c47c926301f21c5296e554f6a528bd7f155cc25f95634cc768a6
Instruction ID: fc85147ea8726e3d3a6a35571c78e1cce2a3da67415f476136795bb6a5eb4aec
Opcode Fuzzy Hash: b123f3add9a9c47c926301f21c5296e554f6a528bd7f155cc25f95634cc768a6
Instruction Fuzzy Hash: 3211B131B04255CFCB49EBB9885036E7BE1EB88610B944079C807EB385EF319D02CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 0263A417, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86bccea15baf62ec9fa02098c66812e008558cebd1780cd524bdda136055aba9
Instruction ID: 630d04fb23e1812aa6796567674ae3ae2cd4e19022d0047d710b218afb05c9de
Opcode Fuzzy Hash: 86bccea15baf62ec9fa02098c66812e008558cebd1780cd524bdda136055aba9
Instruction Fuzzy Hash: 4411C830B04254DBCB19DEA8D945AAEB7B1BB84720F104569E942AB382DB709C01D7D1

Uniqueness

Uniqueness Score: -1.00%

Function 0263C368, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6992eff61266fe0d952786437014b0e23d773dea88bcf740db7c09207649ed3
Instruction ID: a863d382ccc76250cd32490d2e1067d776c091051cc1915dbebd81bfc8dab49f
Opcode Fuzzy Hash: b6992eff61266fe0d952786437014b0e23d773dea88bcf740db7c09207649ed3
Instruction Fuzzy Hash: A8114F30704110ABD749AB69C850A7EB7E7DFC9754714806AE806AB351CF32AC12C795

Uniqueness

Uniqueness Score: -1.00%

Function 026311DF, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 877a47eca05ba3b3293184100e562cad6013c18eaf4c36434475d6ff7802cf88
Instruction ID: 484583279b8de029ad10ac1af05deca536ad31a1fc6d1b85895fe95980038311
Opcode Fuzzy Hash: 877a47eca05ba3b3293184100e562cad6013c18eaf4c36434475d6ff7802cf88
Instruction Fuzzy Hash: 4411943470D180CFC30A9728D8A49697FA5BF87205B1941EBD449CF2A7CB658C4ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 026A05AF, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611736598.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_26a0000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b551c9c80dcd9650feeb1f8249e64efdfd648f51c5cc7cc5e88e769cd20d29e8
Instruction ID: 4fb14f677274f194190abab14d096b006d4ca0a16814fe319797b9acfcd6864f
Opcode Fuzzy Hash: b551c9c80dcd9650feeb1f8249e64efdfd648f51c5cc7cc5e88e769cd20d29e8
Instruction Fuzzy Hash: 6211E97250D7C05FD702CB15EC518A2BFE8DF4763071884EBE945CBA12D2696909CF61

Uniqueness

Uniqueness Score: -1.00%

Function 02636571, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd9c449610ca6dbdd69784e47a38a971a741ecc56aa40b9a53d5857de5beb48d
Instruction ID: 846e8db3cfce2bbbf6af493c03b62a58f7ad8b90707a994390a5f577f824879b
Opcode Fuzzy Hash: dd9c449610ca6dbdd69784e47a38a971a741ecc56aa40b9a53d5857de5beb48d
Instruction Fuzzy Hash: E911BC72E04108DFDF01EBA9D8407EEBBB5EF44314F20407AD505D7295E7318945CB96

Uniqueness

Uniqueness Score: -1.00%

Function 026A087C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611736598.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_26a0000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4ca5dce79b9e2de6821d02f367876b1ebd7ddef292046edbef09fdb85ae108a
Instruction ID: 38fccbca0e3e78b578d660e77b9bf5594a3873048eb2a280bb4539aff136d365
Opcode Fuzzy Hash: c4ca5dce79b9e2de6821d02f367876b1ebd7ddef292046edbef09fdb85ae108a
Instruction Fuzzy Hash: 8E11B434204384DFE715DB14C594B26BBA5AB89708F24C99DE9491B742C777D813CE91

Uniqueness

Uniqueness Score: -1.00%

Function 026A0846, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611736598.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_26a0000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f683c46c03480d5b7d3509140b668a62db98e2fda3f78f8df70fd9a3ab04096c
Instruction ID: 98dbcab365f64c39a7ec6dc1d3271f97f69221749d7c51f3c4f1a39ccf156e3f
Opcode Fuzzy Hash: f683c46c03480d5b7d3509140b668a62db98e2fda3f78f8df70fd9a3ab04096c
Instruction Fuzzy Hash: AE21493510D3C08FD7078B20D860B55BFB1AF47218F2AC5EED4899B6A3C33A8846CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0263E0AB, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d635ab1f5cdb146ce8da4bdea187eada9f13371d50abf0a343c95bc71c28922
Instruction ID: b67d5cb4c1179d7cc3060685bf3d4474386f57b13ab81c2368f475df1ec2cee5
Opcode Fuzzy Hash: 1d635ab1f5cdb146ce8da4bdea187eada9f13371d50abf0a343c95bc71c28922
Instruction Fuzzy Hash: F211FB75A04509DFCB59DF99C941AAABBF5EF98210B10C06AE906E3301D332AD56CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0263D7B9, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4f80114bc6f7c308daf82d3616a11e560710edca436686acefeae9b17d5e10d
Instruction ID: 48d92480ec6bf08c6783c3dea9b7a6b466e5fe7a9a881be40f475dd0d336b274
Opcode Fuzzy Hash: e4f80114bc6f7c308daf82d3616a11e560710edca436686acefeae9b17d5e10d
Instruction Fuzzy Hash: 3401F1317182109FDB0527F8982476FBBA7AFCA314B64847BE406DB392DD718C0287A5

Uniqueness

Uniqueness Score: -1.00%

Function 02635788, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41e6522459fe468d5c66e03bcdb1995fcf1c35e836ad60c3f0dd6aa8f621861a
Instruction ID: 4a6d1dc9311c26c0fb5451c5fc7e8257b5d42e493f8af42d2822b58805f803ca
Opcode Fuzzy Hash: 41e6522459fe468d5c66e03bcdb1995fcf1c35e836ad60c3f0dd6aa8f621861a
Instruction Fuzzy Hash: 9A018F616091B08FCB26A7BC54602FA7FE24FCA61035A05AFD057DB793DA548C06C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 009AAD64, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.610829048.00000000009A2000.00000040.00000001.sdmp, Offset: 009A2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9a2000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aca46ac690fd258c21450c7423902d1a91a2893d1eeef573618ee147bc9d3421
Instruction ID: 8ede8fa103a5b8914835787d809db55d6088bfea5bf908bf86cb38a75ca65fcc
Opcode Fuzzy Hash: aca46ac690fd258c21450c7423902d1a91a2893d1eeef573618ee147bc9d3421
Instruction Fuzzy Hash: 0A11ECB5A08301AFD350CF09DC40E57FBE8EB88660F14891EFD9897311D371E9088BA2

Uniqueness

Uniqueness Score: -1.00%

Function 02632390, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 808407ff8109c68d2e96c4a5463260af1a93af63e2359d1a4e65bd4066db822e
Instruction ID: c3170d2739882513605bf1957f4ce49e83425248be5d791280b8be265bea4976
Opcode Fuzzy Hash: 808407ff8109c68d2e96c4a5463260af1a93af63e2359d1a4e65bd4066db822e
Instruction Fuzzy Hash: 85112E7091825ACFD71A9FA4CAA06AEBBB1FF44314F10846AC942AB395DB714D42CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02639EB8, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e51ee0fc055d33d216348e86c53ed3a634b6f6f2b6ca0ae1e72e75faad72f42
Instruction ID: fe6fa51a7afee46989f2ccafcc6399675d8042a0ff30a826ea37bff796cb2776
Opcode Fuzzy Hash: 4e51ee0fc055d33d216348e86c53ed3a634b6f6f2b6ca0ae1e72e75faad72f42
Instruction Fuzzy Hash: 42019E31A061049BDB1A9A58D990ABEBBF5AB84314F14446ED117E7740CBF16D02CFD1

Uniqueness

Uniqueness Score: -1.00%

Function 0263D7C8, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8672231e70c919360aeabe26499d5fa75f46455e890392b0d572b09dfb5be25f
Instruction ID: feba9a68bd6125b7bebf4d88f40f339d018aefe50da128b75bfbb25d70d0fb7c
Opcode Fuzzy Hash: 8672231e70c919360aeabe26499d5fa75f46455e890392b0d572b09dfb5be25f
Instruction Fuzzy Hash: 4D01A2317142209FCB182BB9981466F7AABEFCD724750443EE507D7391DD719C0287E0

Uniqueness

Uniqueness Score: -1.00%

Function 02637E31, Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f59599262e9c0779264f48c7098e7b7737eedbd5f21b221dfd96c7474599f4fc
Instruction ID: bab71a09c3fc8b16cbfe7e3e86839611ec70b567bffd5251ded6c6da73e87316
Opcode Fuzzy Hash: f59599262e9c0779264f48c7098e7b7737eedbd5f21b221dfd96c7474599f4fc
Instruction Fuzzy Hash: 71015EB1A04108DBDB2B9A64C8506BEFBF19B84714F14446EC516AB641CB719D02CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 02631209, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 049deb9037fb04e42b2697ba9e988106b38a113a643debbbd360b0a7304e53ce
Instruction ID: f82d07693ec6da940c9cd73fac3ff628680880d6dfbbd1cb49be7af2916cf011
Opcode Fuzzy Hash: 049deb9037fb04e42b2697ba9e988106b38a113a643debbbd360b0a7304e53ce
Instruction Fuzzy Hash: 61010C30308150CFC7099B2CD498969BBE6BF9620072541EBE44ACF6B6CFB18C4ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 0263A540, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16e315028adb4c2fb9ffa6102a6711438f349dd8b8bd9c4c1405246ff27c6c73
Instruction ID: f06dffe65cf7efc1aad1e5930bff815fc3edeba25efed956fcd581981095c21c
Opcode Fuzzy Hash: 16e315028adb4c2fb9ffa6102a6711438f349dd8b8bd9c4c1405246ff27c6c73
Instruction Fuzzy Hash: 9A014F76E042099FDF51EBB9E80579EBBF4EB44220F20417AD608D7240EB315904CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 026305B9, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29067fa4b2d101147823d618c4697c25081f4a2eb3542f6eef200ff896961c39
Instruction ID: 6d6a5852a7695ab9d79e1bfb7cc92ba5614545e0e3b1123dddaf402bfdcf61b5
Opcode Fuzzy Hash: 29067fa4b2d101147823d618c4697c25081f4a2eb3542f6eef200ff896961c39
Instruction Fuzzy Hash: AF01C2617082214BCB0A777C542137E26D79BC67517A8416BD106DF3DADEB88C0743D7

Uniqueness

Uniqueness Score: -1.00%

Function 0263C079, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 295435c6668adc8bdd983f4ea35fbc775ad7a2edcd5dcc57e55f691fa9026b0f
Instruction ID: 08f0b72832a5efd2b7b5df6f18d1c34b71c46b5a9604e1ab2f3e98d4f38f971d
Opcode Fuzzy Hash: 295435c6668adc8bdd983f4ea35fbc775ad7a2edcd5dcc57e55f691fa9026b0f
Instruction Fuzzy Hash: 4401D4357083909FD306AB38D4447293BA7EB89311F5500F9E406DF795CB769C82CB80

Uniqueness

Uniqueness Score: -1.00%

Function 026305C8, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fdeb8eeb922a656bc8473bac868bfd2138a7d541cc7739db88da5ad41dbaaae
Instruction ID: 8ab92af457ef33a9041c931b46f8f2be9e1da221fedba571104c0874377b8e61
Opcode Fuzzy Hash: 1fdeb8eeb922a656bc8473bac868bfd2138a7d541cc7739db88da5ad41dbaaae
Instruction Fuzzy Hash: 97F0BE617041201BCA4D7A7D94227BF62CF9BCAB517A8412EE206DF388CEB08C0343E6

Uniqueness

Uniqueness Score: -1.00%

Function 02636580, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb218f7b4a28563cd42308bdd88ff8c0011ea8e740a1ecde2eb3dad5107a31f6
Instruction ID: 4af0d9e31e313a8f4ad65008d0dc4cdc2392ca943a9a8b97edbc726b71e0a689
Opcode Fuzzy Hash: cb218f7b4a28563cd42308bdd88ff8c0011ea8e740a1ecde2eb3dad5107a31f6
Instruction Fuzzy Hash: 8C014B71E04108DFDB50EBBAE8407AEBBF8EB84264F20413AD619D7285EB309955CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 02639EB7, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cb3fb45ebcfd55a07589de314d6f9843accc350ee63ccb61aec9d9e3ebf7829
Instruction ID: 3afc3f2f1b49f881ab1a3772963caa629d318dcbd696239807b3815e68a13f27
Opcode Fuzzy Hash: 7cb3fb45ebcfd55a07589de314d6f9843accc350ee63ccb61aec9d9e3ebf7829
Instruction Fuzzy Hash: 51017C31A061449BD71A9A28C990BBE7BF1AB84304F15442ED017E7780CBF19D02CFC1

Uniqueness

Uniqueness Score: -1.00%

Function 02635701, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f2c83c0722a789078a139473eb56909d5514efbfc0af4b51a3c69574ff1bdf0
Instruction ID: 604650ce0dfb829a74801cbf3d06c6c0594c6892e8824ff4359f30affe831016
Opcode Fuzzy Hash: 8f2c83c0722a789078a139473eb56909d5514efbfc0af4b51a3c69574ff1bdf0
Instruction Fuzzy Hash: 6B0181212092F08FC72357BC55743EA7FE19E8755072A01DFC497DB6A3DA148C06D3A1

Uniqueness

Uniqueness Score: -1.00%

Function 0263A6B0, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32c9226cb492436ca5a33ee9b76c3e6bdc106644a5ffabac439d16a8c88884da
Instruction ID: 38649b98f215b44f429271747bbb0c33ab49895583e4acfedb692d3cc9f4aaae
Opcode Fuzzy Hash: 32c9226cb492436ca5a33ee9b76c3e6bdc106644a5ffabac439d16a8c88884da
Instruction Fuzzy Hash: 6C01DF34304200DFC718ABB8E9255193BB2EBC522072441B9D2468B296EFB28C02C796

Uniqueness

Uniqueness Score: -1.00%

Function 02631218, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf9fcf98fff862dd91b0ca1a16a2f0a43a79b84b58a7a523c8444d71b4e8e328
Instruction ID: 263b9c8cd3582784ace8296f8bb7e2716ff68f05491ce16a4b144bfc78263e46
Opcode Fuzzy Hash: cf9fcf98fff862dd91b0ca1a16a2f0a43a79b84b58a7a523c8444d71b4e8e328
Instruction Fuzzy Hash: FA011D30314014CBC608AB2CD498969BBEAFFC671072541EAE50ACB765CFB19C8ACB85

Uniqueness

Uniqueness Score: -1.00%

Function 02632F97, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97eb0f569fc9dca20b5b849c514c41a35f58ebdfe64be3b61f6fbdfef84ed17b
Instruction ID: 35180549f087df3d867879077d0003ba71e691fc7f4b9459e9c020b347fed64a
Opcode Fuzzy Hash: 97eb0f569fc9dca20b5b849c514c41a35f58ebdfe64be3b61f6fbdfef84ed17b
Instruction Fuzzy Hash: ECF06234F001199BDB109BB5D864A9EBBF5EF86341F104875E901DB325EB308C0687D0

Uniqueness

Uniqueness Score: -1.00%

Function 026308B1, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae1e2c10a03ede29571d101489f0c2b1693fafd5023d20070605a25e54588d77
Instruction ID: fe32a666ca00dfb3d8f34ad5d31b4d01042a4358ec5ec34a39636a4bf3fcb39f
Opcode Fuzzy Hash: ae1e2c10a03ede29571d101489f0c2b1693fafd5023d20070605a25e54588d77
Instruction Fuzzy Hash: 0BF04032B4D2548FCB1217F97C80AAABF949FD1260308027BCA09C7251DAA08C0A93E0

Uniqueness

Uniqueness Score: -1.00%

Function 0263E4B8, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7060250e6dbb65e44a3d896d3e3ac70f84088f60d2871face19df472f248fd84
Instruction ID: a807640ea3e50edcdf88372e2df27473b1df42914319f769eb0cbbc22fa86f10
Opcode Fuzzy Hash: 7060250e6dbb65e44a3d896d3e3ac70f84088f60d2871face19df472f248fd84
Instruction Fuzzy Hash: 23F0B462A086905BEB3B15685C887A37F459F8D775F0641B7E94A8B183E5964C03C3B1

Uniqueness

Uniqueness Score: -1.00%

Function 0263A6C0, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc0f5fe4bd506a10ce89a6aa38b115ad713e2296123efc88181692db97b53f38
Instruction ID: b1a53c98c350f9a8469d99def94f391c9d9e0e33406ab01194082924308e6b75
Opcode Fuzzy Hash: dc0f5fe4bd506a10ce89a6aa38b115ad713e2296123efc88181692db97b53f38
Instruction Fuzzy Hash: 5BF0AF39300200DFCB18FB78E5645697BA6EBC92603244179D64ACB358DFB29C02C795

Uniqueness

Uniqueness Score: -1.00%

Function 02639C81, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 738bd1be4dc57041d7e276d826eceb1b3ba7df9536ef77454d46257c172e079f
Instruction ID: 860fe3bc63f31caa7baeb6eb1a75e59902b973825609bab0dce7ae56eeed780b
Opcode Fuzzy Hash: 738bd1be4dc57041d7e276d826eceb1b3ba7df9536ef77454d46257c172e079f
Instruction Fuzzy Hash: 31F0A931309290CFC7555778A4105A83FB2EBC731531845AED04AC72A3DEA59C47CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0263A53F, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 475f2588e6627e294d48e16c74915938172d4c6f414abab1ee9a605ddf6df708
Instruction ID: f2a74978b9fd374cec1e8752ba4ba62bc57033982fa1b5fa110fb09449fe1a61
Opcode Fuzzy Hash: 475f2588e6627e294d48e16c74915938172d4c6f414abab1ee9a605ddf6df708
Instruction Fuzzy Hash: BAF03C76E042099FDB51EFB9E9057AEBBF5EB48320F20416AD648D7284EB318941CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 02635FC0, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e78d30ed55d021ad94a1bf550119ad04440ad15a8c5f10e48a05a692ba53ed36
Instruction ID: f35cd70fa0e01f813fe81da21fdb35299c7cbf08abbbca4b030e4fe53e271a87
Opcode Fuzzy Hash: e78d30ed55d021ad94a1bf550119ad04440ad15a8c5f10e48a05a692ba53ed36
Instruction Fuzzy Hash: 1DF0E931B08154FB8B1A9229D8212BF77EAD785654F400077C907D3381FF305A03C6DA

Uniqueness

Uniqueness Score: -1.00%

Function 0263ACFF, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ef11ead32e2a29b14c8641fc25f70c5795a0776b9fb7dbebe45ee435010b341
Instruction ID: 3bfd9b2459fafcadebb154be13058a16b570198165a2da396273189bb61dcf3a
Opcode Fuzzy Hash: 3ef11ead32e2a29b14c8641fc25f70c5795a0776b9fb7dbebe45ee435010b341
Instruction Fuzzy Hash: E5F02430608B804FC316EB39942051DBF72BEC2A403058AFFC145CBA97CA14590A83A2

Uniqueness

Uniqueness Score: -1.00%

Function 02635FB0, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c06f37b75b65930b6dd1ab9d80ae07df9e252e228c599c5fdda950f3a3b9bcaf
Instruction ID: cb82ab6f5e1ac3f8fd13e71744b1b9fe5e5ee6b9490f41bb7cef631728d471fe
Opcode Fuzzy Hash: c06f37b75b65930b6dd1ab9d80ae07df9e252e228c599c5fdda950f3a3b9bcaf
Instruction Fuzzy Hash: EEF0BE31A04024DBDB199678D9512EE73B6DB84358F5044A7C906E3285FB319A1BCBDA

Uniqueness

Uniqueness Score: -1.00%

Function 02630D34, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47ee9dccd2f75be187d5d7fa0196af6fe6b1058261bd22ba6758b3df18646262
Instruction ID: 9a0eef9bd1fb86bc2b8bd968c0476e343a5f26d7780ba87c55629a4563f46bad
Opcode Fuzzy Hash: 47ee9dccd2f75be187d5d7fa0196af6fe6b1058261bd22ba6758b3df18646262
Instruction Fuzzy Hash: D4F0BE31314140DFC7049B28D888AA97BE6FBC9315F2485BAE44BCB766CF729C0ADB41

Uniqueness

Uniqueness Score: -1.00%

Function 0263C35A, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7aeb0d6159ad8711dc5c2cdf6fa328a67a853755cb46096a9163f5847fb39244
Instruction ID: 740f3b32504774495e506f8fc98985240b5ed3eb3af30c87f7640d076cfa0b4a
Opcode Fuzzy Hash: 7aeb0d6159ad8711dc5c2cdf6fa328a67a853755cb46096a9163f5847fb39244
Instruction Fuzzy Hash: 64F0A7727091502BD75A226D5C1172F3A9B8BC676071941ABF445E7382CE12AC1293E9

Uniqueness

Uniqueness Score: -1.00%

Function 02635B88, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42d2f52726a6f0a610e5db49d62ba27835e7ac48eec6cb00506ae4668fd0977d
Instruction ID: 39a2f4da619e18c5cddc748ece252fe623bea5b92e842600181052bc2a27c0d9
Opcode Fuzzy Hash: 42d2f52726a6f0a610e5db49d62ba27835e7ac48eec6cb00506ae4668fd0977d
Instruction Fuzzy Hash: AAF02E34B280148BDB05A6B89D706EEB3E29B88350F9400ABC907E7280EA201A0686D2

Uniqueness

Uniqueness Score: -1.00%

Function 02637D08, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df01eb2585a4d5876f638a4118969cd327b527544668e1663d9aa9b14f8f629d
Instruction ID: 35f4d6262f9d40acab924b41c160fe70d96cdb5fd06e8a92a0996007b94dbf86
Opcode Fuzzy Hash: df01eb2585a4d5876f638a4118969cd327b527544668e1663d9aa9b14f8f629d
Instruction Fuzzy Hash: 63F090B4A08145DFD70BDB64DC849BAFFB1EF86210B1484A6D102871E2E7305816CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02639065, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64aab747087157ed87e01f7e68a1294002e10be003c420330525efd851c46106
Instruction ID: 832580f1ca47357d6f7dc06aec85b8c867d26601d4558ec9713e83cd9274780b
Opcode Fuzzy Hash: 64aab747087157ed87e01f7e68a1294002e10be003c420330525efd851c46106
Instruction Fuzzy Hash: 77F0E230F00144ABEF049BB4D4546AEBBB6DB81340F108839EA05DB314EB7598028B90

Uniqueness

Uniqueness Score: -1.00%

Function 026345B8, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84ab3e230ba374297d7855edddc4879757fad307b0b415450b5f9c9171e22688
Instruction ID: eb38053538d76706c5dc58d75d593004b41bf3ae47ad298de077ccd17f6fb01b
Opcode Fuzzy Hash: 84ab3e230ba374297d7855edddc4879757fad307b0b415450b5f9c9171e22688
Instruction Fuzzy Hash: CFF0A775A04219DFC711DBA89D51BAAB7F8EF89200F25047BE518E7251E7305908C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 02630918, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6be01f96c5989c23475294ec9d109c37a586f4301b8af2ae0febb06a5d524d4
Instruction ID: 8e4b0c58c1c80165ba06d92519fa2a56669936f9bbef30d0a1ed1d98467a1c62
Opcode Fuzzy Hash: e6be01f96c5989c23475294ec9d109c37a586f4301b8af2ae0febb06a5d524d4
Instruction Fuzzy Hash: 6CE0E532E192189A9B155AF8AC015AFBBA99BD9360F005467DE17A3380DA70480AC2D1

Uniqueness

Uniqueness Score: -1.00%

Function 0263A5EF, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8efd1152bbb6939a0187fc8bd93afbf014b6eabf9977a13f41dbb4814133ed4
Instruction ID: 079fe66e4c8d55e6a5cab8a2a9cd33a6d520c725d808616b28beaae5a4dfbb3e
Opcode Fuzzy Hash: a8efd1152bbb6939a0187fc8bd93afbf014b6eabf9977a13f41dbb4814133ed4
Instruction Fuzzy Hash: A4F0E5343083609FC35667BC80546983FE69F8B21071401FAD146CB7A3DE358C12C751

Uniqueness

Uniqueness Score: -1.00%

Function 026A0938, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611736598.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_26a0000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction ID: 82686afb6ddf9c54a21ec32ac2580abe3744cdbdc6d41171bde481d5bed27868
Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction Fuzzy Hash: 44F0BB35148644DFC615DF40D540B15FBA2FB89718F24C6A9E9491B752C7379813DE81

Uniqueness

Uniqueness Score: -1.00%

Function 02639C98, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6876a0621c90ce6748ac543d8a4d3cbf9b2023582fb6eee9ca4f94a091a8cb4
Instruction ID: 4f0f7b79a24ce9c5eb9a84f156c36f2e3fd6584c46d15c7a721a3251f389abbc
Opcode Fuzzy Hash: f6876a0621c90ce6748ac543d8a4d3cbf9b2023582fb6eee9ca4f94a091a8cb4
Instruction Fuzzy Hash: 2CF0A031300240DB8758A72CB400AA93BE6EBC6329314857DE10BDB351CEB6EC43CB92

Uniqueness

Uniqueness Score: -1.00%

Function 02630D49, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f11f89afbfaa1b49d1ec66f76d51d2533d7b0029c3026008f8994b8817d6989
Instruction ID: 6a8c568b0b6264fbc3bc6ab04affb45a05a1454b236199817ac5e752a6f78c76
Opcode Fuzzy Hash: 3f11f89afbfaa1b49d1ec66f76d51d2533d7b0029c3026008f8994b8817d6989
Instruction Fuzzy Hash: FCF01531714101CFCB559B28E888A997BE2FB89225B20857AE506CB2A9DF719C4A8B51

Uniqueness

Uniqueness Score: -1.00%

Function 02630908, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed72cbadd0b82c1eb3ecb2ce496371d74d7be5f255e048fd23ea11aa0c37981a
Instruction ID: cc53eef467f9ea0952c65861e99b9a34c932cd438385c507a388e6ef8c4aa73a
Opcode Fuzzy Hash: ed72cbadd0b82c1eb3ecb2ce496371d74d7be5f255e048fd23ea11aa0c37981a
Instruction Fuzzy Hash: FBF027319292548EC3069BF48D1126A7BB14B86300B054897C843A7292DA704C0ED392

Uniqueness

Uniqueness Score: -1.00%

Function 02636EF7, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4247104cc1bacfe9f25590c79eb70495c58300e30ef898a3b10b2aa17e91c06b
Instruction ID: 679b73012170de9e6d42601ce2f709851a8e0908d5d9af33b4b59e7f6c2a3f2b
Opcode Fuzzy Hash: 4247104cc1bacfe9f25590c79eb70495c58300e30ef898a3b10b2aa17e91c06b
Instruction Fuzzy Hash: C2F06D35B152144BDF05B3B9A8243ADB7939FC1A18F84407CD916DBBC1EF644D019BD6

Uniqueness

Uniqueness Score: -1.00%

Function 0263AC70, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d01dcc75e048747ef56fe26eb57f50a1278f3611edf73dd873736171e13cc186
Instruction ID: 24aca5f2faa5156d678e246e0ed811305fafe9bfebdd3dd15fd2bc1fa4cc101b
Opcode Fuzzy Hash: d01dcc75e048747ef56fe26eb57f50a1278f3611edf73dd873736171e13cc186
Instruction Fuzzy Hash: A5E0E575608B505BC3258B6AD800603FBEAAFC1725F098A6FE29486652CBB058058BA0

Uniqueness

Uniqueness Score: -1.00%

Function 0263E443, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c301c40338e86716d52db082abeda398231dbec7b4b6083ff3fcfad851b318f
Instruction ID: de07d3ef80a5e6407ef5ce502a24f331fae9a0f376c7617d487aade761f67d40
Opcode Fuzzy Hash: 9c301c40338e86716d52db082abeda398231dbec7b4b6083ff3fcfad851b318f
Instruction Fuzzy Hash: 8EE0DF312046245B9625E66CD41192A7B9ACFCEB74314847ED50ADB302EEA3EC0287F0

Uniqueness

Uniqueness Score: -1.00%

Function 0263DC12, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04b7e54bea7597e6db7a820b0453efb98940f7acca9351c4955ee9beb991fdec
Instruction ID: 85d29844f2c096dbe353174ab25b7a10f1303863da4ad830b34a3e355e1099f0
Opcode Fuzzy Hash: 04b7e54bea7597e6db7a820b0453efb98940f7acca9351c4955ee9beb991fdec
Instruction Fuzzy Hash: BEE09A313546108BC726D66CD921A2A7BAAEBC6725318892ED00A8B741DEA2DC068790

Uniqueness

Uniqueness Score: -1.00%

Function 026A05F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611736598.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_26a0000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc24cc9b2a8de55d8f72094b8ca9f233a0ece80aae273016c763353c83496320
Instruction ID: 6e29ccc36f638fa6aad7d4d41a1901abb2e1815834f4dbc930a2b9fb6a0cc2e3
Opcode Fuzzy Hash: fc24cc9b2a8de55d8f72094b8ca9f233a0ece80aae273016c763353c83496320
Instruction Fuzzy Hash: D7E06D76A046008B9650CF0AEC41462F798EB88630B18C06FDD0D8B701E235B9088EA5

Uniqueness

Uniqueness Score: -1.00%

Function 02638238, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 385ac7a11ed5e44e2d976e2924dba922e6901458321c937612c267d78b9f769f
Instruction ID: 4a567a9a98094d2da9085b2b79d4f269f4cd276a310b21538a9eb37ff5b5a217
Opcode Fuzzy Hash: 385ac7a11ed5e44e2d976e2924dba922e6901458321c937612c267d78b9f769f
Instruction Fuzzy Hash: 1DE09235F181209B8BA53BE8A618A557BEAEBCC6A13240267ED0AD3344DF708C018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 02634701, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5d7808b08a1e9982c3fa5de1f2470a14d846abddeadec70dc455d6204c7f598
Instruction ID: 2a284bff4b481b5c9511372798eb0216ad35b52e3608dfccc934ee115ea81f8b
Opcode Fuzzy Hash: b5d7808b08a1e9982c3fa5de1f2470a14d846abddeadec70dc455d6204c7f598
Instruction Fuzzy Hash: 6DE092363092908FD31752B499603A97B718BC7250B5904ABD441DF7A2E9259C0BC3A2

Uniqueness

Uniqueness Score: -1.00%

Function 0263E448, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43a5b5e9facd0570891e9b894dc092b3f910acc4f38509db3b0979bfeebb5e77
Instruction ID: fe562f9e2d5a6d965ea21e85c90a67e64e14375ea91022059b63ce2205e6feb5
Opcode Fuzzy Hash: 43a5b5e9facd0570891e9b894dc092b3f910acc4f38509db3b0979bfeebb5e77
Instruction Fuzzy Hash: F2E0DF312046105B8625D66CC41082A7B9ACFCEB30310842ED40A8B302EE63EC0287E0

Uniqueness

Uniqueness Score: -1.00%

Function 0263DC18, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 694df69b9385c0d19b39bcae7d3a831e9c9e295eac179ffcbc78e489ea0818bf
Instruction ID: af2526334c094690b7a472d9674bb8a5e063d84f2a88b040fe6dbd96d3e41ec8
Opcode Fuzzy Hash: 694df69b9385c0d19b39bcae7d3a831e9c9e295eac179ffcbc78e489ea0818bf
Instruction Fuzzy Hash: FCE0DF312542109B8725D65DC42092A7B9EDBC2724314882ED40A8B300EEA2EC0287D0

Uniqueness

Uniqueness Score: -1.00%

Function 0263B8D8, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
Instruction ID: 886d2c0bc29eaaa3d940266c39aab6aa9afeb34aecabb3c0b08d703db89ef43b
Opcode Fuzzy Hash: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
Instruction Fuzzy Hash: 4CF0A536604B049F8335DF5AD544C17F7FAEF897243118A6EE59A83A14C770F8058BA5

Uniqueness

Uniqueness Score: -1.00%

Function 009AADB3, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.610829048.00000000009A2000.00000040.00000001.sdmp, Offset: 009A2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9a2000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0149b633997eaf6cc5f35bda39fd193c98aa05de3022fb6d98082bb60732fba0
Instruction ID: 01624dff6274e34e5231c704f7028bb6f7cccc4dbcb0b89c8fa374e9abcb40d2
Opcode Fuzzy Hash: 0149b633997eaf6cc5f35bda39fd193c98aa05de3022fb6d98082bb60732fba0
Instruction Fuzzy Hash: FEE0D87290020467D2108F0AEC41F63FB5CEB40A30F14C557EF0C5B702D271B5088AF5

Uniqueness

Uniqueness Score: -1.00%

Function 0263C69B, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dac74e47d06432920f91251270520f184f306a949b42c5d70463ef41889cc8f
Instruction ID: 405560d349daadfb229a06055bf4d2df7f12986d9d95e9c7ef6afc0ef09f2a05
Opcode Fuzzy Hash: 2dac74e47d06432920f91251270520f184f306a949b42c5d70463ef41889cc8f
Instruction Fuzzy Hash: FFE0C231308028A7C91A226E802497E72CBDEC7666334506BB107EB321CD82EC12C3E2

Uniqueness

Uniqueness Score: -1.00%

Function 02635F60, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6802f3507274d5ef1b3074ce341f2e14553bad95e83a71cef13756d1e9ac9391
Instruction ID: 4384f52bdc53bb42da6768fce64f29241a584eaeea790221cf3bd7eda9a261c6
Opcode Fuzzy Hash: 6802f3507274d5ef1b3074ce341f2e14553bad95e83a71cef13756d1e9ac9391
Instruction Fuzzy Hash: 97F0E52291C6E18FD30353F418187593FE19B87255B8D04EFE887E71A3CA584840C3D3

Uniqueness

Uniqueness Score: -1.00%

Function 02638232, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 627a5d9cf4ab110e97c9d871bc99f5ee98ae408461c88f44553c2ad48cd7d840
Instruction ID: f79af8a0a3b08eb2ef5b5af98fe8b1730a7d4d914d639d878e800eef519f3ef1
Opcode Fuzzy Hash: 627a5d9cf4ab110e97c9d871bc99f5ee98ae408461c88f44553c2ad48cd7d840
Instruction Fuzzy Hash: 67E0D835E191218BCB522BE4E548694BBF5EB8D671314025BF909C7300DB308C01CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 0263C6A0, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd3cb4373b82fa4c689a3a328e45d7896a349a7fcf4881b79d846c90c655451a
Instruction ID: f3e258475cba8b7611c6d25a39a4be06b7704e9fa1147e9ff8e45660b5a2b05c
Opcode Fuzzy Hash: cd3cb4373b82fa4c689a3a328e45d7896a349a7fcf4881b79d846c90c655451a
Instruction Fuzzy Hash: E8E0123571801897C91A625E502497E72CB9EC7662335506BB1079B361DD529C12C392

Uniqueness

Uniqueness Score: -1.00%

Function 026380AD, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f649cc80352d318d27259760870f270023d9af6a2bd861406dee41f59309b831
Instruction ID: 479c4675137197e749a59921d640ec2d55bc20058df6f282479718d91c5918ad
Opcode Fuzzy Hash: f649cc80352d318d27259760870f270023d9af6a2bd861406dee41f59309b831
Instruction Fuzzy Hash: BCE0E53121838ACBC70AEF58E9809D93F65FB54314750D726F9018F21CDBB19907CB82

Uniqueness

Uniqueness Score: -1.00%

Function 026380B0, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77491a07bb627ce4caa87f033f9c9c0fbd2efe76f5b795c322f674ae946f3243
Instruction ID: 30a0094fd8a71807fe278961a4327eee3fcf3e17b17623f69012bd986092b3b2
Opcode Fuzzy Hash: 77491a07bb627ce4caa87f033f9c9c0fbd2efe76f5b795c322f674ae946f3243
Instruction Fuzzy Hash: 5FE07531118389CBC706EB58E9809D93B65FA543147909726F9018B21DDBB1A907CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0263ED80, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d1f0ec9bf82d14477ee98e05289f6b695e7f1a3a277d64b33b31c0e6de71ea6
Instruction ID: 17b8471cf35db56e4b9f4807d27d41b48bce2859f88ffbce8fb72e04c26814f2
Opcode Fuzzy Hash: 2d1f0ec9bf82d14477ee98e05289f6b695e7f1a3a277d64b33b31c0e6de71ea6
Instruction Fuzzy Hash: DAE0C276D4E2885FDF0227B17C002AC7F248E92192F0501D7C91983282EAB200288A52

Uniqueness

Uniqueness Score: -1.00%

Function 0263E489, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d2f80cd1fdb93e07d47eb131fcf7a00f24eb902c78c5105d169c93b4a525761
Instruction ID: b8fb2b2048bae4d58bc2a47b55526b6914d8af9014b1c4610ee443c1596d8c07
Opcode Fuzzy Hash: 3d2f80cd1fdb93e07d47eb131fcf7a00f24eb902c78c5105d169c93b4a525761
Instruction Fuzzy Hash: 4EE086315497418FC72A4A2258106A67B31DF0E776B0145AFD0864B983D2AA5806CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 02635F70, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04e542501fb1a9fbe2dda2ca3d898b1fe3691341f0dbf9ca14d99e6afab889a5
Instruction ID: 46a0503583d2fc03e190e27c1f600b5894febea0fff6992695b6b6c5f464ff27
Opcode Fuzzy Hash: 04e542501fb1a9fbe2dda2ca3d898b1fe3691341f0dbf9ca14d99e6afab889a5
Instruction Fuzzy Hash: FFD05B7161C5158BD70526D9580576936CDDB89651F84003EEE07C7290DFD58C41C6EB

Uniqueness

Uniqueness Score: -1.00%

Function 0263DC63, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29c71be89efe385b17622a5db37948e1a42ad892eb741061fb836c73b26c9493
Instruction ID: b76a7f85fe1a42898068aae96529113d4ff12d024c24d34b560891dc9e0a59ea
Opcode Fuzzy Hash: 29c71be89efe385b17622a5db37948e1a42ad892eb741061fb836c73b26c9493
Instruction Fuzzy Hash: 4FD05EB1138624EFC62E1665D400AB2B3ECE709516710492FF54BCA601C6F2EC03C7E5

Uniqueness

Uniqueness Score: -1.00%

Function 0263ED43, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7e06b28d3d1a491517b5fbaaedb19b837a8e143b5da2c81f5907d3b7c4bf266
Instruction ID: 7d3d0cde2453db148291510f8b1ceb39caa03925998de9ffa01e0a43e62ff070
Opcode Fuzzy Hash: d7e06b28d3d1a491517b5fbaaedb19b837a8e143b5da2c81f5907d3b7c4bf266
Instruction Fuzzy Hash: E6D05E3534822827AB14E6ACCC22A3AB7CEDBC6714304846AF40AD7341CD629C0283D1

Uniqueness

Uniqueness Score: -1.00%

Function 0263DC68, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 299de1e8dd0be1c98efa27594d72b438d2724536e39b558ba80c00344f30bffc
Instruction ID: bcd15ac74dc3d546b3e1b94dc54f641b6865bbc5d1d8691dd0dd41dc53f059f8
Opcode Fuzzy Hash: 299de1e8dd0be1c98efa27594d72b438d2724536e39b558ba80c00344f30bffc
Instruction Fuzzy Hash: 4ED05EB1138624EFC62E165590009B2B3ECE708512710492FE54B8A600C6E29C03C3D1

Uniqueness

Uniqueness Score: -1.00%

Function 0263016F, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81f6a862938cfc9df663556ee19a1c2d7e05d40ef6e6783a59e5ae1fbee46ad8
Instruction ID: 5894cdafc6c2db251fc0f72f28601aa8b472d93e2d0c71ba7f2f5504e84a2b19
Opcode Fuzzy Hash: 81f6a862938cfc9df663556ee19a1c2d7e05d40ef6e6783a59e5ae1fbee46ad8
Instruction Fuzzy Hash: 7CD02B775053004FD70117B04C251DC3361DFD322530D4576D036876E0E936D0418158

Uniqueness

Uniqueness Score: -1.00%

Function 02637178, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bdfab559e036c80b8666ea5a8d19b31ce31e4f23c352dbd8a5ff633b0958ab2
Instruction ID: fc4b262d98df870d3ac58682df5fe2e8a81e6f9348fb021d8c8f89ab198eeb5d
Opcode Fuzzy Hash: 4bdfab559e036c80b8666ea5a8d19b31ce31e4f23c352dbd8a5ff633b0958ab2
Instruction Fuzzy Hash: 33D0C2B3008314FAC33B8AA5A800762FBAD5B52204F0C096FC04205548C6A1E087C3D2

Uniqueness

Uniqueness Score: -1.00%

Function 0263ED48, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b177cd224cce202758c5706ff03428343ae285fac7c42266a1eaddf690c76685
Instruction ID: b0b3d797149567019ccb437d2500404b339ca5765ccdf5dcf9d5b4293f51c990
Opcode Fuzzy Hash: b177cd224cce202758c5706ff03428343ae285fac7c42266a1eaddf690c76685
Instruction Fuzzy Hash: A1D0A73434422827AA14E6ACC82193A73CEDBC6710304846EF40AD7341CD629C0283D1

Uniqueness

Uniqueness Score: -1.00%

Function 02638DE0, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91cddeb92174a733c4a9fc8bd9313927d0b7ce71fd4509e4731b1356a3e8ff71
Instruction ID: 0a94da38f364cb8dce943e60e5cd977fc23deb47eb7e8b933beba72914726b12
Opcode Fuzzy Hash: 91cddeb92174a733c4a9fc8bd9313927d0b7ce71fd4509e4731b1356a3e8ff71
Instruction Fuzzy Hash: 8FD05E6114D3C0DFD21B12A14D267E07BA0AF26280F110883A4469B0F3A595080EE296

Uniqueness

Uniqueness Score: -1.00%

Function 02636B40, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
Instruction ID: faf9709e79a569b452ece1810eabc85a151740b6865f6e6c0674bd805f146dd8
Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
Instruction Fuzzy Hash: A3D0423AA00004DFC705CB88D5949D9F7F1EB88329F28C1A6D919A7251C732ED56CE50

Uniqueness

Uniqueness Score: -1.00%

Function 0263E498, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b40050bcbc26748d2f5a99bf94108b0e6745a6589f4bfb562a7f38b3aa970da1
Instruction ID: 82a0d6510777c066d214894446793d7a5dd368748ea8a1b6aa1c42bc3266e7a5
Opcode Fuzzy Hash: b40050bcbc26748d2f5a99bf94108b0e6745a6589f4bfb562a7f38b3aa970da1
Instruction Fuzzy Hash: B9D02230409201CB872E8E02E1004A2B369EE0C232300483EC04B03B02DBFBBC02CFF0

Uniqueness

Uniqueness Score: -1.00%

Function 009923F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.610744909.0000000000992000.00000040.00000001.sdmp, Offset: 00992000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_992000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bb0a266fde00fcd6253959f9672af30c28376bb293349cce808be16ef1bbdf4
Instruction ID: 591e6776cd66d9063aac5edc84bdf0964c61f616c8f1fe630e6d831eb006b4c8
Opcode Fuzzy Hash: 9bb0a266fde00fcd6253959f9672af30c28376bb293349cce808be16ef1bbdf4
Instruction Fuzzy Hash: E8D05E79219A819FD7268B1CC1A8B953B98AB61B04F4644FDE8008B673C368D9C1D200

Uniqueness

Uniqueness Score: -1.00%

Function 02630650, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6851a7d35eb2fa15fcf7929454933bdd988534f73d8720fef172b836f1b71ae8
Instruction ID: 41b8703dba7b603ca011a750422006e7059a17d5c9c49e7e93a12bb8481f3f58
Opcode Fuzzy Hash: 6851a7d35eb2fa15fcf7929454933bdd988534f73d8720fef172b836f1b71ae8
Instruction Fuzzy Hash: 0AD0C97605E3808EC30757F06E291997F719F9321274A88ABD480A98B389395496D763

Uniqueness

Uniqueness Score: -1.00%

Function 02638DAD, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1552e2491150e0b8854aaba9e1d982ee6957728afd33db758be1bf262104d0c4
Instruction ID: 5476015b2111b2073e4974b848e51818d013a27b8735682723cb06d66c3cacb6
Opcode Fuzzy Hash: 1552e2491150e0b8854aaba9e1d982ee6957728afd33db758be1bf262104d0c4
Instruction Fuzzy Hash: 11D0C970608250DBDB49AB78A4855AC37B2FE902107244A28E546CBA96DBB99C469742

Uniqueness

Uniqueness Score: -1.00%

Function 009923BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.610744909.0000000000992000.00000040.00000001.sdmp, Offset: 00992000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_992000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dd9d197fdaf7a12df2c2ed7143e57ddc4a3970be60e5ec28168de8ea8b7de1c
Instruction ID: 1ad52823ac01698fccae79fd36337aaf9252f4ecd723e0bf54c3b31daaa27221
Opcode Fuzzy Hash: 9dd9d197fdaf7a12df2c2ed7143e57ddc4a3970be60e5ec28168de8ea8b7de1c
Instruction Fuzzy Hash: C5D05E342002818BCB15DB0CC595F5937D8AB41B00F0644E8AC008B662C3A8DC81C600

Uniqueness

Uniqueness Score: -1.00%

Function 0263766E, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60b162c95fe17fd50ec1734bff25b709eae8278e055db8798b1962332cb75125
Instruction ID: 5e98c8d0e07a7e8347c3d006827b2366b8df3c40e78e1f35093331c93d499eab
Opcode Fuzzy Hash: 60b162c95fe17fd50ec1734bff25b709eae8278e055db8798b1962332cb75125
Instruction Fuzzy Hash: 86D09E74914209DF8B56DF75D95449D77F0EB1A3217200725D5029B395E7345D11CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02630180, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c39cd0593106796c7599812c1ed6edfbf3041b3767fd3441a772ad360faf5508
Instruction ID: 8205f3c2d9bc8309da9284d1195b70783d2a060aa1b9acf2e19c5fcd40bb6f35
Opcode Fuzzy Hash: c39cd0593106796c7599812c1ed6edfbf3041b3767fd3441a772ad360faf5508
Instruction Fuzzy Hash: 4AD01230214304CFCB082B70E41842833A5AF46205304087CD81787750DF36D840DA84

Uniqueness

Uniqueness Score: -1.00%

Function 02635710, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97d8067c0bde5fa6e2f4be96e66039faf3d5edbb1d32f0f058f12df37271b19e
Instruction ID: f1e170934d4f0b34c00a16de6b0e0bae8a00a6a84deb1d57dbc1bc89d5c73784
Opcode Fuzzy Hash: 97d8067c0bde5fa6e2f4be96e66039faf3d5edbb1d32f0f058f12df37271b19e
Instruction Fuzzy Hash: 10C02B3021C204CF8E2027F03C1D33E376C9F051C13820014E80BC7210EF268000E1E1

Uniqueness

Uniqueness Score: -1.00%

Function 02638F80, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95904ad57be898a7fe9a34cd72c869ad6e181dd2ed9e7f58ec84e9c3e6b2af94
Instruction ID: 27cc443e0127e10b7aff2293163b7cd1981c96576c3f755131af45b32f1131c7
Opcode Fuzzy Hash: 95904ad57be898a7fe9a34cd72c869ad6e181dd2ed9e7f58ec84e9c3e6b2af94
Instruction Fuzzy Hash: 58B092312642480AEA60AAB67944B66338C8740658F440075B90CC6A00E68EE8902141

Uniqueness

Uniqueness Score: -1.00%

Function 0263C469, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 400398d4906d873c10acdbdfd50e22296b257d349472d1f9e73efa06fe738e55
Instruction ID: 37ab66f271f95b68dba7e411fa3250ad9bd01080717684a11485bbb08b8d6882
Opcode Fuzzy Hash: 400398d4906d873c10acdbdfd50e22296b257d349472d1f9e73efa06fe738e55
Instruction Fuzzy Hash: B0D0127040E3C18FCB1347718929600BF30DF4330AB1A08DFD1848E1D3D2AA8445CB12

Uniqueness

Uniqueness Score: -1.00%

Function 02638DF0, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a33daa5fb05af76b1801cd001082f902cfb18ae48df9e73410857698dbaf94be
Instruction ID: 433846c52b117704871c4cb4fb4e8473854770ab184616b8a275627eaa551ce9
Opcode Fuzzy Hash: a33daa5fb05af76b1801cd001082f902cfb18ae48df9e73410857698dbaf94be
Instruction Fuzzy Hash: 22C092B828C248E3D46F16922D0ABF5B2E8AB74B01F000802B60F270D029E62816D4DA

Uniqueness

Uniqueness Score: -1.00%

Function 02630660, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7acf521e0bbf4fc57cb58840073c2bd5806b30237c032db34ff5b48a35a58d25
Instruction ID: b29b60e72be974632888eec88c573b2c54fdd528e7eb2e40aaad3dfbf7283df1
Opcode Fuzzy Hash: 7acf521e0bbf4fc57cb58840073c2bd5806b30237c032db34ff5b48a35a58d25
Instruction Fuzzy Hash: 6FC09B7105D668CFC25D57B16C05539B259DBD3705760C4359501101358D729477D955

Uniqueness

Uniqueness Score: -1.00%

Function 0263CE40, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f9a518e7d0c449baad98430de7a1c6fc6e888f0ef65c5c9767da671ddba8a6
Instruction ID: 2e4a04c23dc281bdc3f1d73fefc80d3e4ad312ade7ec92212ab7146d4c7eb1a2
Opcode Fuzzy Hash: 00f9a518e7d0c449baad98430de7a1c6fc6e888f0ef65c5c9767da671ddba8a6
Instruction Fuzzy Hash: 94B0923001C308DBC20AA75AEC4A869BA6CFD42611B80812AFA06951999FA02903D6E6

Uniqueness

Uniqueness Score: -1.00%

Function 02632EC0, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 405dd05b3c5bed250b3bda0f3b129aed3dc632642f8e7af0973b6fc038149cce
Instruction ID: 3d0f4f5c77884e324394b8e15b9bc05dbd97c0216f2e4958117d9080c06670be
Opcode Fuzzy Hash: 405dd05b3c5bed250b3bda0f3b129aed3dc632642f8e7af0973b6fc038149cce
Instruction Fuzzy Hash: 82B0113022C20A0F2B80ABB22C0AB2233CCAE8080A38000A0AC0CC8200FA00E8A032C0

Uniqueness

Uniqueness Score: -1.00%

Function 02636B64, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
Instruction ID: 15c20392c4881876088ca5d3a66f7426f4abbb470cd593a2759bcd208d01e356
Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
Instruction Fuzzy Hash: 99B092B7A04008D9DB008A84F4413EDF724E790329F104023C31162000C2720175CA95

Uniqueness

Uniqueness Score: -1.00%

Function 02635F40, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab127eabe24ff048b2eb964fc0f1b81dff4a27a5e0acb93044cdf84ba28103fe
Instruction ID: d696097afa511aff87d4ee62033dbf9b67ad615373752e7a110124d5142cf10a
Opcode Fuzzy Hash: ab127eabe24ff048b2eb964fc0f1b81dff4a27a5e0acb93044cdf84ba28103fe
Instruction Fuzzy Hash: 1EC09B6A50D7D0CFD72346A44874584BBB0D5171103DD04E9C8C2C3712E54C4805C225

Uniqueness

Uniqueness Score: -1.00%

Function 0263ED90, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f99cb8b602ada0854224ee885653dbb49c282e4b160f8ea01b3aacf7aacc5a7
Instruction ID: 397df870fc38d011a84182aaacf4ad46bcad2d688d8f6dd44f001d1e5ed75d9d
Opcode Fuzzy Hash: 5f99cb8b602ada0854224ee885653dbb49c282e4b160f8ea01b3aacf7aacc5a7
Instruction Fuzzy Hash: 97B0123194570C4BDD8033F0740822D779D1DC095078000159D1D43201FE74A4008899

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0029524A, Relevance: .6, Instructions: 585COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.609531824.0000000000292000.00000002.00020000.sdmp, Offset: 00290000, based on PE: true

Associated: 00000000.00000002.609500566.0000000000290000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.609628913.00000000002B2000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_290000_manager.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8098e29a36d30d9914beb125c3c34926cfb2a16b1f5591641f6e75a409070f65
Instruction ID: b4b77a6d4bbe19b7138d13c0934f8f57db34361aa40af35196a2aa82a66fa6b3
Opcode Fuzzy Hash: 8098e29a36d30d9914beb125c3c34926cfb2a16b1f5591641f6e75a409070f65
Instruction Fuzzy Hash: BC32646144F7D24FDB635B788CB86A17FB0AE6321474E49CBC4C1CF4A3E6291959C722

Uniqueness

Uniqueness Score: -1.00%

Function 0263306F, Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80d74e8f69691dfd2381b90d12039a443fb4b11b55d81337829a5e444145bb2c
Instruction ID: 3a95237af9fc33f077490161686e2128e9179263a0ee60521b2145d4f1158c3b
Opcode Fuzzy Hash: 80d74e8f69691dfd2381b90d12039a443fb4b11b55d81337829a5e444145bb2c
Instruction Fuzzy Hash: DF514C72F015159BD728DB6DC990B5EBBE3AFC8310F2A81A5D419DB3A9DE30DD018B80

Uniqueness

Uniqueness Score: -1.00%

Function 02630D93, Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

,:kr, xrefs: 02630E38
0jr, xrefs: 02630F8E
X1kr, xrefs: 02630F1C
:@Dr, xrefs: 026310CB

Memory Dump Source

Source File: 00000000.00000002.611663727.0000000002630000.00000040.00000001.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_manager.jbxd

Similarity

API ID:
String ID: ,:kr$0jr$:@Dr$X1kr
API String ID: 0-1245831938
Opcode ID: ed88239550f0bf97454df40248b6d43e3ff3ea014861bbf307a88aae3013d381
Instruction ID: 6657bf2823dee666231d89c633b83b6d5ec8719b619052c0d47af4d4d3c4e27e
Opcode Fuzzy Hash: ed88239550f0bf97454df40248b6d43e3ff3ea014861bbf307a88aae3013d381
Instruction Fuzzy Hash: 41B1B570A08344CFD3A4DF789160B6ABFE2FB94704F60596EE5898B399DF719841CB42

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used or give context to information collected by a keylogger.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report manager.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: NanoCore

Yara Overview

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Overview

AV Detection:

E-Banking Fraud:

Stealing of Sensitive Information:

Remote Access Functionality:

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

Function 02633850, Relevance: 2.0, Strings: 1, Instructions: 750
COMMON

Function 0263AF3C, Relevance: 1.8, Strings: 1, Instructions: 561
COMMON

Function 026309A5, Relevance: 5.2, Strings: 4, Instructions: 175
COMMON

Function 0263937B, Relevance: 2.7, Strings: 2, Instructions: 187
COMMON

Function 026302E8, Relevance: 2.7, Strings: 2, Instructions: 180
COMMON

Function 026343C0, Relevance: 2.6, Strings: 2, Instructions: 125
COMMON

Function 02638E18, Relevance: 2.6, Strings: 2, Instructions: 123
COMMON

Function 0263C488, Relevance: 2.6, Strings: 2, Instructions: 59
COMMON

Function 0263C498, Relevance: 2.6, Strings: 2, Instructions: 59
COMMON

Function 02635AA0, Relevance: 2.5, Strings: 2, Instructions: 27
COMMON

Function 02635AB0, Relevance: 2.5, Strings: 2, Instructions: 20
COMMON

Function 026312A0, Relevance: 1.7, Strings: 1, Instructions: 460
COMMON

Function 02691BDD, Relevance: 1.6, APIs: 1, Instructions: 135
COMMON

Function 026912D9, Relevance: 1.6, APIs: 1, Instructions: 105
networkCOMMON

Function 026921B0, Relevance: 1.6, APIs: 1, Instructions: 95
timeCOMMON