Edit tour

Windows Analysis Report
SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Overview

General Information

Sample Name:	SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe
Analysis ID:	1317305
MD5:	ec83b4eabdee9d3e7d3d2c04c874d1b8
SHA1:	dcf9c858a5244ae1528d334f6a2e2ad98709548a
SHA256:	d84acd554675283504bdd27f2c36ee8dbd09dd89d3dff7f139eadcf186c3626d
Tags:	exe
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

PE file has a writeable .text section

Machine Learning detection for sample

Contains functionality to modify clipboard data

Creates a DirectInput object (often for capturing keystrokes)

Uses 32bit PE files

Found inlined nop instructions (likely shell or obfuscated code)

Uses a known web browser user agent for HTTP communication

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Binary contains a suspicious time stamp

Detected potential crypto function

Potential key logger detected (key state polling based)

Found potential string decryption / allocating functions

Contains functionality to call native functions

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality to read the clipboard data

Found large amount of non-executed APIs

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64

SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe (PID: 6908 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe MD5: EC83B4EABDEE9D3E7D3D2C04C874D1B8)

cleanup

HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 30 Sep 2023 17:39:19 GMTContent-Type: text/htmlContent-Length: 619Connection: keep-aliveData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 77 70 73 73 73 2e 63 6f 6d 2f 6d 79 70 68 70 2f 71 71 2e 70 68 70 3f 6b 3d 34 66 64 33 39 66 32 38 66 37 62 61 38 66 61 38 63 32 62 30 65 36 33 33 61 63 39 34 39 61 33 61 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 69 7a 6a 36 63 37 72 6d 6c 30 33 31 78 66 31 37 6d 30 6c 6e 6c 69 7a 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 33 2f 31 30 2f 30 31 20 30 31 3a 33 39 3a 31 39 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 2f 32 2e 33 2e 32 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center> Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http://www.wpsss.com/myphp/qq.php?k=4fd39f28f7ba8fa8c2b0e633ac949a3a</td></tr><tr><td>Server:</td><td>izj6c7rml031xf17m0lnliz</td></tr><tr><td>Date:</td><td>2023/10/01 01:39:19</td></tr></table><hr/>Powered by Tengine/2.3.2<hr><center>tengine</center></body></html>

Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	String found in binary or memory: http://WScript.Shellrundll32.exe
Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000003.461755133.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000002.598406191.00000000005FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctl.wpsss.com/
Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	String found in binary or memory: http://www.94df.com
Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	String found in binary or memory: http://www.wpsss.com/myphp/qq.php?k=
Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000003.461732634.0000000000623000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000002.598442209.0000000000623000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000002.598442209.0000000000632000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000002.598406191.00000000005BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000003.333192159.0000000000632000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000003.461732634.0000000000632000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000003.333192159.0000000000623000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.wpsss.com/myphp/qq.php?k=4fd39f28f7ba8fa8c2b0e633ac949a3a
Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000002.598406191.00000000005BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.wpsss.com/myphp/qq.php?k=4fd39f28f7ba8fa8c2b0e633ac949a3aJ

Source: unknown

DNS traffic detected: queries for: www.wpsss.com

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Code function: 1_2_00439A90 ioctlsocket,recvfrom,

1_2_00439A90

Source: global traffic	HTTP traffic detected: GET /myphp/qq.php?k=4fd39f28f7ba8fa8c2b0e633ac949a3a HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; )Host: www.wpsss.com
Source: global traffic	HTTP traffic detected: GET /myphp/qq.php?k=4fd39f28f7ba8fa8c2b0e633ac949a3a HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; )Host: www.wpsss.com

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to modify clipboard data

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_004429B0 GlobalAlloc,GlobalFix,GlobalUnWire,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,		1_2_004429B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00411AF0 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalFix,GlobalUnWire,SetClipboardData,CloseClipboard,		1_2_00411AF0

Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000002.598406191.00000000005BA000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

memstr_3fefbd5a-1

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_004783FC GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,	1_2_004783FC
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0042F240 GetKeyState,GetKeyState,GetKeyState,GetKeyState,	1_2_0042F240
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00441210 GetKeyState,GetKeyState,GetKeyState,CopyRect,	1_2_00441210
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0042D600 IsWindowEnabled,TranslateAccelerator,IsChild,GetFocus,PostMessageA,PostMessageA,SendMessageA,IsChild,IsWindow,IsWindowVisible,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetParent,SendMessageA,WinHelpA,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,IsWindow,	1_2_0042D600
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00479F23 GetKeyState,GetKeyState,GetKeyState,GetKeyState,	1_2_00479F23

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Code function: 1_2_00442B00 OpenClipboard,GetClipboardData,CloseClipboard,GlobalSize,GlobalFix,GlobalUnWire,CloseClipboard,

1_2_00442B00

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Code function: 1_2_004429B0 GlobalAlloc,GlobalFix,GlobalUnWire,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,

1_2_004429B0

System Summary

PE file has a writeable .text section

Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_004135D0	1_2_004135D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_004661C0	1_2_004661C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0045A710	1_2_0045A710
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00428940	1_2_00428940
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00470C41	1_2_00470C41
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_004DAD00	1_2_004DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0046CE76	1_2_0046CE76
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_004252C0	1_2_004252C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00427470	1_2_00427470
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00449650	1_2_00449650
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0043D6D0	1_2_0043D6D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0047769D	1_2_0047769D
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0044B6B0	1_2_0044B6B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00431880	1_2_00431880
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0042F900	1_2_0042F900
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00459C70	1_2_00459C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00437F30	1_2_00437F30

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: String function: 00465CFF appears 42 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: String function: 0047675E appears 49 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: String function: 00467024 appears 97 times

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_004768A3 NtdllDefWindowProc_A,	1_2_004768A3
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0047708F NtdllDefWindowProc_A,CallWindowProcA,	1_2_0047708F
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0042A0D0 GetClassInfoA,LoadCursorA,GetStockObject,NtdllDefWindowProc_A,	1_2_0042A0D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00478C46 NtdllDefWindowProc_A,	1_2_00478C46
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00477427 wsprintfA,GetClassInfoA,NtdllDefWindowProc_A,	1_2_00477427
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00477437 wsprintfA,wsprintfA,GetClassInfoA,NtdllDefWindowProc_A,	1_2_00477437

Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Code function: 1_2_004761DD FindResourceA,LoadResource,LockResource,

1_2_004761DD

Source: classification engine

Classification label: mal52.spyw.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Window detected: Number of UI elements: 12

Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Static file information: File size 1129186 > 1048576

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_004DA00A push ebp; ret	1_2_004DA00D
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_004DA014 push 00464106h; ret	1_2_004DA425
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00467024 push eax; ret	1_2_00467042
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_004656E0 push eax; ret	1_2_0046570E

Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Static PE information: section name: .aspack
Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Static PE information: section name: .adata
Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Static PE information: section name: .snaker

Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Static PE information: 0x6B616E73 [Tue Feb 2 05:49:39 2027 UTC]

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Code function: 1_2_004268B0 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,LdrInitializeThunk,FreeLibrary,FreeLibrary,

1_2_004268B0

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0042A590 DestroyCursor,IsWindowVisible,IsIconic,IsZoomed,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMenu,DeleteMenu,GetSystemMenu,	1_2_0042A590
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0042E7F0 IsIconic,IsZoomed,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsWindow,ShowWindow,	1_2_0042E7F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0042AC60 IsIconic,IsZoomed,	1_2_0042AC60
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_004252C0 IsWindow,IsIconic,SetActiveWindow,IsWindow,IsWindow,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,SetParent,SetWindowPos,IsWindow,SendMessageA,SendMessageA,DestroyAcceleratorTable,IsWindow,IsWindow,IsWindow,IsWindow,IsWindow,GetParent,GetFocus,IsWindow,SendMessageA,IsWindow,GetFocus,SetFocus,	1_2_004252C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00463D3F IsIconic,GetWindowPlacement,GetWindowRect,	1_2_00463D3F

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe TID: 6972	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe TID: 3620	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

API coverage: 5.1 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00426E50 FindNextFileA,FindClose,FindFirstFileA,FindClose,	1_2_00426E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0042F090 FindFirstFileA,FindClose,	1_2_0042F090
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_00475849 __EH_prolog,GetFullPathNameA,lstrcpyn,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpy,	1_2_00475849
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0041BCB0 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA,	1_2_0041BCB0

Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000003.461732634.0000000000623000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000002.598442209.0000000000623000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000002.598406191.00000000005BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000003.333192159.0000000000623000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000003.461732634.0000000000623000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000002.598442209.0000000000623000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000003.333192159.0000000000623000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW,

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Code function: 1_2_004268B0 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,LdrInitializeThunk,FreeLibrary,FreeLibrary,

1_2_004268B0

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Code function: 1_2_00414080 GetProcessHeap,RtlAllocateHeap,

1_2_00414080

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Code function: 1_2_004268B0 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,LdrInitializeThunk,FreeLibrary,FreeLibrary,

1_2_004268B0

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0046F2C7 SetUnhandledExceptionFilter,		1_2_0046F2C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	Code function: 1_2_0046F2D9 SetUnhandledExceptionFilter,		1_2_0046F2D9

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Code function: 1_2_00466920 GetLocalTime,GetSystemTime,GetTimeZoneInformation,

1_2_00466920

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Code function: 1_2_0047F410 GetVersion,GetProcessVersion,LoadCursorA,LoadCursorA,LoadCursorA,

1_2_0047F410

Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Code function: 1_2_00466920 GetLocalTime,GetSystemTime,GetTimeZoneInformation,

1_2_00466920

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Native API	Path Interception	Path Interception	1 Virtualization/Sandbox Evasion	2 Input Capture	2 System Time Discovery	Remote Services	2 Input Capture	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	Exfiltration Over Bluetooth	4 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	12 Clipboard Data	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Timestomp	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	13 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	4 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://www.94df.com	0%	Avira URL Cloud	safe
http://www.wpsss.com/myphp/qq.php?k=	0%	Avira URL Cloud	safe
http://ctl.wpsss.com/	0%	Avira URL Cloud	safe
http://www.wpsss.com/myphp/qq.php?k=4fd39f28f7ba8fa8c2b0e633ac949a3aJ	0%	Avira URL Cloud	safe
http://WScript.Shellrundll32.exe	0%	Avira URL Cloud	safe
http://www.wpsss.com/myphp/qq.php?k=4fd39f28f7ba8fa8c2b0e633ac949a3a	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
overdue.aliyun.com	170.33.13.246	true	false		high
www.wpsss.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.wpsss.com/myphp/qq.php?k=4fd39f28f7ba8fa8c2b0e633ac949a3a	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://ctl.wpsss.com/	SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000003.461755133.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000002.598406191.00000000005FB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.wpsss.com/myphp/qq.php?k=4fd39f28f7ba8fa8c2b0e633ac949a3aJ	SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe, 00000001.00000002.598406191.00000000005BA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://WScript.Shellrundll32.exe	SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	false	Avira URL Cloud: safe	unknown
http://www.94df.com	SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	false	Avira URL Cloud: safe	unknown
http://www.wpsss.com/myphp/qq.php?k=	SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
170.33.13.246	overdue.aliyun.com	Singapore		134963	ASEPL-AS-APAlibabacomSingaporeE-CommercePrivateLimited	false

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1317305
Start date and time:	2023-09-30 19:38:10 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe
Detection:	MAL
Classification:	mal52.spyw.winEXE@1/0@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 48 Number of non-executed functions: 252
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, www.bing.com, dual-a-0001.a-msedge.net, www-bing-com.dual-a-0001.a-msedge.net, tse1.mm.bing.net, displaycatalog.mp.microsoft.com, arc.msn.com, www-www.bing.com.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Simulations

Behavior and APIs

Time	Type	Description
19:39:18	API Interceptor	2x Sleep call for process: SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe modified

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.453818509175767
TrID:	Win32 Executable (generic) a (10002005/4) 99.83% Windows Screen Saver (13104/52) 0.13% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe
File size:	1'129'186 bytes
MD5:	ec83b4eabdee9d3e7d3d2c04c874d1b8
SHA1:	dcf9c858a5244ae1528d334f6a2e2ad98709548a
SHA256:	d84acd554675283504bdd27f2c36ee8dbd09dd89d3dff7f139eadcf186c3626d
SHA512:	84629912ca15fdb62db66c487c97ec1967b696466660e848acbb37633fca627a6d370f9120797607612c435b0c954553bd1faa4d94e823ffb0651f90e09a6586
SSDEEP:	6144:mPoUFAPxD/QdjRjk4kHjsAErxqGnxp8Ny8OYkHMNyV5IhCU/5+ZL5OlVsJb1lHY+:mPoUsDMdMPErx9UNQ0CUs1OnEstY
TLSH:	69358D22B5A2C4B6C229053048E65775EB31FE464E14CFA397A8EE3E2D36250DD3716F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Gm.c)>.c)>.c)>..%>.c)>.\|">.c)>.\|#>.c)>z.'>.c)>.\|:>.c)>.\|:>.c)>.c(>oa)>zkt>.c)>.E#>:c)>.E">.c)>.\|">.c)>.c)>.c)>>e/>.c)>Rich.c)

File Icon


Icon Hash:	131313252b2b3721

Static PE Info

General

Entrypoint:	0x464106
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x6B616E73 [Tue Feb 2 05:49:39 2027 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	addd867252a025b7478dbea31c7c4bf9

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push FFFFFFFFh
push 0048F590h
push 004666C8h
mov eax, dword ptr fs:[00000000h]
push eax
mov dword ptr fs:[00000000h], esp
sub esp, 58h
push ebx
push esi
push edi
mov dword ptr [ebp-18h], esp
call dword ptr [00484184h]
xor edx, edx
mov dl, ah
mov dword ptr [004D25D4h], edx
mov ecx, eax
and ecx, 000000FFh
mov dword ptr [004D25D0h], ecx
shl ecx, 08h
add ecx, edx
mov dword ptr [004D25CCh], ecx
shr eax, 10h
mov dword ptr [004D25C8h], eax
push 00000001h
call 00007F84EC4FD281h
pop ecx
test eax, eax
jne 00007F84EC4F869Ah
push 0000001Ch
call 00007F84EC4F8758h
pop ecx
call 00007F84EC4FD02Ch
test eax, eax
jne 00007F84EC4F869Ah
push 00000010h
call 00007F84EC4F8747h
pop ecx
xor esi, esi
mov dword ptr [ebp-04h], esi
call 00007F84EC4FCE5Ah
call dword ptr [00484314h]
mov dword ptr [004D3DE4h], eax
call 00007F84EC4FCD18h
mov dword ptr [004D2590h], eax
call 00007F84EC4FCAC1h
call 00007F84EC4FCA03h
call 00007F84EC4FBB2Bh
mov dword ptr [ebp-30h], esi
lea eax, dword ptr [ebp-5Ch]
push eax
call dword ptr [0048419Ch]
call 00007F84EC4FC994h
mov dword ptr [ebp-64h], eax
test byte ptr [ebp-30h], 00000001h
je 00007F84EC4F8698h
movzx eax, word ptr [ebp+00h]

Rich Headers

Programming Language:

[ C ] VS98 (6.0) SP6 build 8804
[C++] VS98 (6.0) SP6 build 8804
[C++] VS98 (6.0) build 8168
[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xde000	0xf0	.snaker
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x5eac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xdafb0	0x8	.aspack
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x100000

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x83000	0x83000	False	0.5199785305343512	data	6.515318209002391	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x84000	0x16000	0x16000	False	0.27320445667613635	data	4.044572966134421	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.data	0x9a000	0x3a000	0x3a000	False	0.08226697198275862	data	1.5834190775971126	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x6000	0x6000	False	0.23982747395833334	data	3.861803666353297	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.aspack	0xda000	0x3000	0x3000	False	0.5079752604166666	data	5.040545291367735	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.adata	0xdd000	0x1000	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.snaker	0xde000	0x2000	0x2000	False	0.450927734375	data	5.250168462227024	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
TEXTINCLUDE	0xd4bac	0xb	ASCII text, with no line terminators	Chinese	China	1.7272727272727273
TEXTINCLUDE	0xd4bb8	0x16	data	Chinese	China	1.3636363636363635
TEXTINCLUDE	0xd4bd0	0x151	C source, ASCII text, with CRLF line terminators	Chinese	China	0.6201780415430267
RT_CURSOR	0xd4d24	0x134	data	Chinese	China	0.5811688311688312
RT_CURSOR	0xd4e58	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"	Chinese	China	0.37662337662337664
RT_CURSOR	0xd4f8c	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	Chinese	China	0.4805194805194805
RT_CURSOR	0xd50c0	0xb4	Targa image data - Map 32 x 65536 x 1 +16 "\001"	Chinese	China	0.7
RT_BITMAP	0xd5174	0x16c	Device independent bitmap graphic, 39 x 13 x 4, image size 260	Chinese	China	0.3598901098901099
RT_BITMAP	0xd52e0	0x248	Device independent bitmap graphic, 64 x 15 x 4, image size 480	Chinese	China	0.3407534246575342
RT_BITMAP	0xd5528	0x144	Device independent bitmap graphic, 33 x 11 x 4, image size 220	Chinese	China	0.4444444444444444
RT_BITMAP	0xd566c	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.26453488372093026
RT_BITMAP	0xd57c4	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.2616279069767442
RT_BITMAP	0xd591c	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.2441860465116279
RT_BITMAP	0xd5a74	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.24709302325581395
RT_BITMAP	0xd5bcc	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.2238372093023256
RT_BITMAP	0xd5d24	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240	Chinese	China	0.19476744186046513
RT_BITMAP	0xd5e7c	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240	Chinese	China	0.20930232558139536
RT_BITMAP	0xd5fd4	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240	Chinese	China	0.18895348837209303
RT_BITMAP	0xd612c	0x5e4	Device independent bitmap graphic, 70 x 39 x 4, image size 1404	Chinese	China	0.34615384615384615
RT_BITMAP	0xd6710	0xb8	Device independent bitmap graphic, 12 x 10 x 4, image size 80	Chinese	China	0.44565217391304346
RT_BITMAP	0xd67c8	0x16c	Device independent bitmap graphic, 39 x 13 x 4, image size 260	Chinese	China	0.28296703296703296
RT_BITMAP	0xd6934	0x144	Device independent bitmap graphic, 33 x 11 x 4, image size 220	Chinese	China	0.37962962962962965
RT_ICON	0xdc6c4	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	Chinese	China	0.26344086021505375
RT_ICON	0xdc59c	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	Chinese	China	0.41216216216216217
RT_ICON	0xdb4f4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0			0.5830206378986866
RT_MENU	0xd7f30	0xc	data	Chinese	China	1.5
RT_MENU	0xd7f3c	0x284	data	Chinese	China	0.5
RT_DIALOG	0xd81c0	0x98	data	Chinese	China	0.7171052631578947
RT_DIALOG	0xd8258	0x17a	data	Chinese	China	0.5185185185185185
RT_DIALOG	0xd83d4	0xfa	data	Chinese	China	0.696
RT_DIALOG	0xd84d0	0xea	data	Chinese	China	0.6239316239316239
RT_DIALOG	0xd85bc	0x8ae	data	Chinese	China	0.39603960396039606
RT_DIALOG	0xd8e6c	0xb2	data	Chinese	China	0.7359550561797753
RT_DIALOG	0xd8f20	0xcc	data	Chinese	China	0.7647058823529411
RT_DIALOG	0xd8fec	0xb2	data	Chinese	China	0.6629213483146067
RT_DIALOG	0xd90a0	0xe2	data	Chinese	China	0.6637168141592921
RT_DIALOG	0xd9184	0x18c	data	Chinese	China	0.5227272727272727
RT_STRING	0xd9310	0x50	data	Chinese	China	0.85
RT_STRING	0xd9360	0x2c	data	Chinese	China	0.5909090909090909
RT_STRING	0xd938c	0x78	data	Chinese	China	0.925
RT_STRING	0xd9404	0x1c4	data	Chinese	China	0.8141592920353983
RT_STRING	0xd95c8	0x12a	data	Chinese	China	0.5201342281879194
RT_STRING	0xd96f4	0x146	data	Chinese	China	0.6288343558282209
RT_STRING	0xd983c	0x40	data	Chinese	China	0.65625
RT_STRING	0xd987c	0x64	data	Chinese	China	0.73
RT_STRING	0xd98e0	0x1d8	data	Chinese	China	0.6758474576271186
RT_STRING	0xd9ab8	0x114	data	Chinese	China	0.6376811594202898
RT_STRING	0xd9bcc	0x24	data	Chinese	China	0.4444444444444444
RT_GROUP_CURSOR	0xd9bf0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.25
RT_GROUP_CURSOR	0xd9c04	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.25
RT_GROUP_CURSOR	0xd9c18	0x22	Lotus unknown worksheet or configuration, revision 0x2	Chinese	China	1.0294117647058822
RT_GROUP_ICON	0xdb4e0	0x14	data			1.2
RT_GROUP_ICON	0xdb4cc	0x14	data	Chinese	China	1.2
RT_GROUP_ICON	0xdb4b8	0x14	data	Chinese	China	1.25
RT_VERSION	0xdb284	0x234	data	Chinese	China	0.5514184397163121

Imports

DLL	Import
ADVAPI32.dll	RegOpenKeyExA, RegSetValueExA, RegQueryValueA, RegCreateKeyExA, RegCloseKey
COMCTL32.dll	ImageList_GetImageCount, ImageList_SetBkColor, InitCommonControls, ImageList_Destroy, ImageList_Read, ImageList_Duplicate
GDI32.dll	ExtTextOutA, TextOutA, RectVisible, PtVisible, GetViewportExtEx, ExtSelectClipRgn, PatBlt, FillRgn, CreateRectRgn, CombineRgn, CreateSolidBrush, CreateFontIndirectA, GetStockObject, GetObjectA, EndPage, EndDoc, DeleteDC, StartDocA, StartPage, BitBlt, CreateCompatibleDC, Escape, Rectangle, LPtoDP, DPtoLP, GetCurrentObject, RoundRect, GetTextExtentPoint32A, GetDeviceCaps, LineTo, MoveToEx, ExcludeClipRect, GetClipBox, ScaleWindowExtEx, GetTextMetricsA, CreatePen, SelectObject, CreateBitmap, CreateDCA, CreateCompatibleBitmap, GetPolyFillMode, GetStretchBltMode, GetROP2, GetBkColor, GetBkMode, GetTextColor, CreateRoundRectRgn, CreateEllipticRgn, PathToRegion, EndPath, BeginPath, GetWindowOrgEx, GetViewportOrgEx, GetWindowExtEx, GetDIBits, RealizePalette, SetWindowExtEx, SetWindowOrgEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SelectPalette, StretchBlt, CreatePalette, GetSystemPaletteEntries, CreateDIBitmap, DeleteObject, SelectClipRgn, CreatePolygonRgn, GetClipRgn, SetStretchBltMode, CreateRectRgnIndirect, SetBkColor, Ellipse, SetTextColor, SetROP2, SetPolyFillMode, SetBkMode, RestoreDC, SaveDC
KERNEL32.dll	GetTimeZoneInformation, GetVersion, HeapSize, RaiseException, GetLocalTime, GetSystemTime, RtlUnwind, GetStartupInfoA, GetOEMCP, GetProcessVersion, SetErrorMode, GlobalFlags, GetCurrentThread, GetFileTime, TlsGetValue, LocalReAlloc, TlsSetValue, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, lstrcmp, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcmpi, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, DuplicateHandle, lstrcpyn, FileTimeToLocalFileTime, FileTimeToSystemTime, LocalFree, WideCharToMultiByte, InterlockedDecrement, InterlockedIncrement, SetLastError, MultiByteToWideChar, TerminateProcess, GetCurrentProcess, GetFileSize, SetFilePointer, TerminateThread, CreateSemaphoreA, ResumeThread, ReleaseSemaphore, EnterCriticalSection, LeaveCriticalSection, GetProfileStringA, WriteFile, ReadFile, GetLastError, WaitForMultipleObjects, CreateFileA, SetEvent, FindResourceA, LoadResource, LockResource, GetModuleFileNameA, GetCurrentThreadId, ExitProcess, GlobalSize, GlobalFree, DeleteCriticalSection, InitializeCriticalSection, lstrcat, WinExec, lstrcpy, FindNextFileA, InterlockedExchange, GlobalReAlloc, HeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, GetUserDefaultLCID, GetFullPathNameA, FreeLibrary, LoadLibraryA, lstrlen, lstrlenW, GetVersionExA, WritePrivateProfileStringA, GetPrivateProfileStringA, CreateThread, CreateEventA, Sleep, GlobalAlloc, GlobalLock, GlobalUnlock, FindFirstFileA, FindClose, GetFileAttributesA, SetCurrentDirectoryA, GetVolumeInformationA, GetModuleHandleA, GetProcAddress, MulDiv, GetCommandLineA, GetTickCount, WaitForSingleObject, CloseHandle, GetACP, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, SetEnvironmentVariableA, LCMapStringA, LCMapStringW, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, CompareStringA, CompareStringW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, GetCPInfo
OLEAUT32.dll	VariantChangeType, VariantClear, SafeArrayGetUBound, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetLBound, UnRegisterTypeLib, LoadTypeLib, LHashValOfNameSys, RegisterTypeLib, SysAllocString, VariantInit, VariantCopyInd, SafeArrayGetElement, SafeArrayGetDim
SHELL32.dll	Shell_NotifyIcon, ShellExecuteA
USER32.dll	PeekMessageA, SetMenu, GetMenu, DefWindowProcA, GetClassInfoA, DeleteMenu, GetSystemMenu, IsZoomed, PostQuitMessage, CopyAcceleratorTableA, GetKeyState, TranslateAccelerator, IsWindowEnabled, ShowWindow, LoadImageA, EnumDisplaySettingsA, ClientToScreen, EnableMenuItem, GetSubMenu, GetDlgCtrlID, CreateAcceleratorTableA, CreateMenu, IsIconic, SetFocus, GetActiveWindow, GetWindow, DestroyAcceleratorTable, SetWindowRgn, GetMessagePos, ScreenToClient, ChildWindowFromPointEx, CopyRect, LoadBitmapA, ModifyMenuA, KillTimer, SetTimer, ReleaseCapture, GetCapture, SetCapture, GetScrollRange, SetScrollRange, SetScrollPos, InflateRect, SetRect, IntersectRect, GetSysColorBrush, DestroyCursor, PtInRect, OffsetRect, IsWindowVisible, EnableWindow, RedrawWindow, GetWindowLongA, SetWindowLongA, GetSysColor, SetActiveWindow, SetCursorPos, LoadCursorA, SetCursor, GetDC, FillRect, IsRectEmpty, ReleaseDC, IsChild, TrackPopupMenu, DestroyMenu, SetForegroundWindow, GetWindowRect, EqualRect, UpdateWindow, ValidateRect, InvalidateRect, GetClientRect, GetFocus, GetParent, GetTopWindow, PostMessageA, IsWindow, SetParent, DestroyCursor, SendMessageA, SetWindowPos, MessageBoxA, GetCursorPos, GetSystemMetrics, EmptyClipboard, SetClipboardData, OpenClipboard, GetClipboardData, CloseClipboard, wsprintfA, AppendMenuA, CreatePopupMenu, DrawIconEx, CreateIconFromResource, CreateIconFromResourceEx, RegisterClipboardFormatA, SetRectEmpty, DispatchMessageA, GetMessageA, DrawFocusRect, DrawEdge, DrawFrameControl, LoadIconA, TranslateMessage, SystemParametersInfoA, GetDesktopWindow, GetClassNameA, GetDlgItem, GetWindowTextA, WinHelpA, UnregisterClassA, WindowFromPoint, GetWindowTextLengthA, CharUpperA, GetWindowDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, DestroyWindow, CreateDialogIndirectParamA, EndDialog, GetNextDlgTabItem, GetWindowPlacement, RegisterClipboardFormatA, GetForegroundWindow, GetLastActivePopup, GetMessageTime, RemovePropA, CallWindowProcA, GetPropA, UnhookWindowsHookEx, SetPropA, GetClassLongA, CallNextHookEx, SetWindowsHookExA, CreateWindowExA, GetMenuItemID, GetMenuItemCount, RegisterClassA, GetScrollPos, AdjustWindowRectEx, MapWindowPoints, SendDlgItemMessageA, ScrollWindowEx, IsDialogMessage, SetWindowTextA, MoveWindow, CheckMenuItem, SetMenuItemBitmaps, GetMenuState, GetMenuCheckMarkDimensions, LoadStringA
WINMM.dll	midiStreamOut, midiOutPrepareHeader, waveOutOpen, midiOutUnprepareHeader, midiStreamOpen, midiStreamProperty, waveOutReset, waveOutPause, waveOutWrite, waveOutPrepareHeader, waveOutUnprepareHeader, midiStreamStop, midiOutReset, midiStreamClose, midiStreamRestart, waveOutGetNumDevs, waveOutClose
WINSPOOL.DRV	OpenPrinterA, DocumentPropertiesA, ClosePrinter
WS2_32.dll	WSAAsyncSelect, closesocket, WSACleanup, recvfrom, ioctlsocket, inet_ntoa, recv, accept, getpeername
COMDLG32.dll	ChooseColorA, ChooseFontA, GetOpenFileNameA, GetSaveFileNameA, GetFileTitleA
ole32.dll	CLSIDFromProgID, OleRun, CoCreateInstance, CLSIDFromString, OleUninitialize, OleInitialize

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 30, 2023 19:39:19.102015018 CEST	49729	80	192.168.2.5	170.33.13.246
Sep 30, 2023 19:39:19.254415035 CEST	80	49729	170.33.13.246	192.168.2.5
Sep 30, 2023 19:39:19.254594088 CEST	49729	80	192.168.2.5	170.33.13.246
Sep 30, 2023 19:39:19.254916906 CEST	49729	80	192.168.2.5	170.33.13.246
Sep 30, 2023 19:39:19.686825991 CEST	49729	80	192.168.2.5	170.33.13.246
Sep 30, 2023 19:39:19.850466967 CEST	80	49729	170.33.13.246	192.168.2.5
Sep 30, 2023 19:39:19.851936102 CEST	80	49729	170.33.13.246	192.168.2.5
Sep 30, 2023 19:39:19.905637980 CEST	49729	80	192.168.2.5	170.33.13.246
Sep 30, 2023 19:39:20.060813904 CEST	80	49729	170.33.13.246	192.168.2.5
Sep 30, 2023 19:39:34.851568937 CEST	80	49729	170.33.13.246	192.168.2.5
Sep 30, 2023 19:39:34.851958990 CEST	49729	80	192.168.2.5	170.33.13.246
Sep 30, 2023 19:39:34.851958990 CEST	49729	80	192.168.2.5	170.33.13.246
Sep 30, 2023 19:39:35.226001024 CEST	80	49729	170.33.13.246	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 30, 2023 19:39:18.516609907 CEST	53183	53	192.168.2.5	8.8.8.8
Sep 30, 2023 19:39:19.095160961 CEST	53	53183	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 30, 2023 19:39:18.516609907 CEST	192.168.2.5	8.8.8.8	0x92d2	Standard query (0)	www.wpsss.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 30, 2023 19:39:19.095160961 CEST	8.8.8.8	192.168.2.5	0x92d2	No error (0)	www.wpsss.com	overdue.aliyun.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 30, 2023 19:39:19.095160961 CEST	8.8.8.8	192.168.2.5	0x92d2	No error (0)	overdue.aliyun.com		170.33.13.246	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.wpsss.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49729	170.33.13.246	80	C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Timestamp	kBytes transferred	Direction	Data
Sep 30, 2023 19:39:19.254916906 CEST	136	OUT	GET /myphp/qq.php?k=4fd39f28f7ba8fa8c2b0e633ac949a3a HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; ) Host: www.wpsss.com
Sep 30, 2023 19:39:19.686825991 CEST	136	OUT	GET /myphp/qq.php?k=4fd39f28f7ba8fa8c2b0e633ac949a3a HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; ) Host: www.wpsss.com
Sep 30, 2023 19:39:19.851936102 CEST	137	IN	HTTP/1.1 403 Forbidden Date: Sat, 30 Sep 2023 17:39:19 GMT Content-Type: text/html Content-Length: 619 Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 77 70 73 73 73 2e 63 6f 6d 2f 6d 79 70 68 70 2f 71 71 2e 70 68 70 3f 6b 3d 34 66 64 33 39 66 32 38 66 37 62 61 38 66 61 38 63 32 62 30 65 36 33 33 61 63 39 34 39 61 33 61 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 69 7a 6a 36 63 37 72 6d 6c 30 33 31 78 66 31 37 6d 30 6c 6e 6c 69 7a 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 33 2f 31 30 2f 30 31 20 30 31 3a 33 39 3a 31 39 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 2f 32 2e 33 2e 32 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center> Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http://www.wpsss.com/myphp/qq.php?k=4fd39f28f7ba8fa8c2b0e633ac949a3a</td></tr><tr><td>Server:</td><td>izj6c7rml031xf17m0lnliz</td></tr><tr><td>Date:</td><td>2023/10/01 01:39:19</td></tr></table><hr/>Powered by Tengine/2.3.2<hr><center>tengine</center></body></html>

Target ID:	1
Start time:	19:39:17
Start date:	30/09/2023
Path:	C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe
Imagebase:	0x400000
File size:	1'129'186 bytes
MD5 hash:	EC83B4EABDEE9D3E7D3D2C04C874D1B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	3.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	13.6%
Total number of Nodes:	1187
Total number of Limit Nodes:	88

Executed Functions

Function 004135D0 Relevance: 24.9, APIs: 16, Instructions: 860stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?), ref: 00413604
GetUserDefaultLCID.KERNEL32(?,?,00000001), ref: 00413669
LHashValOfNameSys.OLEAUT32(00000001,00000000,?), ref: 00413706

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DefaultHashNameUserlstrlen
String ID:
API String ID: 2029592404-0
Opcode ID: 80c5f534c2106172ecfc4eba10d702ef114268b15dcadc54ecc39ebcc8583eb0
Instruction ID: c5035a46ba5d6474ca9ccb7f051a84bfa0c890c4d10166a27490b2daef7eb0f5
Opcode Fuzzy Hash: 80c5f534c2106172ecfc4eba10d702ef114268b15dcadc54ecc39ebcc8583eb0
Instruction Fuzzy Hash: C56290B5A006069FCB10CF58C884AEEB7B5FF48311F24855EE855AB354E3389E86CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004268B0 Relevance: 15.3, APIs: 10, Instructions: 281
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(00000000,004A4374), ref: 00426917
LoadLibraryA.KERNEL32(?,?,004B46FC), ref: 00426A07
LoadLibraryA.KERNELBASE(?,?), ref: 00426A4D
LoadLibraryA.KERNELBASE(?,?,004B45F8,00000001), ref: 00426A95
LoadLibraryA.KERNEL32(00000001), ref: 00426AAB
GetProcAddress.KERNEL32(00000000,?), ref: 00426ABD
FreeLibrary.KERNEL32(00000000), ref: 00426B50

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Library$Load$AddressProc$Free
String ID:
API String ID: 3120990465-0
Opcode ID: 260cfb03b336420701042be5b00d3ff1b9beec5f23e87c0101d5b881deda463e
Instruction ID: 3c8a031875ee292b3a8f9b0b0d6bb2426c5a983835a0bc095f802d403ae10346
Opcode Fuzzy Hash: 260cfb03b336420701042be5b00d3ff1b9beec5f23e87c0101d5b881deda463e
Instruction Fuzzy Hash: FCA104B1700711ABC720EF25D880BABB7A8FF95318F454A2EF85497341DB38E905CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0047F410 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,?,?,0047F40B), ref: 0047F487
GetProcessVersion.KERNELBASE(00000000,?,?,?,0047F40B), ref: 0047F4C4
LoadCursorA.USER32 ref: 0047F4F2
LoadCursorA.USER32 ref: 0047F4FD

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorLoadVersion$Process
String ID:
API String ID: 2246821583-0
Opcode ID: f13807da04fe18590c42546036583512236a6abaf385b12652efd512c40fa731
Instruction ID: 36568602f62c5a6424f59b2b31813907a1b3c33880e362b2b553044c06faebb9
Opcode Fuzzy Hash: f13807da04fe18590c42546036583512236a6abaf385b12652efd512c40fa731
Instruction Fuzzy Hash: FB114FB1A007509FD724DF3A898455ABBE5FB987057404E3FE18BC6B90E778E4448B54

Uniqueness

Uniqueness Score: -1.00%

Function 00414080 Relevance: 3.1, APIs: 2, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fac6e9c02028148dddddc359d3c6163ce136f9b6990764dfd3f6fe77d758b62
Instruction ID: 86620e5700dd089e432e8ca6f72bfd7991f33d7e883654f27252ac1e075d9a97
Opcode Fuzzy Hash: 3fac6e9c02028148dddddc359d3c6163ce136f9b6990764dfd3f6fe77d758b62
Instruction Fuzzy Hash: AE212AB26007019FE720CF6AE884A97B7E8EBE0365B10893FE159C7211D375E895CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0047708F Relevance: 3.0, APIs: 2, Instructions: 27nativeCOMMON

Download Yara Rule

APIs

NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 004770B6
CallWindowProcA.USER32 ref: 004770CB

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$CallNtdllProcProc_
String ID:
API String ID: 1646280189-0
Opcode ID: a5bae6a2d77c282ab9bbc26c40eff4d30e9119841540c7a699054f2cd4aa8f1c
Instruction ID: 40493f7e0458a2f44ef87f93d96c7e8769bf1ccf15bfdc476a61671664388cab
Opcode Fuzzy Hash: a5bae6a2d77c282ab9bbc26c40eff4d30e9119841540c7a699054f2cd4aa8f1c
Instruction Fuzzy Hash: 41F0A536104249FFCF229F95DC44DDA7BBAFF08350B14C829FA5986630D772D920AB54

Uniqueness

Uniqueness Score: -1.00%

Function 004768A3 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52cd15b65ef22836a66edac1fbdaa528e0c47e0d8d53b153d4e3519beb8e4783
Instruction ID: ac706824cd6c1f7e200ebfa6149e4d5f39e8032e3d0a03509f1b2accce31c551
Opcode Fuzzy Hash: 52cd15b65ef22836a66edac1fbdaa528e0c47e0d8d53b153d4e3519beb8e4783
Instruction Fuzzy Hash: 9CF01C36002A19FBCF126E919C059DF3B6AAF08360F02C41BFA0955011C37AD921EFAB

Uniqueness

Uniqueness Score: -1.00%

Function 0046F2C7 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_0006F281), ref: 0046F2CC

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 02e0794bd36e83aa8dbf46284792bfd2dab6a43c2b00e213c16f5103a6fe029a
Instruction ID: 0a7d81918697f35cfbc5e0540ad6ecdc0fc2866e22640ddbda4ecd58b0bf603e
Opcode Fuzzy Hash: 02e0794bd36e83aa8dbf46284792bfd2dab6a43c2b00e213c16f5103a6fe029a
Instruction Fuzzy Hash: F9A002746422024647945B906D155447650A6956017504477986191155D67500445A59

Uniqueness

Uniqueness Score: -1.00%

Function 00476ACF Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 170
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0047E8EE: TlsGetValue.KERNEL32(004D223C,?,00000000,0047E375,0047DC74,0047E391,00479B63,0047AE02,?,00000000,?,004720C9,00000000,00000000,00000000,00000000), ref: 0047E92D

CallNextHookEx.USER32 ref: 00476AF9
GetClassLongA.USER32 ref: 00476B40
GlobalGetAtomNameA.KERNEL32(?,?,00000005), ref: 00476B6C
lstrcmpi.KERNEL32 ref: 00476B7B
GetWindowLongA.USER32 ref: 00476BEE
SetWindowLongA.USER32 ref: 00476C0F

Strings

p1\, xrefs: 00476BBC
ime, xrefs: 00476B75
AfxOldWndProc423, xrefs: 00476C50, 00476C55, 00476C60, 00476C68, 00476C71
,"M, xrefs: 00476ADA

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Long$Window$AtomCallClassGlobalHookNameNextValuelstrcmpi
String ID: ,"M$AfxOldWndProc423$ime$p1\
API String ID: 3731301195-4044381384
Opcode ID: 8886ac132cbbc5d7e408374e5a768462917938e6e12579929fafef2f7bc3bb1a
Instruction ID: cbc1d11e36c20e2e03a0f383edd3e066ca7afecb5df060c7b12d92b956a7dbda
Opcode Fuzzy Hash: 8886ac132cbbc5d7e408374e5a768462917938e6e12579929fafef2f7bc3bb1a
Instruction Fuzzy Hash: 5C51E571500615AFCB129F64DC08BAF3BBAFF44354F12852AF94AA7291D738DD40CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0042BE60 Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 369
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0047B924: __EH_prolog.LIBCMT ref: 0047B929
Part of subcall function 0047B924: BeginPaint.USER32(?,?,?,?,004179D9), ref: 0047B952

Part of subcall function 0047B4D5: GetClipBox.GDI32(?,?), ref: 0047B4DC

IsRectEmpty.USER32(?), ref: 0042BEAF
CreateRectRgn.GDI32 ref: 0042BF11
GetClientRect.USER32(?,?), ref: 0042BF9A

Part of subcall function 0047B996: __EH_prolog.LIBCMT ref: 0047B99B
Part of subcall function 0047B996: EndPaint.USER32(?,?,?,?,00417A53), ref: 0047B9B8

Strings

H, xrefs: 0042C01A, 0042C032
H, xrefs: 0042C101

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$H_prologPaint$BeginClientClipCreateEmpty
String ID: H$H
API String ID: 2708814891-464606157
Opcode ID: 9571cff6a6abbfb0b017315146298de2a52d9cb324340dad548b63459c6813a1
Instruction ID: dc0b1f96e3b434ca54bd0a1e84d171910a76b906887b38818758feae2a06544f
Opcode Fuzzy Hash: 9571cff6a6abbfb0b017315146298de2a52d9cb324340dad548b63459c6813a1
Instruction Fuzzy Hash: 7FD17B716083519FC314DF65C885AAFB7E8FBC8704F408A1EF59993241EB78D908CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0045F280 Relevance: 19.9, APIs: 13, Instructions: 371
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageA.USER32 ref: 0045F4A8
SendMessageA.USER32 ref: 0045F502
SendMessageA.USER32 ref: 0045F548
73D421C0.COMCTL32(?,00000000), ref: 0045F5B1
SendMessageA.USER32 ref: 0045F5E1
SendMessageA.USER32 ref: 0045F5F8
IsWindow.USER32(00000000), ref: 0045F56D

Part of subcall function 00414D90: GetSysColor.USER32(0000000F), ref: 00414D9D

SendMessageA.USER32 ref: 0045F612
SendMessageA.USER32 ref: 0045F62C
LoadCursorA.USER32 ref: 0045F65C
LoadCursorA.USER32 ref: 0045F673
LoadCursorA.USER32 ref: 0045F680
SendMessageA.USER32 ref: 0045F68E

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CursorLoad$ColorD421Window
String ID:
API String ID: 3870125975-0
Opcode ID: a90b64053fddffb31efaf299534be7dfef5397b9664d3fdeb322076f253fdf26
Instruction ID: 986ca9a2e30e6fe42d4c57fc9c66c20628300ed41ef95c06cec1785a2153d4b8
Opcode Fuzzy Hash: a90b64053fddffb31efaf299534be7dfef5397b9664d3fdeb322076f253fdf26
Instruction Fuzzy Hash: F0C16170300706ABE724DE75CC81F6BB3E9AB48745F04492DFE55C7382EB68E849875A

Uniqueness

Uniqueness Score: -1.00%

Function 0042D2A0 Relevance: 19.7, APIs: 13, Instructions: 187
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetParent.USER32(?), ref: 0042D2EA

Part of subcall function 004791EE: IsWindowEnabled.USER32(?), ref: 004791F8

IsWindow.USER32(?), ref: 0042D38B
GetParent.USER32(?), ref: 0042D3A6
IsWindowVisible.USER32(?), ref: 0042D3BA
SetActiveWindow.USER32(?), ref: 0042D3DB
IsWindow.USER32(?), ref: 0042D3F8
KiUserCallbackDispatcher.NTDLL(?), ref: 0042D406
IsWindow.USER32(?), ref: 0042D40D
IsWindow.USER32(?), ref: 0042D468
IsWindow.USER32(?), ref: 0042D4C2
GetFocus.USER32 ref: 0042D4D6
IsWindow.USER32(00000000), ref: 0042D4E3
IsChild.USER32(?,00000000), ref: 0042D4F2

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Parent$ActiveCallbackChildDispatcherEnabledFocusUserVisible
String ID:
API String ID: 416498738-0
Opcode ID: d593396d9dde1573af76700a13370472dce2786a85a28385a6ff9b57773d6dbe
Instruction ID: 489f773d5007857f81335d75bc34715c0d760aacfcd7b46b464ea152081d332b
Opcode Fuzzy Hash: d593396d9dde1573af76700a13370472dce2786a85a28385a6ff9b57773d6dbe
Instruction Fuzzy Hash: 9E5175B1B00725EFD724DF61E844A6FB7A8EF44345F80492FF94592201DB78E845CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0047E587 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlEnterCriticalSection.KERNEL32(004D2258,004D222C,00000000,?,004D223C,004D223C,0047E922,?,00000000,0047E375,0047DC74,0047E391,00479B63,0047AE02,?,00000000), ref: 0047E596
GlobalAlloc.KERNELBASE(00002002,00000000,?,?,004D223C,004D223C,0047E922,?,00000000,0047E375,0047DC74,0047E391,00479B63,0047AE02,?,00000000), ref: 0047E5EB
GlobalHandle.KERNEL32(005C1920), ref: 0047E5F4
GlobalUnWire.KERNEL32(00000000), ref: 0047E5FD
GlobalReAlloc.KERNEL32 ref: 0047E60F
GlobalHandle.KERNEL32(005C1920), ref: 0047E626
GlobalFix.KERNEL32 ref: 0047E62D
RtlLeaveCriticalSection.KERNEL32(AF,?,?,004D223C,004D223C,0047E922,?,00000000,0047E375,0047DC74,0047E391,00479B63,0047AE02,?,00000000), ref: 0047E633
GlobalFix.KERNEL32 ref: 0047E642
RtlLeaveCriticalSection.KERNEL32(?), ref: 0047E68B

Strings

AF, xrefs: 0047E62F

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$CriticalSection$AllocHandleLeave$EnterWire
String ID: AF
API String ID: 1877740037-2464943741
Opcode ID: 3445319a16552a3a3a3dfd5a25cdc443a14d91dcfc29d45237ec116f649e1a93
Instruction ID: 5d6872d954e6a4029bd16ce58329aff690ceda5c39add8a57c11431b34267037
Opcode Fuzzy Hash: 3445319a16552a3a3a3dfd5a25cdc443a14d91dcfc29d45237ec116f649e1a93
Instruction Fuzzy Hash: CA31E47520430A9FD7209F29DC89A6AB7E8FF88304B014F7EF856C3661E775E8448B18

Uniqueness

Uniqueness Score: -1.00%

Function 0044B080 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 373
commemorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 0044B0A9
OleInitialize.OLE32(00000000), ref: 0044B0E5
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0044B103
SetCurrentDirectoryA.KERNEL32(02485218,?), ref: 0044B15D
LoadCursorA.USER32 ref: 0044B1B8
GetStockObject.GDI32(00000005), ref: 0044B1D9
GetCurrentThreadId.KERNEL32 ref: 0044B1F9

Strings

DGH, xrefs: 0044B292
GH, xrefs: 0044B2BA

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Current$CursorDirectoryFileHeapInitializeLoadModuleNameObjectProcessStockThread
String ID: DGH$GH
API String ID: 3783217854-1222279822
Opcode ID: 5cf4e9dbd5803f17e7d8f3271eff25c3f0514f618ee8a4279b0fb3ddded05038
Instruction ID: de8f78901392629aa7d663ce42233af92c3205d4c118bf3e4bbed1657c9aeee8
Opcode Fuzzy Hash: 5cf4e9dbd5803f17e7d8f3271eff25c3f0514f618ee8a4279b0fb3ddded05038
Instruction Fuzzy Hash: 67E1D2706002159FDB14DFA5DC81BEE77B4FF84308F14456EE905A7292EB78A941CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 004768F4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 004768F9
GetPropA.USER32 ref: 00476911
CallWindowProcA.USER32 ref: 0047696F

Part of subcall function 004764DC: GetWindowRect.USER32 ref: 00476501
Part of subcall function 004764DC: GetWindow.USER32(?,00000004), ref: 0047651E

SetWindowLongA.USER32 ref: 0047699F
RemovePropA.USER32 ref: 004769A7
GlobalFindAtomA.KERNEL32 ref: 004769AE
GlobalDeleteAtom.KERNEL32 ref: 004769B5

Part of subcall function 004764B9: GetWindowRect.USER32 ref: 004764C5

CallWindowProcA.USER32 ref: 00476A09

Strings

AfxOldWndProc423, xrefs: 00476907, 0047690F, 004769A5, 004769AD

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prologLongRemove
String ID: AfxOldWndProc423
API String ID: 2397448395-1060338832
Opcode ID: dfadddd01fd1fd28469baf8d1f33d936f207d4098c955d05ec97ba5410c91c34
Instruction ID: de841d614abe8ee4d5a2e6ea865f31b8668667a88ba0d2a6b65361e1fbf64c42
Opcode Fuzzy Hash: dfadddd01fd1fd28469baf8d1f33d936f207d4098c955d05ec97ba5410c91c34
Instruction Fuzzy Hash: FA31C1B280050ABBCB01AFA5DD49DFF7B7AEF45310F01852EF605A1151CB398A119BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00412D60 Relevance: 15.2, APIs: 10, Instructions: 196
stringcomregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlen.KERNEL32(?), ref: 00412DAC
LoadTypeLib.OLEAUT32(00000000,00000003), ref: 00412DD4
lstrlen.KERNEL32(?,?,?,00000001), ref: 00412DEB

Part of subcall function 004752DF: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,sB,00000001,004273E1,?,00000000,00000001), ref: 004752FC

GetUserDefaultLCID.KERNEL32(00000000,00000003,?,00000001,?,?,00000001,?,?,00000001), ref: 00412E26
LHashValOfNameSys.OLEAUT32(00000001,00000000), ref: 00412E2F
lstrlen.KERNEL32(?), ref: 00412E82
RegisterTypeLib.OLEAUT32(00000003,00000000,00000000), ref: 00412EA9
74DCB690.OLE32(?,00000000,00000017,0048D130,00000000,?,?), ref: 00412EF3
74DCB690.OLE32(?,00000000,00000007,0048D130,00000000), ref: 00412F0D
OleRun.OLE32(00000000), ref: 00412F17

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: lstrlen$B690Type$ByteCharDefaultHashLoadMultiNameRegisterUserWide
String ID:
API String ID: 3869696330-0
Opcode ID: 498bf04e9a96bca0ce8ee00820d55e58ff6bf7f35c74f82dc9d56592b7d18995
Instruction ID: 02e8cb4c27e825b8fe0d18adf63e46ab352ef17e3337228b303981678115e6b1
Opcode Fuzzy Hash: 498bf04e9a96bca0ce8ee00820d55e58ff6bf7f35c74f82dc9d56592b7d18995
Instruction Fuzzy Hash: 70517B75A00209ABCB10DFA1CD85FDF77B8EF44354F104559F809E7240E7B8AA55CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00415630 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 267
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateSolidBrush.GDI32(00000000), ref: 00415778
SendMessageA.USER32 ref: 00415809
SendMessageA.USER32 ref: 00415821
SendMessageA.USER32 ref: 004158EB
SendMessageA.USER32 ref: 00415928
SendMessageA.USER32 ref: 00415937

Strings

msctls_updown32, xrefs: 0041587F
EDIT, xrefs: 004157B7

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$BrushCreateSolid
String ID: EDIT$msctls_updown32
API String ID: 943060551-1401569126
Opcode ID: cb8715d1458c6cbd1113fdd2ea67c4526b10c0292c6ca63085b8381c21951b6e
Instruction ID: 8e6264acae4dba7688cf7be13bba718721a6a2cfd05dec9e15ff32597e448671
Opcode Fuzzy Hash: cb8715d1458c6cbd1113fdd2ea67c4526b10c0292c6ca63085b8381c21951b6e
Instruction Fuzzy Hash: 2891A171600B01DBE624DB25DC46FEBB3E5ABC4704F10491EE2A6973C0EA68E8858B59

Uniqueness

Uniqueness Score: -1.00%

Function 00478BCF Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNELBASE(COMCTL32.DLL,00000800,00000000,00000400,00478EC9,?,00020000), ref: 00478BD8
LoadLibraryA.KERNEL32(COMCTL32.DLL), ref: 00478BE1
GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00478BF5
73CFE7F0.COMCTL32 ref: 00478C10
73CFE7F0.COMCTL32 ref: 00478C2C
FreeLibrary.KERNEL32(00000000), ref: 00478C38

Strings

COMCTL32.DLL, xrefs: 00478BD1, 00478BD7, 00478BDE
InitCommonControlsEx, xrefs: 00478BED

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Library$AddressFreeHandleLoadModuleProc
String ID: COMCTL32.DLL$InitCommonControlsEx
API String ID: 1437655972-4218389149
Opcode ID: ea4d5b032fd2e5a374a83ebbd837c0b2a454aba45bc7f3b1e2832be194ac3c54
Instruction ID: f5a7711d07e59f572fd6e22df09aa6a428cd38f215f989f102e8867e6735972b
Opcode Fuzzy Hash: ea4d5b032fd2e5a374a83ebbd837c0b2a454aba45bc7f3b1e2832be194ac3c54
Instruction Fuzzy Hash: EFF0A436B453134F86226BA4AC4C95F77A8AFD57A2715483EFA45E3240DF28DC02877E

Uniqueness

Uniqueness Score: -1.00%

Function 0042A170 Relevance: 13.8, APIs: 9, Instructions: 289
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04cc432ef8b28e9181d724143518382c2a9fc49c6a827f9795fd08a8eef8becf
Instruction ID: a5baf485297c22b47609748b20d90159e0837cc870fdfed7762ef7806d0ea486
Opcode Fuzzy Hash: 04cc432ef8b28e9181d724143518382c2a9fc49c6a827f9795fd08a8eef8becf
Instruction Fuzzy Hash: 20B198703047109FD724DF25E884B2BB7E6ABC4704F90892EF99287390D7B9E811CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0047F754 Relevance: 9.1, APIs: 6, Instructions: 61
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlen.KERNEL32(?,?,?,?,00412ED8,?,?), ref: 0047F76A
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000001,?,?,?,00412ED8,?,?), ref: 0047F791
74DD7540.OLE32(?,?,?,00000001,?,?,?,00412ED8,?,?), ref: 0047F79B
lstrlen.KERNEL32(?,?,?,?,00412ED8,?,?), ref: 0047F7AC
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000001,?,?,?,00412ED8,?,?), ref: 0047F7D3
74D4BC30.OLE32(?,?,?,00000001,?,?,?,00412ED8,?,?), ref: 0047F7DD

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWidelstrlen$D7540
String ID:
API String ID: 3216200372-0
Opcode ID: 9c6b0553a8acfdefc0b278b5491a33d463d27ac2ab9cc2bcec7cb51cf4c345d0
Instruction ID: 8d20f73fbeee41f8b076fbb8e46f14646078b46bc39f6f8b1dc115b1d38126d6
Opcode Fuzzy Hash: 9c6b0553a8acfdefc0b278b5491a33d463d27ac2ab9cc2bcec7cb51cf4c345d0
Instruction Fuzzy Hash: AC110233404216B7CB201F61DC09FAF3F78EB827B1F218535F90996190E7389115C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 0047AD9F Relevance: 9.0, APIs: 6, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserCallbackDispatcher.NTDLL ref: 0047ADAC
GetSystemMetrics.USER32 ref: 0047ADB3
7406AC50.USER32(00000000), ref: 0047ADCC
7406AD70.GDI32(00000000,00000058), ref: 0047ADDD
7406AD70.GDI32(00000000,0000005A), ref: 0047ADE5
7406B380.USER32(00000000,00000000), ref: 0047ADED

Part of subcall function 0047F430: GetSystemMetrics.USER32 ref: 0047F442
Part of subcall function 0047F430: GetSystemMetrics.USER32 ref: 0047F44C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: 7406$MetricsSystem$B380CallbackDispatcherUser
String ID:
API String ID: 1374818274-0
Opcode ID: b00aa733dd89104d91ed53e782695fbd95739ab40ef8702d0b83f3757225d92b
Instruction ID: a9a599f9c424f0778da4d2f6b92e1ab0888497a3e736591330457d3de22d3701
Opcode Fuzzy Hash: b00aa733dd89104d91ed53e782695fbd95739ab40ef8702d0b83f3757225d92b
Instruction Fuzzy Hash: C0F0B430640700AFE2206B729C49F6FB7A4EFC1B56F00893EE205876D0DA7498058F69

Uniqueness

Uniqueness Score: -1.00%

Function 0041E3D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 225
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateSolidBrush.GDI32(00000000), ref: 0041E4CA
DestroyCursor.USER32(?), ref: 0041E568
SendMessageA.USER32 ref: 0041E62B
SendMessageA.USER32 ref: 0041E646

Strings

BUTTON, xrefs: 0041E5CD

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$BrushCreateCursorDestroySolid
String ID: BUTTON
API String ID: 2198832287-3405671355
Opcode ID: 92383b764d0f9d03eb8062045786de10d892cac8e77dd71954c3151d28468192
Instruction ID: 1d0eea3cabfdd3ec1aa698e8ec8484818e3bf5cb18d5d0127f812291213a1b77
Opcode Fuzzy Hash: 92383b764d0f9d03eb8062045786de10d892cac8e77dd71954c3151d28468192
Instruction Fuzzy Hash: 5171A3B9600700AFD624DF66D880BABB7E5FB84714F54491EE99683380D739F881CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00429FB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 0042A058
SendMessageA.USER32 ref: 0042A06A
DestroyCursor.USER32(?), ref: 0042A07D
DestroyCursor.USER32(?), ref: 0042A08A

Strings

EK, xrefs: 0042A02E

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorDestroyMessageSend
String ID: EK
API String ID: 3501257726-2869738666
Opcode ID: 6da39e049c0432b0802066651820d4793aa0d97f4e8e768aa12e773904f09e8b
Instruction ID: 0bc84e512af04e7abcc3eb652dd5181bea254a0b2c08581481ec6c7b4439c16b
Opcode Fuzzy Hash: 6da39e049c0432b0802066651820d4793aa0d97f4e8e768aa12e773904f09e8b
Instruction Fuzzy Hash: 79312E71704311AFD760DF65E880B9BF3E8AFC4714F44882EF995C7241D678E8098B66

Uniqueness

Uniqueness Score: -1.00%

Function 00462D20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00462C70: GetVersionExA.KERNEL32 ref: 00462C9A
Part of subcall function 00462C70: GetVersionExA.KERNEL32(?), ref: 00462CAD

GetModuleHandleA.KERNEL32(USER32.DLL,?,?,00462B57,000000FF,000000FF), ref: 00462D39
GetProcAddress.KERNEL32(00000000,SetLayeredWindowAttributes), ref: 00462D45
SetWindowLongA.USER32 ref: 00462D59

Part of subcall function 00462C00: GetVersionExA.KERNEL32 ref: 00462C2A
Part of subcall function 00462C00: GetVersionExA.KERNEL32(?), ref: 00462C3D

Strings

SetLayeredWindowAttributes, xrefs: 00462D3F
USER32.DLL, xrefs: 00462D34

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Version$AddressHandleLongModuleProcWindow
String ID: SetLayeredWindowAttributes$USER32.DLL
API String ID: 1551654502-3073883528
Opcode ID: 023c3b8347681ba64eca04183b0c59f44440cf4a2f1ec0ce783b447943fc3c30
Instruction ID: f3f8db6a4190e56a6d0aedd031b1620e77a9ab29a7555e4316eb334c8c812775
Opcode Fuzzy Hash: 023c3b8347681ba64eca04183b0c59f44440cf4a2f1ec0ce783b447943fc3c30
Instruction Fuzzy Hash: 4EE0D83234030177C62077F25D0DF5F6A9C9BD2B60F20092FBA00D2181E7F89800876E

Uniqueness

Uniqueness Score: -1.00%

Function 00415960 Relevance: 7.6, APIs: 5, Instructions: 134windowCOMMON

Download Yara Rule

APIs

GetTextExtentPoint32A.GDI32(?,0049DD70,?,?), ref: 00415A01
GetSystemMetrics.USER32 ref: 00415A15
GetWindowRect.USER32 ref: 00415A35
GetStockObject.GDI32(00000011), ref: 00415A82
SendMessageA.USER32 ref: 00415A91

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ExtentMessageMetricsObjectPoint32RectSendStockSystemTextWindow
String ID:
API String ID: 3316701254-0
Opcode ID: 2dafc7d66363040f750713bdaa8a0b7e1099673a410eae864e528b6b7496f781
Instruction ID: cc91845557e3d151afd79d313bb9c0c1478cace64d041edc43d19194d134eb96
Opcode Fuzzy Hash: 2dafc7d66363040f750713bdaa8a0b7e1099673a410eae864e528b6b7496f781
Instruction Fuzzy Hash: A941AF71244701EFD724DB65C885FEF73A8EBC4714F004A2EF656962C0EB78E8048B9A

Uniqueness

Uniqueness Score: -1.00%

Function 00416DA0 Relevance: 7.6, APIs: 5, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 0047B870: __EH_prolog.LIBCMT ref: 0047B875
Part of subcall function 0047B870: 7406B080.USER32(?,?,?,00416DD1), ref: 0047B89E

GetClientRect.USER32 ref: 00416DE2
GetWindowRect.USER32 ref: 00416DF1

Part of subcall function 0047B62A: ScreenToClient.USER32 ref: 0047B63E
Part of subcall function 0047B62A: ScreenToClient.USER32 ref: 0047B647

OffsetRect.USER32(?,?,?), ref: 00416E1C

Part of subcall function 0047B567: ExcludeClipRect.GDI32(?,?,?,?,?,75134410,?,?,00416E2C,?), ref: 0047B58C
Part of subcall function 0047B567: ExcludeClipRect.GDI32(?,?,?,?,?,75134410,?,?,00416E2C,?), ref: 0047B5A1

OffsetRect.USER32(?,?,?), ref: 00416E3F
FillRect.USER32 ref: 00416E5A

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Client$ClipExcludeOffsetScreen$7406B080FillH_prologWindow
String ID:
API String ID: 306517022-0
Opcode ID: 3af7260dfc3f4e81e5bb0fe6f1ac9a8fc73af6f0b55e562968edd1f86976f32b
Instruction ID: 5c3851689a62f2af6d31129ca7280eba734796a9b8ecc399559c4ea9364b9831
Opcode Fuzzy Hash: 3af7260dfc3f4e81e5bb0fe6f1ac9a8fc73af6f0b55e562968edd1f86976f32b
Instruction Fuzzy Hash: 07314D75208302AFD714DF24D845FABB7E9FB84754F008A1DF59A87290EB38E905CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0041A900 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 204windowCOMMON

Download Yara Rule

APIs

DestroyCursor.USER32(?), ref: 0041AA61
SendMessageA.USER32 ref: 0041AB03
SendMessageA.USER32 ref: 0041AB35

Strings

BUTTON, xrefs: 0041AAC2

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CursorDestroy
String ID: BUTTON
API String ID: 1839592766-3405671355
Opcode ID: 6fc68baec65332ba01da1c415fee89b69bc7d5fa3a408ddc6b3d514bf350d460
Instruction ID: fe6843a2d4b5275af1b2417cfa8b3f519fd804681336342e21505e16896b6578
Opcode Fuzzy Hash: 6fc68baec65332ba01da1c415fee89b69bc7d5fa3a408ddc6b3d514bf350d460
Instruction Fuzzy Hash: 6861ABB16057049BD224DF25C980BABB7E5FB84710F108A1FF59A83780DB39E894CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00479B73 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00479B86
SetWindowsHookExA.USER32 ref: 00479B96

Part of subcall function 0047E983: __EH_prolog.LIBCMT ref: 0047E988

Strings

p1\, xrefs: 00479BA1
"M, xrefs: 00479BC6

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentH_prologHookThreadWindows
String ID: p1\$"M
API String ID: 2183259885-2856933623
Opcode ID: 6c4a8ad5b8b9e0acbb882424548fc72fbe0a4109e11715240c72bd9b4a4d24e2
Instruction ID: 2dbd9bafee0a5f211b1629bb0c8e6f10c00167f4b3634dc0b93ca0e4ccaf2e44
Opcode Fuzzy Hash: 6c4a8ad5b8b9e0acbb882424548fc72fbe0a4109e11715240c72bd9b4a4d24e2
Instruction Fuzzy Hash: B4F0A7314006109BC7307BB2AD0ABC926606F45314F0587DFF559975E1C76C5C40879D

Uniqueness

Uniqueness Score: -1.00%

Function 00437020 Relevance: 6.2, APIs: 4, Instructions: 202windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047B924: __EH_prolog.LIBCMT ref: 0047B929
Part of subcall function 0047B924: BeginPaint.USER32(?,?,?,?,004179D9), ref: 0047B952

GetClientRect.USER32(?,?), ref: 004370C6
PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 0043711B
__ftol.LIBCMT ref: 004371F2
__ftol.LIBCMT ref: 004371FF

Part of subcall function 004485D0: GetClientRect.USER32(?,?), ref: 004485F7
Part of subcall function 004485D0: __ftol.LIBCMT ref: 004486CE
Part of subcall function 004485D0: __ftol.LIBCMT ref: 004486E1

Part of subcall function 0047B525: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 0047B549
Part of subcall function 0047B525: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 0047B55F

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect__ftol$ClientClipExclude$BeginH_prologPaint
String ID:
API String ID: 3882505602-0
Opcode ID: 3d653d2b58c7282b6193534688b990925e4224d77ce58779012bb4c6efd98be4
Instruction ID: 8289e41c6e4b1c59f369bd8fe50dc4480295e2da6f0ffc1f4f84b8f8aa504fcc
Opcode Fuzzy Hash: 3d653d2b58c7282b6193534688b990925e4224d77ce58779012bb4c6efd98be4
Instruction Fuzzy Hash: 2D718EB16083019FC724DF68C984A6BB7E9EBC8700F054A2EF5D593390EB74ED058B96

Uniqueness

Uniqueness Score: -1.00%

Function 00414ED0 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 00414F01
SendMessageA.USER32 ref: 00414F19
GetStockObject.GDI32(00000011), ref: 00414F23
SendMessageA.USER32 ref: 00414F43

Part of subcall function 00414DD0: CreateFontIndirectA.GDI32 ref: 00414E19

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CreateFontIndirectObjectStock
String ID:
API String ID: 1613733799-0
Opcode ID: d0edeb7b75ad8fdc80382caa303a851c020dc9d50919fe03de220c3a48e4876a
Instruction ID: fd8ee0bcc3325dc266f4b11a27feaca8d68c87b56538059c1cc872ec5ca36d6b
Opcode Fuzzy Hash: d0edeb7b75ad8fdc80382caa303a851c020dc9d50919fe03de220c3a48e4876a
Instruction Fuzzy Hash: BD018C36201311BBDA20DB94ED44FDB33A8ABC8751F05884AB7048B690D774E882CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0047F162 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000000,00000000,0047AE21,00000000,00000000,00000000,00000000,?,00000000,?,004720C9,00000000,00000000,00000000,00000000,004641E6), ref: 0047F16B
SetErrorMode.KERNELBASE(00000000,?,00000000,?,004720C9,00000000,00000000,00000000,00000000,004641E6,00000000), ref: 0047F172

Part of subcall function 0047F1C5: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 0047F1F6
Part of subcall function 0047F1C5: lstrcpy.KERNEL32(?,.HLP), ref: 0047F297
Part of subcall function 0047F1C5: lstrcat.KERNEL32(?,.INI), ref: 0047F2C4

Strings

AF, xrefs: 0047F1A0

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorMode$FileModuleNamelstrcatlstrcpy
String ID: AF
API String ID: 3389432936-2464943741
Opcode ID: d3041e19cfaf1f7d99925ff3ac7e670b3a1e5d11210ea9440a12c31e1a85f900
Instruction ID: 921853934d1e10234d5103e933f4e157a1be809360e4085199ddede5557fa5c8
Opcode Fuzzy Hash: d3041e19cfaf1f7d99925ff3ac7e670b3a1e5d11210ea9440a12c31e1a85f900
Instruction Fuzzy Hash: 78F04971914310CFD724EF26E444A897BE8AF48710F05C59FF4488B3A2CB78D844CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00476CC5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25threadCOMMON

Download Yara Rule

APIs

Part of subcall function 0047E8EE: TlsGetValue.KERNEL32(004D223C,?,00000000,0047E375,0047DC74,0047E391,00479B63,0047AE02,?,00000000,?,004720C9,00000000,00000000,00000000,00000000), ref: 0047E92D

GetCurrentThreadId.KERNEL32 ref: 00476CE7
SetWindowsHookExA.USER32 ref: 00476CF7

Strings

,"M, xrefs: 00476CCC

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentHookThreadValueWindows
String ID: ,"M
API String ID: 933525246-1640570267
Opcode ID: cc4fce7f5f527ddd5c5abc39252590c0ebd817f95a6cca8ec0d12559773b28eb
Instruction ID: 306480dc59f9a63060c237f42475d1170fa9b55bdff5e78dedd2a8000b40817f
Opcode Fuzzy Hash: cc4fce7f5f527ddd5c5abc39252590c0ebd817f95a6cca8ec0d12559773b28eb
Instruction Fuzzy Hash: EAE06D31B00B009ED330AB22A805B9776A6DFD5B51F16CE2FF10DD6240D7789804CB6E

Uniqueness

Uniqueness Score: -1.00%

Function 00418B10 Relevance: 4.6, APIs: 3, Instructions: 124COMMON

Download Yara Rule

APIs

GetStockObject.GDI32 ref: 00418BEE
LoadCursorA.USER32 ref: 00418BFC

Part of subcall function 00477437: wsprintfA.USER32 ref: 0047746D
Part of subcall function 00477437: GetClassInfoA.USER32 ref: 00477498

CreateSolidBrush.GDI32(00000000), ref: 00418C3D

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: BrushClassCreateCursorInfoLoadObjectSolidStockwsprintf
String ID:
API String ID: 698763609-0
Opcode ID: 164ab1890eab67117be240638e236e64ef280673992a693495371a9d1ed5a58a
Instruction ID: 792a0b248d56a3b0a900d450babf088cf6ebfe6672fe8dbbcb3c61b82515326d
Opcode Fuzzy Hash: 164ab1890eab67117be240638e236e64ef280673992a693495371a9d1ed5a58a
Instruction Fuzzy Hash: 534181B1204700AFD314DB69CC45FEBB7E9EB89B14F00491EF59A97380EB74A841CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00426230 Relevance: 4.6, APIs: 3, Instructions: 110windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00426259
IsWindow.USER32 ref: 00426287
PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00426356

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessagePeek$Window
String ID:
API String ID: 1210580970-0
Opcode ID: 2a761d0164028b6a48e8df7346ffef3d8127a01f3bfe2af4c20d2ed289f760de
Instruction ID: ae347f50dcc5b46e6a06f2ebcc320b2da529ae7e62e99213dd411223e560c96f
Opcode Fuzzy Hash: 2a761d0164028b6a48e8df7346ffef3d8127a01f3bfe2af4c20d2ed289f760de
Instruction Fuzzy Hash: D93193B1700226EFD714DF24E984AABB3A8FF84358F41052EF92597240D734ED58CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00476436 Relevance: 4.5, APIs: 3, Instructions: 34COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32 ref: 0047643F
SetWindowLongA.USER32 ref: 0047645E
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00476478

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: b1a8a0726f5a2e638b3bac9e554ff7b92de893e1b08f4f965dc03bbfd3aee473
Instruction ID: ff0e740d8e7d5dbff25df7f0ea877d6baa96f30c5d697e3f2e32189edc68eefc
Opcode Fuzzy Hash: b1a8a0726f5a2e638b3bac9e554ff7b92de893e1b08f4f965dc03bbfd3aee473
Instruction Fuzzy Hash: 16F0303511000ABFDF098F90DC569EE3BAAFB08352B40842AF90AC5161DB35E9619B68

Uniqueness

Uniqueness Score: -1.00%

Function 0047A0D3 Relevance: 4.5, APIs: 3, Instructions: 29windowCOMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL ref: 0047A0E0
TranslateMessage.USER32(?), ref: 0047A100
DispatchMessageA.USER32 ref: 0047A107

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message$CallbackDispatchDispatcherTranslateUser
String ID:
API String ID: 2960505505-0
Opcode ID: b64f40669287def08df0d4b5f8450013a0c9350770fc75e74dd539df01424cb4
Instruction ID: 6ad9104e5f6a145dffbb39d5b21c9a2405f20bb3f087d726aef242f9af0b9dc6
Opcode Fuzzy Hash: b64f40669287def08df0d4b5f8450013a0c9350770fc75e74dd539df01424cb4
Instruction Fuzzy Hash: DDE092322011117BE7219B65AC48DBF33ACFFC1B41B054C2EF502C1210DB64DC428B6A

Uniqueness

Uniqueness Score: -1.00%

Function 00419FB0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 00414D90: GetSysColor.USER32(0000000F), ref: 00414D9D

CreateSolidBrush.GDI32(00000000), ref: 0041A048

Strings

BUTTON, xrefs: 0041A09F

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: BrushColorCreateSolid
String ID: BUTTON
API String ID: 2798526982-3405671355
Opcode ID: 73282ce01b9a44c7edc419f74de09516ea38efffc97be5df32d5bc4711559f48
Instruction ID: 10028010ff45aba082db05caedc5b9370a0d73154af48c329084dd3a43f30278
Opcode Fuzzy Hash: 73282ce01b9a44c7edc419f74de09516ea38efffc97be5df32d5bc4711559f48
Instruction Fuzzy Hash: D53160B1604B019BD314DF59D841F9BB7E8EB88B04F008A1EF586C7390E779E845C796

Uniqueness

Uniqueness Score: -1.00%

Function 0047662C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00476631

Part of subcall function 0047E8EE: TlsGetValue.KERNEL32(004D223C,?,00000000,0047E375,0047DC74,0047E391,00479B63,0047AE02,?,00000000,?,004720C9,00000000,00000000,00000000,00000000), ref: 0047E92D

Strings

,"M, xrefs: 0047663C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologValue
String ID: ,"M
API String ID: 3700342317-1640570267
Opcode ID: 0fff1670f8cd9f24163c93117511d98d147a5491caa394331b854509249974a6
Instruction ID: 8da27dd6f1a9f85a30bf03a7480b5e96d7c1563a1fb719f19f79c7194c1640aa
Opcode Fuzzy Hash: 0fff1670f8cd9f24163c93117511d98d147a5491caa394331b854509249974a6
Instruction Fuzzy Hash: D9213772900209AFCB05DF54C881AEE7BA9FF04318F11806AF919AB641D778AE50CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0041D0C0 Relevance: 3.1, APIs: 2, Instructions: 96COMMON

Download Yara Rule

APIs

GetStockObject.GDI32(00000005), ref: 0041D1AC
LoadCursorA.USER32 ref: 0041D1BA

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorLoadObjectStock
String ID:
API String ID: 3794545487-0
Opcode ID: 3a52f01435ee054245ed91ab689e4d23bb8c791251f5e5af9be9a872e439822f
Instruction ID: 219a85ddc17ed23746186a1d1220064b6b6891dd6fcc644cdfb388db7d84d2a9
Opcode Fuzzy Hash: 3a52f01435ee054245ed91ab689e4d23bb8c791251f5e5af9be9a872e439822f
Instruction Fuzzy Hash: FA31A0B1648701AFD314DB64CC41F6BB7E4FB89B00F108A1EF65987380D779A804CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00461420 Relevance: 3.1, APIs: 2, Instructions: 92COMMON

Download Yara Rule

APIs

GetStockObject.GDI32(00000005), ref: 004614F2
LoadCursorA.USER32 ref: 00461500

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorLoadObjectStock
String ID:
API String ID: 3794545487-0
Opcode ID: 8cc88d2ffcb0dc66b21d95a30357aa2be2aa8cd6724d0cef24d3107d23892b96
Instruction ID: c14bd4f7f84f3575cabc17f5dcf2fdd43b6a4120c598496839c84b3fa31b4b7c
Opcode Fuzzy Hash: 8cc88d2ffcb0dc66b21d95a30357aa2be2aa8cd6724d0cef24d3107d23892b96
Instruction Fuzzy Hash: 56316F71648701AFE314DB54CD41F6BB7E5EB88B10F108A1DF69A87390D778AC00CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00468D50 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,00464164,00000001), ref: 00468D61

Part of subcall function 00468C08: GetVersionExA.KERNEL32 ref: 00468C27

HeapDestroy.KERNEL32 ref: 00468DA0

Part of subcall function 0046C625: RtlAllocateHeap.KERNEL32(00000000,00000140,00468D89,000003F8), ref: 0046C632

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Heap$AllocateCreateDestroyVersion
String ID:
API String ID: 760317429-0
Opcode ID: c48a69f024ff473c8bf38edf03955424b5fe2d29ca1b7f47fc24dda304193ccd
Instruction ID: e10451ac7fa11ce427e286b6f9d928dd19e9607b7df67c96471b430d64df2013
Opcode Fuzzy Hash: c48a69f024ff473c8bf38edf03955424b5fe2d29ca1b7f47fc24dda304193ccd
Instruction Fuzzy Hash: 1FF06571641302AADF601771AC0576E37A1DBA4745F204A3FF511C52D0FFA98440962F

Uniqueness

Uniqueness Score: -1.00%

Function 00430680 Relevance: 3.0, APIs: 2, Instructions: 28COMMON

Download Yara Rule

APIs

LoadImageA.USER32 ref: 0043069B
LoadImageA.USER32 ref: 004306AD

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ImageLoad
String ID:
API String ID: 306446377-0
Opcode ID: 1f7547781f033d0b0738d76cdd7b1655501fcfc1fd1c653cc91d2300faceadaa
Instruction ID: 4f359794f859977785abe660847faa8fce668eb34be672d6335d08c953033c34
Opcode Fuzzy Hash: 1f7547781f033d0b0738d76cdd7b1655501fcfc1fd1c653cc91d2300faceadaa
Instruction Fuzzy Hash: BCE0ED3234131177D620CE5A8C85F9BF7A9EBCDB10F100819B344AB1D1C2F1A44587A9

Uniqueness

Uniqueness Score: -1.00%

Function 00465A25 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 00465B0C

Part of subcall function 0046B414: RtlInitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046E171,00000009,00000000,00000000,00000001,00468B99,00000001,00000074,?,?,00000000,00000001), ref: 0046B451
Part of subcall function 0046B414: RtlEnterCriticalSection.KERNEL32(?,?,?,0046E171,00000009,00000000,00000000,00000001,00468B99,00000001,00000074,?,?,00000000,00000001), ref: 0046B46C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$AllocateEnterHeapInitialize
String ID:
API String ID: 1616793339-0
Opcode ID: b07e91d88a5868cbf60331ff599fbd962c733331f0e9bba5597d88cf2473d2af
Instruction ID: 8ea63909c34ef79d799cc7bd339d154fcd24625bdce971b456be0b15aa13422d
Opcode Fuzzy Hash: b07e91d88a5868cbf60331ff599fbd962c733331f0e9bba5597d88cf2473d2af
Instruction Fuzzy Hash: 57213031A00605ABDB10EFA5DD82B9E77A4EB00724F14461BF410EF3C1E77CA9418B5E

Uniqueness

Uniqueness Score: -1.00%

Function 00476D53 Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

CreateWindowExA.USER32 ref: 00476DF1

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 1a3efe5178ebcd91c5a06960648e69b1ee2a657fbf55fade13faa35ad6e6f059
Instruction ID: 587c054844c886df6c8ab0e389a2581b9910acce5568b7b2dba6af144c1ba1a9
Opcode Fuzzy Hash: 1a3efe5178ebcd91c5a06960648e69b1ee2a657fbf55fade13faa35ad6e6f059
Instruction Fuzzy Hash: 3B319C79A00219AFCF01DFA8C9449DEBBF1BF4C314B11846AF919E7310E7359A519FA4

Uniqueness

Uniqueness Score: -1.00%

Function 00412350 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

GetPrivateProfileStringA.KERNEL32(00000000,00000000,?,?,00002800,00000000), ref: 004123EE

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: PrivateProfileString
String ID:
API String ID: 1096422788-0
Opcode ID: b535d3f0341992df380b14b73693e8af9056b10300b24f68d1f75f293a95fb26
Instruction ID: 34f55004fe6f96403080a650ed2169acb064cf7c70269335ae4db1687460f70e
Opcode Fuzzy Hash: b535d3f0341992df380b14b73693e8af9056b10300b24f68d1f75f293a95fb26
Instruction Fuzzy Hash: 1611C6B52042005BD314EB36ED41DAB73E8EFD4358F00892EFD56C3242EA3CE854876A

Uniqueness

Uniqueness Score: -1.00%

Function 0047A86C Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0047A871

Part of subcall function 0047A5D4: __EH_prolog.LIBCMT ref: 0047A5D9

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 676a4228928ce13b11a9fb7bf5c96c70eb7cacf189ed2eb72a7ed1ff92bf8954
Instruction ID: 4de5258db50232709756c9d9e893705e7636ed2f4e4d8156b02b0db782100326
Opcode Fuzzy Hash: 676a4228928ce13b11a9fb7bf5c96c70eb7cacf189ed2eb72a7ed1ff92bf8954
Instruction Fuzzy Hash: F111AF716003009BC728AF25C995AEFB7F4AF91358B01C92FE54A87641EB78E901CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0047A5D4 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0047A5D9

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 5671ae0e228cfa1ca0884e99635e3ce9a9f5b8776ebe241118950aa15697a949
Instruction ID: 74b47c2150f474ad479d31005a7a589b7f8094c37c8a02a456b9b40c4acad016
Opcode Fuzzy Hash: 5671ae0e228cfa1ca0884e99635e3ce9a9f5b8776ebe241118950aa15697a949
Instruction Fuzzy Hash: D9E09A76D01209DFCB41EFA8D5456AEBBF4FB44719F10887FE415E2241E7358A028B66

Uniqueness

Uniqueness Score: -1.00%

Function 0047DF11 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0047DF16

Part of subcall function 00463FE7: __EH_prolog.LIBCMT ref: 00463FEC
Part of subcall function 00463FE7: RtlEnterCriticalSection.KERNEL32(?,00000200,?,?), ref: 00464003
Part of subcall function 00463FE7: RtlLeaveCriticalSection.KERNEL32(?), ref: 00464049

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalH_prologSection$EnterLeave
String ID:
API String ID: 317552408-0
Opcode ID: 61641b1d52263c3b1031209fb794c5364e28ff4a82dcd0df1794c621058a3e14
Instruction ID: 52ba316b39ebb77ef7381bb134855edf091fed5a1c66fb51cfa84c41ab56c3b9
Opcode Fuzzy Hash: 61641b1d52263c3b1031209fb794c5364e28ff4a82dcd0df1794c621058a3e14
Instruction Fuzzy Hash: 71E08CB1E100659BCB14FF68841169DB6E4EB48708F0089AFF116E3781EBBC4E04C79D

Uniqueness

Uniqueness Score: -1.00%

Function 004791C7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

ShowWindow.USER32(?,?,00479D8B,?,?,?,00000363,00000001,00000000,?,?,?,004795EC,?), ref: 004791D5

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 3b2e22453983a67693b53ab2262eb26348b4cc6d7aa5987120170418d32760d8
Instruction ID: a57fced3e391076595e0c8cdd7c2dbb9cdb046d9452888553baeb7a79327a743
Opcode Fuzzy Hash: 3b2e22453983a67693b53ab2262eb26348b4cc6d7aa5987120170418d32760d8
Instruction Fuzzy Hash: ABD09E34204202DFDB058F60C948A5A77A1FF94705B648579E44A86525D735CC22EB05

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0043D6D0 Relevance: 92.5, APIs: 47, Strings: 5, Instructions: 1494windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047B924: __EH_prolog.LIBCMT ref: 0047B929
Part of subcall function 0047B924: BeginPaint.USER32(?,?,?,?,004179D9), ref: 0047B952

Part of subcall function 0047B4D5: GetClipBox.GDI32(?,?), ref: 0047B4DC

DPtoLP.GDI32 ref: 0043D7EB
GetClientRect.USER32(?,?), ref: 0043D7F9
DPtoLP.GDI32(?,?,00000002), ref: 0043D811
IntersectRect.USER32 ref: 0043D8B0
LPtoDP.GDI32(?,?,00000002), ref: 0043D8F1
IntersectRect.USER32 ref: 0043D94E
LPtoDP.GDI32(?,?,00000002), ref: 0043D98F
CreateRectRgnIndirect.GDI32(?), ref: 0043D9BA
IntersectRect.USER32 ref: 0043D9EE
LPtoDP.GDI32(?,?,00000002), ref: 0043DA2F
CreateRectRgnIndirect.GDI32(?), ref: 0043DA55
CreateRectRgnIndirect.GDI32(?), ref: 0043DA84
GetCurrentObject.GDI32(?,00000006), ref: 0043DAA0
GetCurrentObject.GDI32(?,00000001), ref: 0043DAB9
GetCurrentObject.GDI32(?,00000002), ref: 0043DAD2

Part of subcall function 0047B194: SetBkMode.GDI32(?,?), ref: 0047B1AD
Part of subcall function 0047B194: SetBkMode.GDI32(?,?), ref: 0047B1BB

Part of subcall function 00477F86: GetScrollPos.USER32(00000000,00421E83), ref: 00477FA4

Part of subcall function 0043D300: CreateFontIndirectA.GDI32(00000000), ref: 0043D352

FillRgn.GDI32(?,?,?), ref: 0043DCB2
IntersectRect.USER32 ref: 0043DD97
IsRectEmpty.USER32(?), ref: 0043DDA2
LPtoDP.GDI32(?,?,00000002), ref: 0043DDBF
CreateRectRgnIndirect.GDI32(?), ref: 0043DDCA
CombineRgn.GDI32(?,?,?,00000004), ref: 0043DDFB
DPtoLP.GDI32(?,?,00000002), ref: 0043DE19

Part of subcall function 0047B27B: SetMapMode.GDI32(?,?), ref: 0047B294
Part of subcall function 0047B27B: SetMapMode.GDI32(?,?), ref: 0047B2A2

PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 0043DE58
IntersectRect.USER32 ref: 0043DEEB
IsRectEmpty.USER32(?), ref: 0043DF31
SelectObject.GDI32(?,?), ref: 0043DF6C
DPtoLP.GDI32(?,?,00000001), ref: 0043DFF8
LPtoDP.GDI32(?,?,00000001), ref: 0043E117
DPtoLP.GDI32(?,?,00000001), ref: 0043E135

Part of subcall function 0047B5A9: MoveToEx.GDI32(?,?,?,?), ref: 0047B5CB
Part of subcall function 0047B5A9: MoveToEx.GDI32(?,?,?,?), ref: 0047B5DF

Part of subcall function 0047B5F5: MoveToEx.GDI32(?,?,?,00000000), ref: 0047B60F
Part of subcall function 0047B5F5: LineTo.GDI32(?,?,?), ref: 0047B620

Part of subcall function 0047B0B8: SelectObject.GDI32(004157D5,00000000), ref: 0047B0DA
Part of subcall function 0047B0B8: SelectObject.GDI32(004157D5,?), ref: 0047B0F0

Part of subcall function 00440900: GetCurrentObject.GDI32(?), ref: 004409CB
Part of subcall function 00440900: LPtoDP.GDI32(?,00000000,00000001), ref: 00440A18

IntersectRect.USER32 ref: 0043E282
IsRectEmpty.USER32(00000000), ref: 0043E28D
PatBlt.GDI32(?,00000000,?,?,?,00F00021), ref: 0043E2D4
LPtoDP.GDI32(?,00000000,00000002), ref: 0043E2E9
CreateRectRgnIndirect.GDI32(00000000), ref: 0043E2F4
CombineRgn.GDI32(?,?,?,00000004), ref: 0043E325
LPtoDP.GDI32(?,?,00000001), ref: 0043E354
DPtoLP.GDI32(?,?,00000001), ref: 0043E372
wsprintfA.USER32 ref: 0043E410
SelectObject.GDI32(?,?), ref: 0043E438
IntersectRect.USER32 ref: 0043E9A8
IsRectEmpty.USER32(?), ref: 0043E9B3
LPtoDP.GDI32(?,?,00000002), ref: 0043E9D0
CreateRectRgnIndirect.GDI32(?), ref: 0043E9DB
CombineRgn.GDI32(?,?,?,00000004), ref: 0043EA0C

Part of subcall function 0043FFC0: SetRectEmpty.USER32(?), ref: 00440038

Part of subcall function 0043FFC0: GetSysColor.USER32(0000000F), ref: 00440162
Part of subcall function 0043FFC0: IntersectRect.USER32 ref: 004401C9

GetSysColor.USER32(0000000F), ref: 0043DB96

Part of subcall function 0047BB21: __EH_prolog.LIBCMT ref: 0047BB26
Part of subcall function 0047BB21: CreateSolidBrush.GDI32(?), ref: 0047BB43

Part of subcall function 0047BAD1: __EH_prolog.LIBCMT ref: 0047BAD6
Part of subcall function 0047BAD1: CreatePen.GDI32(?,?,?), ref: 0047BAF9

CreateRectRgnIndirect.GDI32(?), ref: 0043D916

Part of subcall function 0043EE10: CopyRect.USER32 ref: 0043EE87
Part of subcall function 0043EE10: IsRectEmpty.USER32(?), ref: 0043EE92
Part of subcall function 0043EE10: GetClientRect.USER32(00000000,?), ref: 0043EED1
Part of subcall function 0043EE10: DPtoLP.GDI32(?,?,00000002), ref: 0043EEE3
Part of subcall function 0043EE10: LPtoDP.GDI32(?,?,00000002), ref: 0043EF20

FillRect.USER32 ref: 0043ED09

Strings

tCJ, xrefs: 0043DC47
H, xrefs: 0043DA3C
H, xrefs: 0043D8FE
H, xrefs: 0043E922
H, xrefs: 0043E945

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Create$IndirectIntersectObject$Empty$CurrentModeSelect$CombineH_prologMove$ClientColorFill$BeginBrushClipCopyFontLinePaintScrollSolidwsprintf
String ID: tCJ$H$H$H$H
API String ID: 3726329589-1573595918
Opcode ID: 1bbb02b823544d15f6cd02781ab4f850df89c37efa9e3a785465b87bf73fa88a
Instruction ID: 9dde003933278270d048caa9e3be84511fa5ae71983c6f34019d48ad63c5d4b3
Opcode Fuzzy Hash: 1bbb02b823544d15f6cd02781ab4f850df89c37efa9e3a785465b87bf73fa88a
Instruction Fuzzy Hash: CFD238712093819FD324DF66C895BAFB7E9FBC8708F00891EF58983291DB74A905CB56

Uniqueness

Uniqueness Score: -1.00%

Function 004252C0 Relevance: 55.2, APIs: 29, Strings: 2, Instructions: 979windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 00425332
IsIconic.USER32 ref: 0042536A
SetActiveWindow.USER32(?,?,?), ref: 00425393
IsWindow.USER32(?), ref: 004253BD
IsWindow.USER32(?), ref: 0042568E
DestroyAcceleratorTable.USER32 ref: 004257DE
DestroyMenu.USER32(?), ref: 004257E9
DestroyAcceleratorTable.USER32 ref: 00425803
DestroyMenu.USER32(?), ref: 00425812
DestroyAcceleratorTable.USER32 ref: 00425872
DestroyMenu.USER32(?,000003EA,00000000,00000000,?,?,00000000,?,000007D9,00000000,00000000), ref: 00425881
SetParent.USER32(?,?), ref: 00425903
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?), ref: 00425A1B
IsWindow.USER32(?), ref: 00425B4C
SendMessageA.USER32 ref: 00425B61
SendMessageA.USER32 ref: 00425B7E
DestroyAcceleratorTable.USER32 ref: 00425BCC
IsWindow.USER32(?), ref: 00425C41
IsWindow.USER32(?), ref: 00425C91
IsWindow.USER32(?), ref: 00425CE1
IsWindow.USER32(?), ref: 00425D1E
IsWindow.USER32(?), ref: 00425DA1
GetParent.USER32(?), ref: 00425DAF
GetFocus.USER32 ref: 00425DF0

Part of subcall function 004251B0: IsWindow.USER32(?), ref: 0042522B
Part of subcall function 004251B0: GetFocus.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00424565), ref: 00425235
Part of subcall function 004251B0: IsChild.USER32(?,00000000), ref: 00425247

IsWindow.USER32(?), ref: 00425E4F
SendMessageA.USER32 ref: 00425E64
IsWindow.USER32(00000000), ref: 00425E77
GetFocus.USER32 ref: 00425E81
SetFocus.USER32(00000000), ref: 00425E8C

Strings

EK, xrefs: 00425D13
d, xrefs: 004252D3

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Destroy$AcceleratorFocusTable$MenuMessageSend$Parent$ActiveChildIconic
String ID: EK$d
API String ID: 3681805233-1825658576
Opcode ID: 4b6d66eb5b6188f6ea28c49dc61a650747b73c1d2fd321ff4b80c5cfef99f03a
Instruction ID: fc1918296edbcd6bb0ca210b8754d7345bfb338abd00c6185a12f60bde567dc2
Opcode Fuzzy Hash: 4b6d66eb5b6188f6ea28c49dc61a650747b73c1d2fd321ff4b80c5cfef99f03a
Instruction Fuzzy Hash: 51729CB1704711ABC320EF25E880B6FB7E9AF84744F44491EF94997341DB78E845CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0042D600 Relevance: 51.7, APIs: 23, Strings: 6, Instructions: 986windowCOMMON

Download Yara Rule

APIs

IsWindowEnabled.USER32(?), ref: 0042D639
TranslateAccelerator.USER32 ref: 0042D693
IsChild.USER32(?,?), ref: 0042D6C4
GetFocus.USER32(?,?,00000000,000003E9,00000000,00000000,?), ref: 0042D81F
PostMessageA.USER32 ref: 0042D8A9
PostMessageA.USER32 ref: 0042D918
IsChild.USER32(?,00000000), ref: 0042D9C1
SendMessageA.USER32 ref: 0042D992

Part of subcall function 00423190: IsChild.USER32(?,?), ref: 0042320D
Part of subcall function 00423190: GetParent.USER32(?), ref: 00423227

IsWindow.USER32(?), ref: 0042E299

Strings

A, xrefs: 0042DB93
tCJ, xrefs: 0042DBDE
Z, xrefs: 0042DB9C
hlp, xrefs: 0042DF3D
0, xrefs: 0042DB89
9, xrefs: 0042DB8E

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ChildMessage$PostWindow$AcceleratorEnabledFocusParentSendTranslate
String ID: 0$9$A$Z$hlp$tCJ
API String ID: 3372979518-2418012597
Opcode ID: 824df21470ece214b06078390986d3cce96dbbeee53d6ae88d1a5c7bce68a207
Instruction ID: 9a0569c41e4d21d2c4c09986dca8d5b7a9171318d56f135ce2d6a4c6bc1d7fe8
Opcode Fuzzy Hash: 824df21470ece214b06078390986d3cce96dbbeee53d6ae88d1a5c7bce68a207
Instruction Fuzzy Hash: 3C72C170B042619BDB24DF25E880B6F73A9AF84704F90492EF946D7381DB78DC45CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00427470 Relevance: 18.3, APIs: 12, Instructions: 265threadwindownetworkCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00427493
IsWindow.USER32(00020418), ref: 004274AF
SendMessageA.USER32 ref: 004274C8
ExitProcess.KERNEL32 ref: 004274DD
FreeLibrary.KERNEL32(00000000,?,0042EF91,?,?,00426DA5), ref: 004275B1
FreeLibrary.KERNEL32(?,?,0042EF91,?,?,00426DA5), ref: 00427605
DestroyCursor.USER32(00110293), ref: 00427654
DestroyCursor.USER32(00020221), ref: 0042766B
IsWindow.USER32(00020418), ref: 00427682
DestroyCursor.USER32(?), ref: 00427731
WSACleanup.WS2_32 ref: 0042777C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorDestroy$FreeLibraryWindow$CleanupCurrentExitMessageProcessSendThread
String ID:
API String ID: 2560087610-0
Opcode ID: f6eb1dbbf1fea6cadedfded93859828ee887431ecf97f0d5d3dadfd862ce3787
Instruction ID: 17ffa52d03c070d6807b47332a2fb9ccd1c5c8bccf870ef4541c975983655e8f
Opcode Fuzzy Hash: f6eb1dbbf1fea6cadedfded93859828ee887431ecf97f0d5d3dadfd862ce3787
Instruction Fuzzy Hash: B5A17E703047129BD720DF79D8C5BABB7E4BF84354F80492EE56A87251DB38B981CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00475849 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 72stringfileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0047584E
GetFullPathNameA.KERNEL32(?,00000104,?,?,?,?), ref: 0047586C
lstrcpyn.KERNEL32(?,?,00000104), ref: 0047587B
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,?), ref: 004758AF
CharUpperA.USER32(?), ref: 004758C0
FindFirstFileA.KERNEL32(?,?), ref: 004758D6
FindClose.KERNEL32(00000000), ref: 004758E2
lstrcpy.KERNEL32(?,?), ref: 004758F2

Strings

tCJ, xrefs: 00475888

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$CharCloseFileFirstFullH_prologInformationNamePathUpperVolumelstrcpylstrcpyn
String ID: tCJ
API String ID: 304730633-3789860310
Opcode ID: d91abf692cbfc58a7793c960a93920f1e4cf735959a0e008868fed949df62fce
Instruction ID: 611211e7a0ea062a57f552fdad71b2b264386c31a250b25e34810538229e8b58
Opcode Fuzzy Hash: d91abf692cbfc58a7793c960a93920f1e4cf735959a0e008868fed949df62fce
Instruction Fuzzy Hash: 0121907150011ABBCB20AF65DC08EEF7FBCEF45764F00856AF929E61A0D7748A45CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0042A590 Relevance: 15.4, APIs: 10, Instructions: 430COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65845a74bef496d4751773a5c066c53d7044c0a487f7c2615c7e50bbddb23729
Instruction ID: 9a9a7bf0b5ce465388995dc2de7125af7d3f1ee638f58da6323def6dea044d82
Opcode Fuzzy Hash: 65845a74bef496d4751773a5c066c53d7044c0a487f7c2615c7e50bbddb23729
Instruction Fuzzy Hash: E1C1D0767006144FE310EF29BC85A6BB3A5FB84318F904D2FE946C7341DB36E925879A

Uniqueness

Uniqueness Score: -1.00%

Function 00428940 Relevance: 12.9, APIs: 8, Instructions: 859COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b46fe7690d0d1514de6457adf983c84eb4742890fbe1485e1316dbb73c761b39
Instruction ID: 71620197ab0c9fe003021a846a21d59acca60a9906dc63cdcbf463dd0f0e029c
Opcode Fuzzy Hash: b46fe7690d0d1514de6457adf983c84eb4742890fbe1485e1316dbb73c761b39
Instruction Fuzzy Hash: B262C0727043119FD724DF25E880A6FB3E5AF84318F54492EF98A87341DB38ED458B5A

Uniqueness

Uniqueness Score: -1.00%

Function 004429B0 Relevance: 12.1, APIs: 8, Instructions: 88clipboardmemoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000042,?), ref: 00442A27
GlobalFix.KERNEL32 ref: 00442A43
GlobalUnWire.KERNEL32(00000000), ref: 00442A65
OpenClipboard.USER32(00000000), ref: 00442A6D
GlobalFree.KERNEL32 ref: 00442A79
EmptyClipboard.USER32 ref: 00442A81
SetClipboardData.USER32 ref: 00442A93
CloseClipboard.USER32 ref: 00442A99

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClipboardGlobal$AllocCloseDataEmptyFreeOpenWire
String ID:
API String ID: 3835215632-0
Opcode ID: ac283b97ab4aefd79dbc24b07780f4bd0959e1b1432e3b01837eae5163443498
Instruction ID: 7c2ce0aa39d27e4b96c2c884349447455a8f063afd72836f5b05353d60a2b1b3
Opcode Fuzzy Hash: ac283b97ab4aefd79dbc24b07780f4bd0959e1b1432e3b01837eae5163443498
Instruction Fuzzy Hash: 0131B171208202AFD714EBA5DD45B2F77E8EBC8710F404A2EB956D3290DB78D800CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041BCB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114filewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00474B68: InterlockedIncrement.KERNEL32(-000000F4), ref: 00474B7D

FindFirstFileA.KERNEL32(?,?,*.*), ref: 0041BD4A

Part of subcall function 00472320: __EH_prolog.LIBCMT ref: 00472325

Part of subcall function 00474DF3: InterlockedDecrement.KERNEL32(-000000F4), ref: 00474E07

SendMessageA.USER32 ref: 0041BDF0
FindNextFileA.KERNEL32(?,00000010), ref: 0041BDFC
FindClose.KERNEL32(?), ref: 0041BE0F
SendMessageA.USER32 ref: 0041BE21

Strings

*.*, xrefs: 0041BD32

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$FileInterlockedMessageSend$CloseDecrementFirstH_prologIncrementNext
String ID: *.*
API String ID: 2486832813-438819550
Opcode ID: 06af31f09d3ea78f2bfecb6731786620977c23873d69f4762697d9983d681999
Instruction ID: 0e2bd778c2916ceeed0f008b3e277a66b58793a8a896f6eecabb31348d23cf31
Opcode Fuzzy Hash: 06af31f09d3ea78f2bfecb6731786620977c23873d69f4762697d9983d681999
Instruction Fuzzy Hash: 87417F71508341ABC724DF65D841BEFB7E8FB84714F008A2EF5A583290DBB99909CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00442B00 Relevance: 10.6, APIs: 7, Instructions: 89clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00000000), ref: 00442B2D
GetClipboardData.USER32 ref: 00442B46
CloseClipboard.USER32 ref: 00442B52
GlobalSize.KERNEL32(00000000), ref: 00442B88
GlobalFix.KERNEL32 ref: 00442B90
GlobalUnWire.KERNEL32(00000000), ref: 00442BA8
CloseClipboard.USER32 ref: 00442BAE

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Clipboard$Global$Close$DataOpenSizeWire
String ID:
API String ID: 1435569668-0
Opcode ID: c7eaa949ed61dfc7f2e655b79595ad5a7ab2efe5811e6b5a26a70f48fc0e95b7
Instruction ID: 368ce0bb77036d81f7c70576a2a2f53fe4e0e7d7c078caf791bce787c786104e
Opcode Fuzzy Hash: c7eaa949ed61dfc7f2e655b79595ad5a7ab2efe5811e6b5a26a70f48fc0e95b7
Instruction Fuzzy Hash: 182194716042029BE6149F65ED44E7F7799EFC8355F04053EF905C7340EB69E904C76A

Uniqueness

Uniqueness Score: -1.00%

Function 0042E7F0 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047905F: GetWindowLongA.USER32 ref: 0047906B

IsIconic.USER32 ref: 0042E816
IsZoomed.USER32(?), ref: 0042E824
GetWindowRect.USER32 ref: 0042E842
GetSystemMetrics.USER32 ref: 0042E850
GetSystemMetrics.USER32 ref: 0042E856
IsWindow.USER32(?), ref: 0042E884
ShowWindow.USER32(?,00000005,?,00425211), ref: 0042E893

Part of subcall function 004791C7: ShowWindow.USER32(?,?,00479D8B,?,?,?,00000363,00000001,00000000,?,?,?,004795EC,?), ref: 004791D5

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$MetricsShowSystem$IconicLongRectZoomed
String ID:
API String ID: 4099700322-0
Opcode ID: 6f964621a6029aa6beec8a8b5093272ab55f006ed16aec0c79a089e23d9279f4
Instruction ID: bfeb7feabbc87c27304645b22ecf44e01be312c3a907e613789864833db2e840
Opcode Fuzzy Hash: 6f964621a6029aa6beec8a8b5093272ab55f006ed16aec0c79a089e23d9279f4
Instruction Fuzzy Hash: 0511B635700311ABEA24BB66AC45F6F735CDB80B41F80482EFA4597282DA79D8048769

Uniqueness

Uniqueness Score: -1.00%

Function 00411AF0 Relevance: 10.6, APIs: 7, Instructions: 50clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00000000), ref: 00411AFC
EmptyClipboard.USER32 ref: 00411B0A
GlobalAlloc.KERNEL32(00000042), ref: 00411B26
GlobalFix.KERNEL32 ref: 00411B35
GlobalUnWire.KERNEL32(00000000), ref: 00411B4E
SetClipboardData.USER32 ref: 00411B57
CloseClipboard.USER32 ref: 00411B67

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Clipboard$Global$AllocCloseDataEmptyOpenWire
String ID:
API String ID: 2050416147-0
Opcode ID: c497d81589a7a2751dd716f142bd3927260220b20c94ae2c520845a7842048e6
Instruction ID: 462920c801612e807c6f90e374c3a2dcb7fe2dfcc24311614ac0044e6a8d5b81
Opcode Fuzzy Hash: c497d81589a7a2751dd716f142bd3927260220b20c94ae2c520845a7842048e6
Instruction Fuzzy Hash: 5301D435304206AFD3045FA5EC49B2F7BD8EB86761F41042DFA42832D0CB719C00CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00477437 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0047746D
wsprintfA.USER32 ref: 00477489
GetClassInfoA.USER32 ref: 00477498

Strings

Afx:%x:%x, xrefs: 00477467
Afx:%x:%x:%x:%x:%x, xrefs: 00477483

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf$ClassInfo
String ID: Afx:%x:%x$Afx:%x:%x:%x:%x:%x
API String ID: 845911565-79760390
Opcode ID: accd5abfdce3a4b394a723bfd1babb9b92264c18f8afd628c8a69e78f1b61e8c
Instruction ID: c7ff57e5799780c07fce030bddc6bf2c37bbf045321cbff42d1828f8da0b168c
Opcode Fuzzy Hash: accd5abfdce3a4b394a723bfd1babb9b92264c18f8afd628c8a69e78f1b61e8c
Instruction Fuzzy Hash: 6E213E7190121AAB8B10EF99DC819DF7FB8FF48754F40842FF908A3201E3348A51DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0042A0D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

GetClassInfoA.USER32 ref: 0042A0F8
LoadCursorA.USER32 ref: 0042A109
GetStockObject.GDI32(00000005), ref: 0042A113

Strings

WTWindow, xrefs: 0042A0EC, 0042A0F6

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClassCursorInfoLoadObjectStock
String ID: WTWindow
API String ID: 1762135420-3503404378
Opcode ID: 4339aa8d0d3c65603f305e00f84e31ecda768e4ffcf71aa3deb07dc4544bd9b5
Instruction ID: cc8d57c775413ed71de1cb0bb3f98ce459d942bb53a9a1563cd9e51abe96de76
Opcode Fuzzy Hash: 4339aa8d0d3c65603f305e00f84e31ecda768e4ffcf71aa3deb07dc4544bd9b5
Instruction Fuzzy Hash: 49118E71A09311AFD310DF56988091FBBE8FFC8754F80492EFD8993311D73899458B9A

Uniqueness

Uniqueness Score: -1.00%

Function 00426E50 Relevance: 6.1, APIs: 4, Instructions: 94fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32(?,?), ref: 00426EA2
FindClose.KERNEL32 ref: 00426EB1
FindFirstFileA.KERNEL32(?,?), ref: 00426EBD
FindClose.KERNEL32(00000000), ref: 00426F1B

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: af68bfb9b917181dd30c9fd283f3f316122d568ae44923df8a02d235aabe9f44
Instruction ID: 4c7933f0424ad599131552ea8f1b37d54c425582aa3e8795d585fc3c5e2d62b2
Opcode Fuzzy Hash: af68bfb9b917181dd30c9fd283f3f316122d568ae44923df8a02d235aabe9f44
Instruction Fuzzy Hash: 72213C767047318BD7318A24F9407BBB394ABD4324F97062AED2987390EB3DDC05878A

Uniqueness

Uniqueness Score: -1.00%

Function 004783FC Relevance: 6.0, APIs: 4, Instructions: 38keyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047905F: GetWindowLongA.USER32 ref: 0047906B

GetKeyState.USER32 ref: 00478420
GetKeyState.USER32 ref: 00478429
GetKeyState.USER32 ref: 00478432
SendMessageA.USER32 ref: 00478448

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: State$LongMessageSendWindow
String ID:
API String ID: 1063413437-0
Opcode ID: b769e9e0c2bb88f68dbbfdecd3f89d9b5a481f237e0cdf4adceeb48f00fcadbf
Instruction ID: 4fe55e973290c5d664b11ae80d54aeaded2ae2a9601897e1f71281c1d4465063
Opcode Fuzzy Hash: b769e9e0c2bb88f68dbbfdecd3f89d9b5a481f237e0cdf4adceeb48f00fcadbf
Instruction Fuzzy Hash: 6FF082362803472AE92036566C46FDD52144F81FD9F01C82FB709BA1D2EDD989425278

Uniqueness

Uniqueness Score: -1.00%

Function 00477427 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 0047F653: RtlLeaveCriticalSection.KERNEL32(?,0047E9BB,00000010,00000010,?,00000000,?,?,?,0047E38B,0047E3EE,0047DC74,0047E391,00479B63,0047AE02), ref: 0047F66B

Part of subcall function 004669FC: RaiseException.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,004641E6,00000000), ref: 00466A2A

wsprintfA.USER32 ref: 0047746D
wsprintfA.USER32 ref: 00477489
GetClassInfoA.USER32 ref: 00477498

Strings

Afx:%x:%x, xrefs: 00477467

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf$ClassCriticalExceptionInfoLeaveRaiseSection
String ID: Afx:%x:%x
API String ID: 2529146597-2071556601
Opcode ID: 647229094e7d1325d45f1a8f043217f43dd21a59d8c6b7d3950bec49109b1370
Instruction ID: f9726798f947209a5f30c33a86811a98c2aee5eb04c373bb9b11d97515f2df9b
Opcode Fuzzy Hash: 647229094e7d1325d45f1a8f043217f43dd21a59d8c6b7d3950bec49109b1370
Instruction Fuzzy Hash: D21136719012099F8B10EFA5D8819DF7BB8EF48754F40853FF908E3201D77899418BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00478C46 Relevance: 5.2, Strings: 4, Instructions: 226COMMON

Download Yara Rule

Strings

@, xrefs: 00478D7E
AfxMDIFrame42s, xrefs: 00478D17
@, xrefs: 00478E17
AfxFrameOrView42s, xrefs: 00478D3C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: @$@$AfxFrameOrView42s$AfxMDIFrame42s
API String ID: 0-106449230
Opcode ID: 470f641ba09c5951e5214183ec141d146cf0cd9656321df2d2d0806066ec7b84
Instruction ID: 39aeba19411d79250a4ce7e2ec99e36bc2bb61302a850390919fdb0931f6b72b
Opcode Fuzzy Hash: 470f641ba09c5951e5214183ec141d146cf0cd9656321df2d2d0806066ec7b84
Instruction Fuzzy Hash: D78144B1D40209AEDB50DFA4C589BDEBBF8AF14344F14C06EF91CE6281DBB89A44C794

Uniqueness

Uniqueness Score: -1.00%

Function 00441210 Relevance: 4.8, APIs: 3, Instructions: 308keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 00441230
GetKeyState.USER32 ref: 00441240
CopyRect.USER32 ref: 00441315

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: State$CopyRect
String ID:
API String ID: 4142901696-0
Opcode ID: b8fc82a9eb00a500b976de2abd5a516935d6e333f290dbd00079d4413327e4b2
Instruction ID: 253f46adf9e9a05fdf3d56b5c7c6d0f87683b4cf52a703b8913fa2f82b5d7dfa
Opcode Fuzzy Hash: b8fc82a9eb00a500b976de2abd5a516935d6e333f290dbd00079d4413327e4b2
Instruction Fuzzy Hash: 89A19F713443019BE628DA14C981F7BB3E5BBC8704F10491FFA86973A0D7B9ED85875A

Uniqueness

Uniqueness Score: -1.00%

Function 00466920 Relevance: 4.6, APIs: 3, Instructions: 75timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0046692D
GetSystemTime.KERNEL32(?), ref: 00466937
GetTimeZoneInformation.KERNEL32(?), ref: 0046698C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Time$InformationLocalSystemZone
String ID:
API String ID: 2475273158-0
Opcode ID: 7b00d4f450012d10f31ecb5b726b2a3162bf4bd022aba63654a5cb88c49a5f1e
Instruction ID: e0b639ec0f845d2238c250551f39485d2942a9d80902f5b724aea1ccb70d6b50
Opcode Fuzzy Hash: 7b00d4f450012d10f31ecb5b726b2a3162bf4bd022aba63654a5cb88c49a5f1e
Instruction Fuzzy Hash: 262171B9801009E5CF10AF95E918AFF77B9AB15710F410517FD55A6290F3784CCAC76D

Uniqueness

Uniqueness Score: -1.00%

Function 004761DD Relevance: 4.5, APIs: 3, Instructions: 49COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(?,00000000,00000005), ref: 004761FC
LoadResource.KERNEL32(?,00000000), ref: 00476204
LockResource.KERNEL32(?), ref: 00476210

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Resource$FindLoadLock
String ID:
API String ID: 2752051264-0
Opcode ID: d158003f59129c750451ed873a3511f7d73f4ad5aef3f52b697d753564173187
Instruction ID: c5d719b1e3d8e31a387949a032ad71ace94446becaaeb18bdb21faaf8c8cbcab
Opcode Fuzzy Hash: d158003f59129c750451ed873a3511f7d73f4ad5aef3f52b697d753564173187
Instruction Fuzzy Hash: C401F936204B119BC6746B659C44AE3B376FF447A0F0288CAF94AA7743E738EC45C768

Uniqueness

Uniqueness Score: -1.00%

Function 0042F240 Relevance: 4.5, APIs: 3, Instructions: 49keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 0042F271
GetKeyState.USER32 ref: 0042F286
GetKeyState.USER32 ref: 0042F29B

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: State
String ID:
API String ID: 1649606143-0
Opcode ID: add127810ed3269f02b40de7bfe520d31aa0b8fa381b36806a6d349be8822586
Instruction ID: dd4bf4f20e6e050b041a11dbfaf6d1953d5596a487359f5385908e936c3a5980
Opcode Fuzzy Hash: add127810ed3269f02b40de7bfe520d31aa0b8fa381b36806a6d349be8822586
Instruction Fuzzy Hash: F701AD2EF08A75C5EE2422A5B908BF255610B53B60FE640F3C94C37781958E0C8E23BE

Uniqueness

Uniqueness Score: -1.00%

Function 00463D3F Relevance: 4.5, APIs: 3, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ce06d1d671e6426cebe48c98d61ec0d2490ca833a0fcbaff1d7c2bb0832c8cb
Instruction ID: 7400459bc95d4651b3562301843802bf491e4cf509c8daf7cbf8799a122056aa
Opcode Fuzzy Hash: 8ce06d1d671e6426cebe48c98d61ec0d2490ca833a0fcbaff1d7c2bb0832c8cb
Instruction Fuzzy Hash: 48F08C31604189EBCF016F65CE08AAE3BB9AF40346F048026F81295160EB38CB11AB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00479F23 Relevance: 4.5, APIs: 3, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 00479F4A
GetKeyState.USER32 ref: 00479F53
GetKeyState.USER32 ref: 00479F5C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: State
String ID:
API String ID: 1649606143-0
Opcode ID: 8730affe71691cdff44751f4761d38dacea3c784b16503e71c3790c6622bb37d
Instruction ID: be4b91f061e3bc71b5de32686161be14dd22673176eb9304286bec48f4b3bb86
Opcode Fuzzy Hash: 8730affe71691cdff44751f4761d38dacea3c784b16503e71c3790c6622bb37d
Instruction Fuzzy Hash: 61E0923554535ADDEE4096408900FD966A85B19B90F41C46FFA4CEB0D1C6A8DC83D779

Uniqueness

Uniqueness Score: -1.00%

Function 00431880 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 638COMMON

Download Yara Rule

Strings

tCJ, xrefs: 0043190E

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: tCJ
API String ID: 0-3789860310
Opcode ID: b6066a1d8c0c14bb7b45ca3ebd1ef2eb2e77fe3a91075b9d07d8d24e02e1b114
Instruction ID: 1d1b11944533ef0dc60eff68a9585bd9ebe29ee2a0bf25db2921dd0e2fa17fc7
Opcode Fuzzy Hash: b6066a1d8c0c14bb7b45ca3ebd1ef2eb2e77fe3a91075b9d07d8d24e02e1b114
Instruction Fuzzy Hash: BD32B371E00205DFCB14DFA9C881AAEB7B1BF4C314F24516EE516A7391EB38AD41CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0047769D Relevance: 3.4, APIs: 2, Instructions: 422COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004776A2
GetVersion.KERNEL32(00000007,?,?,00000000,00000000,?,0000C000,00000000,00000000,00000007), ref: 00477855

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologVersion
String ID:
API String ID: 1836448879-0
Opcode ID: c7af2351624f87445ff6858e9f66c8b6c390a5227f51a8f4bacd0e939a85f9b1
Instruction ID: eb0f7577a89c2a8c3d91a8e450af1e4e7fcea74a95b920945390e2f9a4b0f82a
Opcode Fuzzy Hash: c7af2351624f87445ff6858e9f66c8b6c390a5227f51a8f4bacd0e939a85f9b1
Instruction Fuzzy Hash: F3E180B0608205ABEB14DF55CC84EFE77A9EF04318F90C51AF81D9B251D738EA12DB69

Uniqueness

Uniqueness Score: -1.00%

Function 0042AC60 Relevance: 3.2, APIs: 2, Instructions: 209windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32 ref: 0042AD90

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Iconic
String ID:
API String ID: 110040809-0
Opcode ID: 37efb3e83dd492b70870de76b7ea6f91b3b05f84872c2a937753b7d0d74432c9
Instruction ID: 78af6fb910b34e6ba4f9d569a49c166738515cb060d0023bf0db41135243e4e3
Opcode Fuzzy Hash: 37efb3e83dd492b70870de76b7ea6f91b3b05f84872c2a937753b7d0d74432c9
Instruction Fuzzy Hash: 2281BCB6214711CBD310CF28D480B8AB7E1FB99300F10886EE59ACB740D376E896CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00439A90 Relevance: 3.1, APIs: 2, Instructions: 62COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,4004667F,?), ref: 00439AC2
recvfrom.WS2_32(00000000,00000000,?,00000000,00000000,00000000), ref: 00439B10

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ioctlsocketrecvfrom
String ID:
API String ID: 217199969-0
Opcode ID: 1c4574026a1ecc4e311a085904270877d94ea47448eff0f6f7c4400ad95c64b4
Instruction ID: c7a3e31cab0666d525a275c5f1cd8b42a1bd42f9368e1d47b03ef50fbd1afd4a
Opcode Fuzzy Hash: 1c4574026a1ecc4e311a085904270877d94ea47448eff0f6f7c4400ad95c64b4
Instruction Fuzzy Hash: 67214F70104601ABC714DF24D995B6BB7E4BB98714F108B1EF49A972D0DB78AC41CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0042F090 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(0000008C,?), ref: 0042F0A0
FindClose.KERNEL32(00000000), ref: 0042F0AC

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 78912d84dd5f70b7ce335a43b10461b52b960ab883d40eea7f91661e035b3c57
Instruction ID: 180c289ad43b7ca264d648a9ec83dfe82241f5027b10f4099987282e93496a85
Opcode Fuzzy Hash: 78912d84dd5f70b7ce335a43b10461b52b960ab883d40eea7f91661e035b3c57
Instruction Fuzzy Hash: 55D05E755141025BD3259B74ED08AAA7269A784320FC40A78BD2CC12E0E67EC8588622

Uniqueness

Uniqueness Score: -1.00%

Function 00437F30 Relevance: 2.8, Strings: 2, Instructions: 257COMMON

Download Yara Rule

Strings

d, xrefs: 00438174
MTrk, xrefs: 004380AC

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: MTrk$d
API String ID: 0-4044675371
Opcode ID: 36a3b119cea84ad73e5a01002f8eeaf6e097ded8bb50b4c1840a5449670aceae
Instruction ID: f03a2e6989eb42886725886be78d636b9edfebf95640b5b5b358edd91feb6b06
Opcode Fuzzy Hash: 36a3b119cea84ad73e5a01002f8eeaf6e097ded8bb50b4c1840a5449670aceae
Instruction Fuzzy Hash: B091A071B043059FD718CF29C88056AB7E2EFC8304F14892EF85ACB345EA78E906CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00449650 Relevance: 2.5, APIs: 1, Instructions: 1006COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da6e327007d2a09a353c0ad01f579d4a3ec4e891fde7448e39132659d45aad0c
Instruction ID: eddc6dbccc9beee144305c46523403572e99983a36a5cbc81c0de60ba882c16f
Opcode Fuzzy Hash: da6e327007d2a09a353c0ad01f579d4a3ec4e891fde7448e39132659d45aad0c
Instruction Fuzzy Hash: 08924371604B418FE329CF29C0906A7FBE2BF99304F24892ED5DB87B61D635B849CB45

Uniqueness

Uniqueness Score: -1.00%

Function 0046F2D9 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 0046F2DE

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 656b4b6164f0702da2733f2655a300f0b8c56676f63e7ecdf3d2f6c0057ce16a
Instruction ID: 473f427292d4de1cd48d7a818545fbdc988da0a9fe16decfb654aa88f86e249e
Opcode Fuzzy Hash: 656b4b6164f0702da2733f2655a300f0b8c56676f63e7ecdf3d2f6c0057ce16a
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 0044B6B0 Relevance: .9, Instructions: 903COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7588268db9ad160e2392b48f534035be178d540a008719f74208fe9ed0531eb1
Instruction ID: fdae97fc1ba1a986854ea2dc5b12972292349d4beda972b25f47d7acd4335af1
Opcode Fuzzy Hash: 7588268db9ad160e2392b48f534035be178d540a008719f74208fe9ed0531eb1
Instruction Fuzzy Hash: E552C9767447094BD308CE9ACC9159EF3E3ABC8304F498A3CE955C3346EEB8ED0A8655

Uniqueness

Uniqueness Score: -1.00%

Function 00470C41 Relevance: .4, Instructions: 417COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93462b5a6059b75dae0bd145254183e278439cd258abfb8f44597107c2718300
Instruction ID: ac8762057f5163daf12c8564d22a3bf1bf87e2feadb41798af0fdd4e6ec6a05b
Opcode Fuzzy Hash: 93462b5a6059b75dae0bd145254183e278439cd258abfb8f44597107c2718300
Instruction Fuzzy Hash: 59E1E430E56249CEEB358FA8C5457FE7BB5BB04304F68C11BE449A7291D3BC9982CB19

Uniqueness

Uniqueness Score: -1.00%

Function 0042F900 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b71ec3f1f03b82af0d1e84999476521b8e7f09862eb2c1865498db1f387652da
Instruction ID: 4007bab1d3857880f15f7b5686bc5b94c520ed56ca87bf8532b6f1bf0a02ef6a
Opcode Fuzzy Hash: b71ec3f1f03b82af0d1e84999476521b8e7f09862eb2c1865498db1f387652da
Instruction Fuzzy Hash: 7FC1CC727086A44FE725CE19E0643ABBBF2AF85744FD8847FE48547351D238984DCB4A

Uniqueness

Uniqueness Score: -1.00%

Function 0046CE76 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
Instruction ID: 014c4189981899a9f06e7ff11dc0a033a7cb3e88b7b6b863a7a9b4799d465873
Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
Instruction Fuzzy Hash: B0B17C75E0020ADFDB19CF04C5D0AA9BBA2BF59318F14C19ED85A5B382D735EE46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0045A710 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cab88bb81d6f1a3f294bb195b69a7ed404116198194961875d31482ad394f9ff
Instruction ID: 57956684d14a47c26cc8af5521cbe6cb3153e9fbcd5c7dbb7bc5a5ab605ada60
Opcode Fuzzy Hash: cab88bb81d6f1a3f294bb195b69a7ed404116198194961875d31482ad394f9ff
Instruction Fuzzy Hash: 9CA10775A087418FC314CF29C49085AFBF2BFC8714F198A6EE99987325E770E955CB82

Uniqueness

Uniqueness Score: -1.00%

Function 004DAD00 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dc641a110ca9df19878faaf737841f865a9904d38a7bb4b8f4adfe9b60eb3df
Instruction ID: c2929ce6cc0eae8466dbe62c553553a9de9bc8e8ff932f4e62dc05cb731f651e
Opcode Fuzzy Hash: 1dc641a110ca9df19878faaf737841f865a9904d38a7bb4b8f4adfe9b60eb3df
Instruction Fuzzy Hash: 4181A271204B418FC724CF29C8A06AAB7E2EFD5314F14896FD0EA87751D738E859CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00459C70 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c85e5f8c1b8543d5e31b2507d484f8634bc59b4117db2810bbc7b5cb86d4c726
Instruction ID: 90c009942e63b9b4cc93197677ccd731a231133773d0d279cbef6f44521c2b26
Opcode Fuzzy Hash: c85e5f8c1b8543d5e31b2507d484f8634bc59b4117db2810bbc7b5cb86d4c726
Instruction Fuzzy Hash: 3581E83954A7819FC711CF29C0D04A6FBE2BF9E204F5C999DE9D50B317C231A91ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 004661C0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e65a41849ba1dff17564a555de7faa284a3be694d3db7f60d411abc468340149
Instruction ID: 708a875bb8b63a29a348e7540d8a4680b1909eb0e9ce60eab7ddaaf6e424620d
Opcode Fuzzy Hash: e65a41849ba1dff17564a555de7faa284a3be694d3db7f60d411abc468340149
Instruction Fuzzy Hash: 09113AB764414183D714DEA9D8B02B7E396EBC632072F82FBD1828B344F6299D45890A

Uniqueness

Uniqueness Score: -1.00%

Function 00461E13 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df7fa5908e46daf06da4ea5dd47437a73c39ac20403c4584fdf3f89494b66372
Instruction ID: e2f751d1e0baedd5da7006fa3fc3dbe5301d5098d643cb308c783d52a08b8972
Opcode Fuzzy Hash: df7fa5908e46daf06da4ea5dd47437a73c39ac20403c4584fdf3f89494b66372
Instruction Fuzzy Hash: 9AD0C9359005054FE700CE14D545B96B7B1FB56311F849491E402AB761D57BDC95CA0A

Uniqueness

Uniqueness Score: -1.00%

Function 00448AB0 Relevance: 80.0, APIs: 53, Instructions: 459windowsleepCOMMON

Download Yara Rule

APIs

7406AC50.USER32(?), ref: 00448AD2

Part of subcall function 004307B0: 7406AA50.USER32(00000000,000000FF,?), ref: 004307BF

SetStretchBltMode.GDI32(00000000,00000000), ref: 00448AE5
7406A590.GDI32(00000000), ref: 00448AF2
7406A590.GDI32(00000000), ref: 00448AF7
7406A520.GDI32(00000000,?,?), ref: 00448B48
SelectObject.GDI32(00000000,00000000), ref: 00448B5C
SelectObject.GDI32(?,?), ref: 00448B86
PatBlt.GDI32(?,00000000,00000000,?,?,00F00021), ref: 00448BA8
SelectObject.GDI32(?,?), ref: 00448BB8
SelectObject.GDI32(?,?), ref: 00448BC4
GetTickCount.KERNEL32 ref: 00448C12
SelectObject.GDI32(?,?), ref: 00448C4A
SelectObject.GDI32(00000000,00000000), ref: 00448C66
740797E0.GDI32(?,?,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00448C8B
SelectObject.GDI32(00000000,?), ref: 00448C97
DeleteObject.GDI32(00000000), ref: 00448C9E
7406A520.GDI32(00000000,?,?), ref: 00448CE2
SelectObject.GDI32(00000000,00000000), ref: 00448CEE
740797E0.GDI32(00000000,00000000,00000000,?,?,?,?,00000000,00CC0020), ref: 00448D13
SelectObject.GDI32(00000000,?), ref: 00448D1F
SelectObject.GDI32(00000000,?), ref: 00448D27
7406A590.GDI32(00000000), ref: 00448D3C
7406A590.GDI32(00000000), ref: 00448D45
7406A410.GDI32(?,?,00000001,00000001,00000000), ref: 00448D5B
7406A410.GDI32(?,?,00000001,00000001,00000000), ref: 00448D73
SelectObject.GDI32(00000000,?), ref: 00448D83
SelectObject.GDI32(00000000,?), ref: 00448D93
SetBkColor.GDI32(00000000,?), ref: 00448DA5
740797E0.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00448DC6
SetBkColor.GDI32(00000000,?), ref: 00448DD2
740797E0.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00330008), ref: 00448DEF
740797E0.GDI32(?,?,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 00448E14
740797E0.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 00448E31
740797E0.GDI32(?,?,00000000,?,?,00000000,00000000,00000000,00EE0086), ref: 00448E56
SelectObject.GDI32(00000000,?), ref: 00448E62
DeleteObject.GDI32(00000000), ref: 00448E69
SelectObject.GDI32(00000000,?), ref: 00448E75
DeleteObject.GDI32(00000000), ref: 00448E7C
DeleteDC.GDI32(00000000), ref: 00448E89
DeleteDC.GDI32(00000000), ref: 00448E8C
SelectObject.GDI32(00000000,?), ref: 00448EC5
DeleteObject.GDI32(?), ref: 00448ECC
IsWindow.USER32(?), ref: 00448ED6
StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,?,?,00CC0020), ref: 00448F3A
740797E0.GDI32(00000000,?,?,?,?,?,00000000,00000000,00CC0020,?,?,?,00000000), ref: 00448F64
SelectObject.GDI32(?,?), ref: 00448F74
Sleep.KERNEL32(0000000A), ref: 00448FC0
GetTickCount.KERNEL32 ref: 00448FC6
DeleteObject.GDI32(00000000), ref: 00448FF3
DeleteDC.GDI32(00000000), ref: 00449000
DeleteDC.GDI32(?), ref: 00449007
7406B380.USER32(?,00000000), ref: 0044900E

Part of subcall function 004485D0: GetClientRect.USER32(?,?), ref: 004485F7
Part of subcall function 004485D0: __ftol.LIBCMT ref: 004486CE
Part of subcall function 004485D0: __ftol.LIBCMT ref: 004486E1

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$Select$7406$Delete$740797$A590$A410A520ColorCountStretchTick__ftol$B380ClientModeRectSleepWindow
String ID:
API String ID: 779397190-0
Opcode ID: 4abdfe83acf059dc8283d9337de75b7493d6dba8c4bb18d5a51fc96c94f52778
Instruction ID: f93c79bcc17102887bf4a62b043f8548147f1478ccab670634d4aca4e1c6f828
Opcode Fuzzy Hash: 4abdfe83acf059dc8283d9337de75b7493d6dba8c4bb18d5a51fc96c94f52778
Instruction Fuzzy Hash: 0502D3B1204701AFE324DF65CD89F6BB7E9FB88B04F10491DF69697290DB74E8058B29

Uniqueness

Uniqueness Score: -1.00%

Function 0044D620 Relevance: 42.4, APIs: 19, Strings: 5, Instructions: 356windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0042FE40: SendMessageA.USER32 ref: 0042FE63

GetProfileStringA.KERNEL32(windows,device,,,,,?,000001F4), ref: 0044D679
GetProfileStringA.KERNEL32(devices,00000000,004A8424,?,00001000), ref: 0044D6B8
GetProfileStringA.KERNEL32(devices,?,,,,,?,000000C8), ref: 0044D6FA
SendMessageA.USER32 ref: 0044D7BB
SendMessageA.USER32 ref: 0044D7F8
SendMessageA.USER32 ref: 0044D89B
wsprintfA.USER32 ref: 0044D8B4
wsprintfA.USER32 ref: 0044D8DA
wsprintfA.USER32 ref: 0044D900
SendMessageA.USER32 ref: 0044D933
SendMessageA.USER32 ref: 0044D95E
SendMessageA.USER32 ref: 0044D974
SendMessageA.USER32 ref: 0044D98B
SendMessageA.USER32 ref: 0044D9CF
wsprintfA.USER32 ref: 0044D9E2
wsprintfA.USER32 ref: 0044DA0C
SendMessageA.USER32 ref: 0044DA32
SendMessageA.USER32 ref: 0044DA73
wsprintfA.USER32 ref: 0044DA84

Strings

,,,, xrefs: 0044D66A, 0044D6EF
device, xrefs: 0044D66F
none, xrefs: 0044D738
windows, xrefs: 0044D674
devices, xrefs: 0044D6B3, 0044D6F5

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$wsprintf$ProfileString
String ID: ,,,$device$devices$none$windows
API String ID: 2373861888-528626633
Opcode ID: b76f3177f7d4c5468e4b1836ddd87dd7144c22c193c4ed3ee391c076f5e3b159
Instruction ID: c078a7d7014e138e6af1de1240670220da08db6284d63ade2fbdcc73020a1844
Opcode Fuzzy Hash: b76f3177f7d4c5468e4b1836ddd87dd7144c22c193c4ed3ee391c076f5e3b159
Instruction Fuzzy Hash: 3FC1A5B1644701ABD624DB75CC82FEB73A9AB84704F004A1EB55A971C1EE78FA048B69

Uniqueness

Uniqueness Score: -1.00%

Function 00451730 Relevance: 38.0, APIs: 25, Instructions: 452COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000010), ref: 004517B8

Part of subcall function 0047DA99: SetBkColor.GDI32(?,?), ref: 0047DAA8
Part of subcall function 0047DA99: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 0047DADA

GetSysColor.USER32(00000014), ref: 004517F0
InflateRect.USER32(?,000000FF,000000FF), ref: 00451822
GetSysColor.USER32(00000016), ref: 0045183B
GetSysColor.USER32(0000000F), ref: 0045184B
DrawEdge.USER32(?,?,00000002,0000000F), ref: 00451884
7406AD70.GDI32(?), ref: 00451A8E
7406B150.GDI32(?,?,00000000), ref: 00451AB1
GetSysColor.USER32(00000014), ref: 00451AC9
GetSysColor.USER32(0000000F), ref: 00451ADB
GetSysColor.USER32(0000000F), ref: 00451791

Part of subcall function 0047DA6F: SetBkColor.GDI32(?,?), ref: 0047DA79
Part of subcall function 0047DA6F: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 0047DA8F

GetSysColor.USER32(0000000F), ref: 004518E8
InflateRect.USER32(?,000000FF,000000FF), ref: 00451921
GetSysColor.USER32(00000016), ref: 00451936
GetSysColor.USER32(0000000F), ref: 00451942
InflateRect.USER32(?,?,?), ref: 00451983
GetSysColor.USER32(00000010), ref: 00451987
Rectangle.GDI32(?,?,?,?,?), ref: 004519CE
DrawEdge.USER32(?,?,00000002,0000000F), ref: 00451A09
DrawEdge.USER32(?,?,00000002,0000000F), ref: 00451B10
GetSysColor.USER32(00000010), ref: 00451B6D
CreatePen.GDI32(00000000,00000001,00000000), ref: 00451B74
InflateRect.USER32(?,?,?), ref: 00451BB3
Rectangle.GDI32(?,?,?,?,?), ref: 00451BD1
7406AD70.GDI32(?,00000026,00000000,00000000), ref: 00451C07

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Color$InflateRect$7406DrawEdge$RectangleText$B150Create
String ID:
API String ID: 2554583013-0
Opcode ID: 94793ef3e2c690ad88f3e9bc9ee39604aece390f6867ab14d13642bcaf1ff111
Instruction ID: 8c87e8f3f3617ba22631413a339572148e64d1ca31ce2272f71115e672457538
Opcode Fuzzy Hash: 94793ef3e2c690ad88f3e9bc9ee39604aece390f6867ab14d13642bcaf1ff111
Instruction Fuzzy Hash: DCF14971204701AFD714EB64C884F6BB3E9FBC8714F108A2EF65687291DBB4E805CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004263D0 Relevance: 33.3, APIs: 22, Instructions: 293windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 0042645F
GetWindowRect.USER32 ref: 004264B6
GetParent.USER32(?), ref: 004264C6
GetParent.USER32(?), ref: 004264F9
GlobalSize.KERNEL32(00000000), ref: 00426543
GlobalFix.KERNEL32 ref: 0042654B
IsWindow.USER32(?), ref: 00426564
GetTopWindow.USER32(?), ref: 004265A1
GetWindow.USER32(00000000,00000002), ref: 004265BA
SetParent.USER32(?,?), ref: 004265E6
SendMessageA.USER32 ref: 00426631
SendMessageA.USER32 ref: 00426640
GetParent.USER32(?), ref: 00426653
SendMessageA.USER32 ref: 0042666C
GetWindowLongA.USER32 ref: 00426674
SendMessageA.USER32 ref: 004266A4
SendMessageA.USER32 ref: 004266B2
IsWindow.USER32(?), ref: 004266FE
GetFocus.USER32 ref: 00426708
SetFocus.USER32(?,00000000), ref: 00426720
GlobalUnWire.KERNEL32(00000000), ref: 0042672B
GlobalFree.KERNEL32 ref: 00426732

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$MessageSend$GlobalParent$Focus$FreeLongRectSizeWire
String ID:
API String ID: 3944666249-0
Opcode ID: 789ae341f247d51e6d13eaee12ae539af298b64b453a6590ba7bfa5d77d45950
Instruction ID: 59ece19510b14b5207e0f4ebb1d1482745849f0619fa238ffcaddd657cd8010c
Opcode Fuzzy Hash: 789ae341f247d51e6d13eaee12ae539af298b64b453a6590ba7bfa5d77d45950
Instruction Fuzzy Hash: 65A15AB0704301AFD724EF65EC84F2FB7E9AB88704F51891EFA4587291DB78E8058B59

Uniqueness

Uniqueness Score: -1.00%

Function 0044DCB0 Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 351windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004771C1: GetWindowTextLengthA.USER32(?), ref: 004771CE
Part of subcall function 004771C1: GetWindowTextA.USER32 ref: 004771E6

__ftol.LIBCMT ref: 0044DD26
__ftol.LIBCMT ref: 0044DD7C
__ftol.LIBCMT ref: 0044DDD2
__ftol.LIBCMT ref: 0044DE28
SendMessageA.USER32 ref: 0044DE49
SendMessageA.USER32 ref: 0044DE63
SendMessageA.USER32 ref: 0044DF2B
SendMessageA.USER32 ref: 0044DF5D
SendMessageA.USER32 ref: 0044DF7A
SendMessageA.USER32 ref: 0044DF9A
SendMessageA.USER32 ref: 0044DFB4
SendMessageA.USER32 ref: 0044DFCC
SendMessageA.USER32 ref: 0044DFEB
SendMessageA.USER32 ref: 0044E054
SendMessageA.USER32 ref: 0044E0B9
SendMessageA.USER32 ref: 0044E0FB

Part of subcall function 00478F85: GetDlgItem.USER32 ref: 00478F93

SendMessageA.USER32 ref: 0044E127

Strings

tCJ, xrefs: 0044DCC6

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$__ftol$TextWindow$ItemLength
String ID: tCJ
API String ID: 2143175130-3789860310
Opcode ID: e68929894c1ee57f4616a2c6f2841897379ffa71811a83d1255426cb498bdb7e
Instruction ID: 474ce8e33c8fbe464a93ba0b704ce60d315dfd69fb47a2091bd0bb97ec3e231c
Opcode Fuzzy Hash: e68929894c1ee57f4616a2c6f2841897379ffa71811a83d1255426cb498bdb7e
Instruction Fuzzy Hash: 7AD1C3F1644B01ABE724EB75DC41FAB77A4BF84700F104D2EF19A862D0EE78E4458B5A

Uniqueness

Uniqueness Score: -1.00%

Function 0042BA80 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 245COMMON

Download Yara Rule

APIs

SetWindowRgn.USER32 ref: 0042BAB1
GetWindowRect.USER32 ref: 0042BADE
BeginPath.GDI32(?), ref: 0042BB67
MulDiv.KERNEL32(7FFF0000,?,00007FFF), ref: 0042BB80
MulDiv.KERNEL32(00000000,?,00007FFF), ref: 0042BB8F
MulDiv.KERNEL32(3FFF0000,?,00007FFF), ref: 0042BBB7
MulDiv.KERNEL32(00000000,?,00007FFF), ref: 0042BBC6
EndPath.GDI32(?), ref: 0042BBE1
PathToRegion.GDI32(?), ref: 0042BBEC

Strings

H, xrefs: 0042BAF4
gfff, xrefs: 0042BCBA
gfff, xrefs: 0042BCAA

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Path$Window$BeginRectRegion
String ID: gfff$gfff$H
API String ID: 3989698161-1645361616
Opcode ID: b5a34d2ab73266fafef652261b16c88efef6391284fe05c9556f08217163380f
Instruction ID: f2793350f1f21ca48dff9dd7d0285d721f1da5b3510d2c275470b9317cf575ad
Opcode Fuzzy Hash: b5a34d2ab73266fafef652261b16c88efef6391284fe05c9556f08217163380f
Instruction Fuzzy Hash: 3781B5B16043429FC714EF65DC45A6BBBE8FBD4704F44892EF58683390EB38A905C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 0044AB10 Relevance: 31.7, APIs: 21, Instructions: 205COMMON

Download Yara Rule

APIs

WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000022B8), ref: 0044AB25
RtlEnterCriticalSection.KERNEL32(?), ref: 0044AB48
RtlLeaveCriticalSection.KERNEL32(?), ref: 0044AB56
waveOutUnprepareHeader.WINMM(?,?,00000020), ref: 0044AB78
waveOutPrepareHeader.WINMM(?,?,00000020), ref: 0044ABC1
waveOutWrite.WINMM(?,?,00000020), ref: 0044ABCE
RtlEnterCriticalSection.KERNEL32(?), ref: 0044ABD8
RtlLeaveCriticalSection.KERNEL32(?), ref: 0044ABE6
RtlEnterCriticalSection.KERNEL32(?), ref: 0044AC15
ReleaseSemaphore.KERNEL32(?,00000014,00000000), ref: 0044AC33
RtlLeaveCriticalSection.KERNEL32(?), ref: 0044AC3A
waveOutPause.WINMM(?), ref: 0044AC49
waveOutReset.WINMM(?), ref: 0044AC53
waveOutUnprepareHeader.WINMM(?,00000000,00000020), ref: 0044AC71
waveOutUnprepareHeader.WINMM(?,?,00000020), ref: 0044AC96
RtlEnterCriticalSection.KERNEL32(004B4F90), ref: 0044ACAC
RtlLeaveCriticalSection.KERNEL32(004B4F90), ref: 0044AD08
CloseHandle.KERNEL32(?), ref: 0044AD36
CloseHandle.KERNEL32(?), ref: 0044AD3C
CloseHandle.KERNEL32(?), ref: 0044AD42
RtlDeleteCriticalSection.KERNEL32(?), ref: 0044AD48

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$wave$EnterHeaderLeave$CloseHandleUnprepare$DeleteMultipleObjectsPausePrepareReleaseResetSemaphoreWaitWrite
String ID:
API String ID: 361331667-0
Opcode ID: 59c6a1cbe406f837886b3658f2aaa0c597529f3cce22dd077922db4c90305dff
Instruction ID: 1c7ee907225124f1c313046e3229430ead0917249383f37b756fd25aae2fe715
Opcode Fuzzy Hash: 59c6a1cbe406f837886b3658f2aaa0c597529f3cce22dd077922db4c90305dff
Instruction Fuzzy Hash: 9571C07564020AAFEB14CF64DC88AAE77A9FF88304F05452AF906D7351C738ED11CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00419840 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 384windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047B924: __EH_prolog.LIBCMT ref: 0047B929
Part of subcall function 0047B924: BeginPaint.USER32(?,?,?,?,004179D9), ref: 0047B952

Part of subcall function 0047B4D5: GetClipBox.GDI32(?,?), ref: 0047B4DC

IsRectEmpty.USER32(?), ref: 00419885
GetCurrentObject.GDI32(?,00000002), ref: 004198CA
GetCurrentObject.GDI32(?,00000001), ref: 004198DD
GetClientRect.USER32 ref: 00419962
CreatePen.GDI32(-00000003,00000000,?), ref: 0041997E
PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 00419A42

Part of subcall function 0047B996: __EH_prolog.LIBCMT ref: 0047B99B
Part of subcall function 0047B996: EndPaint.USER32(?,?,?,?,00417A53), ref: 0047B9B8

Strings

gfff, xrefs: 00419BB2

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentH_prologObjectPaintRect$BeginClientClipCreateEmpty
String ID: gfff
API String ID: 3506841274-1553575800
Opcode ID: 0aea24b4320d09b00baf8c272bd8ca8157b57f897c838d89eb32fad8ae7c69cf
Instruction ID: ac846cc50b5d2152c7b5fe385257819387318024fdc6e0c45f3338b55d37fe06
Opcode Fuzzy Hash: 0aea24b4320d09b00baf8c272bd8ca8157b57f897c838d89eb32fad8ae7c69cf
Instruction Fuzzy Hash: 8DE179B15083419BC314DF55C894AAFB7E8FB88714F148A1EF59983390DB38ED49CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00447B30 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 255windowCOMMON

Download Yara Rule

APIs

CopyRect.USER32 ref: 00447B66

Part of subcall function 0047BB21: __EH_prolog.LIBCMT ref: 0047BB26
Part of subcall function 0047BB21: CreateSolidBrush.GDI32(?), ref: 0047BB43

FillRect.USER32 ref: 00447BA4
GetSystemMetrics.USER32 ref: 00447BCD
GetSystemMetrics.USER32 ref: 00447BD3
DrawFrameControl.USER32 ref: 00447C46
DrawEdge.USER32(?,?,0000000A,0000000F), ref: 00447C59
InflateRect.USER32(?,00FFFFFD,00000001), ref: 00447C74
GetSysColor.USER32(0000000F), ref: 00447C98
Rectangle.GDI32(?,?,?,?,?), ref: 00447CEB
OffsetRect.USER32(?,00000001,00000001), ref: 00447D55
GetSysColor.USER32(00000014), ref: 00447D5B
OffsetRect.USER32(?,000000FF,000000FF), ref: 00447D83
GetSysColor.USER32(00000010), ref: 00447D89
InflateRect.USER32(?,000000FF,000000FF), ref: 00447DD2
DrawFocusRect.USER32 ref: 00447DE1

Part of subcall function 004771C1: GetWindowTextLengthA.USER32(?), ref: 004771CE
Part of subcall function 004771C1: GetWindowTextA.USER32 ref: 004771E6

Strings

tCJ, xrefs: 00447B6F

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$ColorDraw$InflateMetricsOffsetSystemTextWindow$BrushControlCopyCreateEdgeFillFocusFrameH_prologLengthRectangleSolid
String ID: tCJ
API String ID: 4239342997-3789860310
Opcode ID: 0f7fcb13d1c659c6b7a84dca4aa1a6217d9c0430427067c931e54610f43a6258
Instruction ID: 04dd4a2642ec1767b3fd86c6ceb41390e957b06bee81fa92ee0877a02025a467
Opcode Fuzzy Hash: 0f7fcb13d1c659c6b7a84dca4aa1a6217d9c0430427067c931e54610f43a6258
Instruction Fuzzy Hash: 94A15770208345AFD714DFA4C889A6BBBE8FF88714F004A1DF59587390DBB4E945CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00435DB0 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 223COMMON

Download Yara Rule

APIs

7406A7F0.GDI32(?,?,00000004,?,?,00000000), ref: 00435E37
7406A590.GDI32(?,?,?,?,?,?,?,?,?,?,?,00417F2E,?,?,?), ref: 00435E4F
7406A590.GDI32(?,?,?,?,?,?,?,?,?,?,?,00417F2E,?,?,?), ref: 00435E54
SelectObject.GDI32(00000000,?), ref: 00435E5D
7406A520.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,?,00417F2E,?,?), ref: 00435E70
SelectObject.GDI32(00000000,00000000), ref: 00435E82
740797E0.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00435E9F
SelectObject.GDI32(00000000,?), ref: 00435EAB
DeleteDC.GDI32(00000000), ref: 00435EB4
SelectObject.GDI32(00000000,?), ref: 00435EBC
DeleteDC.GDI32(00000000), ref: 00435EBF
DeleteObject.GDI32(?), ref: 00435EC5
7406A410.GDI32(?,?,00000001,00000001,?,?,?,?,?,?,?,?,?,?,?,00417F2E), ref: 00435EFD

Strings

(, xrefs: 00435F86

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: 7406Object$Select$Delete$A590$740797A410A520
String ID: (
API String ID: 1204916441-3887548279
Opcode ID: 7eb5679e5bfde7b6c067330b13c997d4041d7ef1ae27f0e35335f6b33a295d8e
Instruction ID: fc0415e4cfd220416d519b2d515a3ea7a336fabfe07db9c9d3bb9c58a98d5103
Opcode Fuzzy Hash: 7eb5679e5bfde7b6c067330b13c997d4041d7ef1ae27f0e35335f6b33a295d8e
Instruction Fuzzy Hash: 2A7124B6600705AFD224DF5AEC84A2BF7F9FB89710F508A2EF64683640D735F8448B65

Uniqueness

Uniqueness Score: -1.00%

Function 00427050 Relevance: 26.6, APIs: 12, Strings: 3, Instructions: 335librarystringregistryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,004B45F8,?,?,?,?,?,?,?,00000000,004B4520,00000000), ref: 00427136
LoadLibraryA.KERNEL32(?,?,00000000,?,?,004B45F0,0049A224,?,?,?,?,?,?,00000000,004B4520,00000000), ref: 00427173
GetProcAddress.KERNEL32(00000000,DllRegisterServer), ref: 004271A9
FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000000,004B4520,00000000), ref: 004271B4
FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000000,004B4520,00000000), ref: 004271C2
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,00000000,004B4520,00000000), ref: 004272C1
LoadTypeLib.OLEAUT32(?,00000000), ref: 004272E5
lstrlen.KERNEL32(?,?,?,?,?,?,?,00000000,004B4520,00000000), ref: 0042733B
RegisterTypeLib.OLEAUT32(00000000,?,00000000), ref: 0042735E
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,004B4520,00000000), ref: 004273C1
74DD7540.OLE32(00000000,00000000,?,00000000,00000001,?,?,?,?,?,?,?,?,?,00000000,004B4520), ref: 004273E6
UnRegisterTypeLib.OLEAUT32(00000000,?,00000000,00000000,00000001), ref: 0042740C

Strings

DllUnregisterServer, xrefs: 004271A2, 004271A7
tCJ, xrefs: 00427210
DllRegisterServer, xrefs: 0042719B

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Library$LoadTypelstrlen$FreeRegister$AddressD7540Proc
String ID: DllRegisterServer$DllUnregisterServer$tCJ
API String ID: 2769811672-1840781063
Opcode ID: e4a643586fc70b7c6b23c44c2cb0cd5ef9a3818c69076793155bc121253295f4
Instruction ID: 31e981033f9e741bdffffd66e2971cc3133edbe91bf6c8d828603f51e438c780
Opcode Fuzzy Hash: e4a643586fc70b7c6b23c44c2cb0cd5ef9a3818c69076793155bc121253295f4
Instruction Fuzzy Hash: 93B1CF71A042159BCB10EFA4D885BFF77B8EF44314F54852EFC05AB281EB789905CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004786FD Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047905F: GetWindowLongA.USER32 ref: 0047906B

GetParent.USER32(?), ref: 00478728
SendMessageA.USER32 ref: 0047874B
GetWindowRect.USER32 ref: 00478764
GetWindowLongA.USER32 ref: 00478777
CopyRect.USER32 ref: 004787C4
CopyRect.USER32 ref: 004787CE
GetWindowRect.USER32 ref: 004787D7
CopyRect.USER32 ref: 004787F3

Strings

(, xrefs: 0047878F
@, xrefs: 00478766

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Window$Copy$Long$MessageParentSend
String ID: ($@
API String ID: 808654186-1311469180
Opcode ID: c67a5b2b75cfc29ce6dd8744ead4c14e6856e2edfcef6b0d7a041f683b034be2
Instruction ID: 4555c14a559e29a0a811af63d75566a0efeb84638e9defd310e0bc7025726dd2
Opcode Fuzzy Hash: c67a5b2b75cfc29ce6dd8744ead4c14e6856e2edfcef6b0d7a041f683b034be2
Instruction Fuzzy Hash: 04519571940219AFDB14DFA8DC89EEE7BBDAF44310F15852AE506F3280DB34ED058B59

Uniqueness

Uniqueness Score: -1.00%

Function 0044F000 Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 372COMMON

Download Yara Rule

APIs

Part of subcall function 0047B924: __EH_prolog.LIBCMT ref: 0047B929
Part of subcall function 0047B924: BeginPaint.USER32(?,?,?,?,004179D9), ref: 0047B952

Part of subcall function 0044E590: GetWindowExtEx.GDI32(?,?), ref: 0044E5B3

MulDiv.KERNEL32(?,00000064,?), ref: 0044F0BB
GetClientRect.USER32(?,?), ref: 0044F149
DPtoLP.GDI32(?,?,00000002), ref: 0044F15E
OffsetRect.USER32 ref: 0044F1AD
Rectangle.GDI32(?,?,?,?,?), ref: 0044F1EB
FillRect.USER32 ref: 0044F243
FillRect.USER32 ref: 0044F286
LPtoDP.GDI32(?,?,00000002), ref: 0044F32F
IsRectEmpty.USER32(?), ref: 0044F336
CreateRectRgnIndirect.GDI32(?), ref: 0044F37A

Part of subcall function 0047B4E5: SelectClipRgn.GDI32(?,00000000), ref: 0047B507
Part of subcall function 0047B4E5: SelectClipRgn.GDI32(?,?), ref: 0047B51D

LPtoDP.GDI32(?,?,00000001), ref: 0044F3BA
DPtoLP.GDI32(?,?,00000001), ref: 0044F3E1

Strings

2, xrefs: 0044F1A5
H, xrefs: 0044F38A, 0044F395

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$ClipFillSelect$BeginClientCreateEmptyH_prologIndirectOffsetPaintRectangleWindow
String ID: 2$H
API String ID: 2521159323-77847225
Opcode ID: 09f96b2a615fce52a55d373fd002e710803e65032393e07a8fe8f08cfaaa1b7c
Instruction ID: 4d15f16fb32254ca79e6b1d27d8c56144feb6844d81d077e5894e0718953553c
Opcode Fuzzy Hash: 09f96b2a615fce52a55d373fd002e710803e65032393e07a8fe8f08cfaaa1b7c
Instruction Fuzzy Hash: 1AE118716087419FD324DF69C980B6BB7E9BBC8704F408A2EF59A83351DB74E908CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00415AE0 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 372COMMON

Download Yara Rule

Strings

tCJ, xrefs: 00415EF0

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: tCJ
API String ID: 0-3789860310
Opcode ID: 6c5bee400c358d9f96c59e8079e1a36c61659b98829ef49f3046a1f74229f1e4
Instruction ID: 2d0ef3507e539c2041bf0e371636bcb4e23ee61286e56eed5b5d7d709ff141ed
Opcode Fuzzy Hash: 6c5bee400c358d9f96c59e8079e1a36c61659b98829ef49f3046a1f74229f1e4
Instruction Fuzzy Hash: 1AD158B0604B41DFD720DF24C881BABBBE5EB88318F24492EE556C7651D739EC81CB19

Uniqueness

Uniqueness Score: -1.00%

Function 0043B680 Relevance: 24.8, APIs: 8, Strings: 6, Instructions: 279COMMON

Download Yara Rule

APIs

GetProfileStringA.KERNEL32(windows,device,,,,,?,000001F4), ref: 0043B6FF
GetProfileStringA.KERNEL32(devices,00000000,004A8424,?,00001000), ref: 0043B733
GetProfileStringA.KERNEL32(devices,?,,,,,?,000000C8), ref: 0043B7BA

Strings

,,,, xrefs: 0043B6F0, 0043B7AF
device, xrefs: 0043B6F5
tCJ, xrefs: 0043B735
none, xrefs: 0043B7F0
windows, xrefs: 0043B6FA
devices, xrefs: 0043B72E, 0043B7B5

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ProfileString
String ID: ,,,$device$devices$none$tCJ$windows
API String ID: 1468043044-346879920
Opcode ID: b7965a192312fbbbdd87226f321f6ca15e0cf9f68e5df110e701857e1cdb65b2
Instruction ID: 1ee1e7ce3f509e09a46f8a98cefc51b9cfa95bece92fb8ac8e4208f08ca7211c
Opcode Fuzzy Hash: b7965a192312fbbbdd87226f321f6ca15e0cf9f68e5df110e701857e1cdb65b2
Instruction Fuzzy Hash: 16B1B6701083809BD324EF65C881BEBB7E4EFD9758F404A1EF59993291DB789A04C76B

Uniqueness

Uniqueness Score: -1.00%

Function 00472F71 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 119registryclipboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047E8EE: TlsGetValue.KERNEL32(004D223C,?,00000000,0047E375,0047DC74,0047E391,00479B63,0047AE02,?,00000000,?,004720C9,00000000,00000000,00000000,00000000), ref: 0047E92D

RegisterClipboardFormatA.USER32(commdlg_LBSelChangedNotify), ref: 00472FC9
RegisterClipboardFormatA.USER32(commdlg_ShareViolation), ref: 00472FD5
RegisterClipboardFormatA.USER32(commdlg_FileNameOK), ref: 00472FE1
RegisterClipboardFormatA.USER32(commdlg_ColorOK), ref: 00472FED
RegisterClipboardFormatA.USER32(commdlg_help), ref: 00472FF9
RegisterClipboardFormatA.USER32(commdlg_SetRGBColor), ref: 00473005

Part of subcall function 00478F1C: SetWindowLongA.USER32 ref: 00478F4B

SendMessageA.USER32 ref: 004730F8

Strings

commdlg_LBSelChangedNotify, xrefs: 00472FC4
commdlg_SetRGBColor, xrefs: 00472FFB
commdlg_ShareViolation, xrefs: 00472FCB
commdlg_FileNameOK, xrefs: 00472FD7
commdlg_ColorOK, xrefs: 00472FE3
commdlg_help, xrefs: 00472FEF
,"M, xrefs: 00472F87

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClipboardFormatRegister$LongMessageSendValueWindow
String ID: ,"M$commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
API String ID: 3913284445-2626843560
Opcode ID: 76d1c47ae39f6c81568c269901fbbbee22a365df17c018d4e033626667edc97b
Instruction ID: db9754bbb52845f9b469bb6881c7a0789f78098e3b33d587e1af85cb06384c2d
Opcode Fuzzy Hash: 76d1c47ae39f6c81568c269901fbbbee22a365df17c018d4e033626667edc97b
Instruction Fuzzy Hash: 6141E330A00244ABCB24AF25ED58AEE3BA1EB54752F11883BF80957261D7799980DB9D

Uniqueness

Uniqueness Score: -1.00%

Function 00463C11 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(USER32,?,?,?,00463D4A), ref: 00463C33
GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 00463C4B
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00463C5C
GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00463C6D
GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 00463C7E
GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 00463C8F
GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00463CA0

Strings

MonitorFromRect, xrefs: 00463C67
GetMonitorInfoA, xrefs: 00463C9A
USER32, xrefs: 00463C2E
MonitorFromPoint, xrefs: 00463C78
GetSystemMetrics, xrefs: 00463C45
MonitorFromWindow, xrefs: 00463C56
EnumDisplayMonitors, xrefs: 00463C89

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
API String ID: 667068680-2376520503
Opcode ID: 8b9fbfc8cc0d666980450406638c1a51edd493c86dc6540886d177c0097db0ae
Instruction ID: 45a2c02445b6d433e7d79eb4a975b63aaa8527e85b93732ca052efb1b0e36382
Opcode Fuzzy Hash: 8b9fbfc8cc0d666980450406638c1a51edd493c86dc6540886d177c0097db0ae
Instruction Fuzzy Hash: 32115471A426019AC3016F75AFC493ABBE0B26870172049BFF416F22A0E7B84645CB6E

Uniqueness

Uniqueness Score: -1.00%

Function 00436010 Relevance: 22.8, APIs: 15, Instructions: 305windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004307B0: 7406AA50.USER32(00000000,000000FF,?), ref: 004307BF

SetStretchBltMode.GDI32(?,00000000), ref: 00436024
7406A590.GDI32(?,?,?,?,?,?,?,0041819C,?,00000000,?,000000FF,000000FF,00CC0020), ref: 004360A9
7406A590.GDI32(?,00000000,?,?,?,?,?,?,0041819C,?,00000000,?,000000FF,000000FF,00CC0020), ref: 004360C1
GetObjectA.GDI32(?,00000018,?), ref: 00436102
7406A410.GDI32(?,?,00000001,00000001,00000000), ref: 00436118
740797E0.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020,?,?,0048E5CC,00000000), ref: 00436176
StretchBlt.GDI32(?,000000FF,?,?,?,?,00000000,00000000,?,?,00660046), ref: 004361CF
StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,008800C6), ref: 00436209
StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,00660046), ref: 00436243
7406A590.GDI32(?,?,?,?,?,?,?,0041819C,?,00000000,?,000000FF,000000FF,00CC0020), ref: 004362BB
SelectObject.GDI32(00000000,?), ref: 004362C8
StretchBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?), ref: 0043630B
SelectObject.GDI32(00000000,?), ref: 00436317
DeleteDC.GDI32(00000000), ref: 0043631E
DrawIconEx.USER32(?,?,?,?,?,?,00000000,00000000,00000003), ref: 0043635D

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: 7406Stretch$A590Object$Select$740797A410DeleteDrawIconMode
String ID:
API String ID: 355061529-0
Opcode ID: a5c213bcd5372fdcacd36aaa6c5610eaceee5e35b53b93e19ff46c21206408e3
Instruction ID: d0570d95c5804d7b62ba8a6113655b66f1f25253eb50862962dde1f6e1e76a32
Opcode Fuzzy Hash: a5c213bcd5372fdcacd36aaa6c5610eaceee5e35b53b93e19ff46c21206408e3
Instruction Fuzzy Hash: 56B13871204705AFD224DB64CC85F6BB3E9FBC8714F108A1DFAA987290DB34EC058B66

Uniqueness

Uniqueness Score: -1.00%

Function 00418290 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 426COMMON

Download Yara Rule

APIs

Part of subcall function 0047B924: __EH_prolog.LIBCMT ref: 0047B929
Part of subcall function 0047B924: BeginPaint.USER32(?,?,?,?,004179D9), ref: 0047B952

Part of subcall function 0047B4D5: GetClipBox.GDI32(?,?), ref: 0047B4DC

IsRectEmpty.USER32(?), ref: 004182D7
GetClientRect.USER32(?,?), ref: 004182EF
InflateRect.USER32(?,?,?), ref: 004183AD
IntersectRect.USER32 ref: 00418417
CreateRectRgn.GDI32(?,?,?,?), ref: 00418431
FillRgn.GDI32(?,?,?), ref: 004185E6
GetCurrentObject.GDI32(?,00000006), ref: 00418665

Part of subcall function 0047B07C: GetStockObject.GDI32(?), ref: 0047B085
Part of subcall function 0047B07C: SelectObject.GDI32(004157D5,00000000), ref: 0047B09F
Part of subcall function 0047B07C: SelectObject.GDI32(004157D5,00000000), ref: 0047B0AA

OffsetRect.USER32(?,00000001,00000001), ref: 00418743
OffsetRect.USER32(?,00000002,00000002), ref: 004187D7
OffsetRect.USER32(?,00000001,00000001), ref: 0041878A

Part of subcall function 0047B24C: SetTextColor.GDI32(?,?), ref: 0047B266
Part of subcall function 0047B24C: SetTextColor.GDI32(?,?), ref: 0047B274

Strings

tCJ, xrefs: 00418601
H, xrefs: 00418441, 00418445

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Object$Offset$ColorSelectText$BeginClientClipCreateCurrentEmptyFillH_prologInflateIntersectPaintStock
String ID: tCJ$H
API String ID: 4264835570-4179657700
Opcode ID: af5a0ab3a6fbcaf5f8becc39c474aa205ac01a1f3151c20f304f2bcd952c2426
Instruction ID: 7d33c94c8faf7d9a0c814aabcd78ff655cf89182e3c2ffd51508c10080774181
Opcode Fuzzy Hash: af5a0ab3a6fbcaf5f8becc39c474aa205ac01a1f3151c20f304f2bcd952c2426
Instruction Fuzzy Hash: 830246715083819FC324DF65C884BEBB7E5EBC8304F404D1EF59A87291DB78A989CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0044A730 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 331threadCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0044A89B
CreateSemaphoreA.KERNEL32 ref: 0044A8B0
RtlInitializeCriticalSection.KERNEL32(?), ref: 0044A8DB
CreateThread.KERNEL32 ref: 0044A910
RtlEnterCriticalSection.KERNEL32(004B4F90), ref: 0044A922
RtlLeaveCriticalSection.KERNEL32(004B4F90,-000000FC,00000000,00000000), ref: 0044AAD5
ResumeThread.KERNEL32(?), ref: 0044AAE3
ReleaseSemaphore.KERNEL32(?,00000014,00000000), ref: 0044AAF5

Strings

RIFF, xrefs: 0044A744, 0044A758
WAVE, xrefs: 0044A771, 0044A788
fmt , xrefs: 0044A7B4
data, xrefs: 0044A7D5

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateCriticalSection$SemaphoreThread$EnterEventInitializeLeaveReleaseResume
String ID: RIFF$WAVE$data$fmt
API String ID: 1802393137-4212202414
Opcode ID: 5054c47d1aa830abc39d57f4fabca30cfde3efaf24357b35da0cd6a03132913c
Instruction ID: 4e292f8a6df8ae505febdb800e0d3fde0021085bbd6dc6cfc66287ba1dfa0a2b
Opcode Fuzzy Hash: 5054c47d1aa830abc39d57f4fabca30cfde3efaf24357b35da0cd6a03132913c
Instruction Fuzzy Hash: 0FB1B3B16403009BE714DF64DC81B2BB3E5FBC4318F154A2EF946A7391E778E9118B9A

Uniqueness

Uniqueness Score: -1.00%

Function 0041C6A0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 130stringprocessCOMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,?), ref: 0041C738
lstrcat.KERNEL32(?,\shell\open\command), ref: 0041C777
lstrlen.KERNEL32(?), ref: 0041C7CC
lstrcat.KERNEL32(00000000,0049DDA0), ref: 0041C815
lstrcat.KERNEL32(00000000,?), ref: 0041C81D
WinExec.KERNEL32 ref: 0041C825

Part of subcall function 00474DF3: InterlockedDecrement.KERNEL32(-000000F4), ref: 00474E07

Strings

mailto:, xrefs: 0041C706
tCJ, xrefs: 0041C6BB
\shell\open\command, xrefs: 0041C771
.htm, xrefs: 0041C750
"%1", xrefs: 0041C79B
open, xrefs: 0041C731

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: lstrcat$DecrementExecExecuteInterlockedShelllstrlen
String ID: "%1"$.htm$\shell\open\command$mailto:$open$tCJ
API String ID: 51986957-2247048244
Opcode ID: bfbbbe5669ff9c1f0782d978c69b9d99ac1830b156e3af8d475d71541573ad76
Instruction ID: 81768cb73eefa4edd0dea98668a67ab7b280a09517a8e9b6f4d65159d1d62127
Opcode Fuzzy Hash: bfbbbe5669ff9c1f0782d978c69b9d99ac1830b156e3af8d475d71541573ad76
Instruction Fuzzy Hash: 67410731544302ABD324EF65DC84FEFB7A4ABC4754F104A2EF95593280E778A844CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0045F6C0 Relevance: 20.0, APIs: 13, Instructions: 460COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc139046a44d28cbca0957475613843fba1312032fcaec199370ffa7fcc14a0d
Instruction ID: 2e1779f0b21b57fc6f758538725a6cf6381db266f489e751e397ba75a69ca5de
Opcode Fuzzy Hash: fc139046a44d28cbca0957475613843fba1312032fcaec199370ffa7fcc14a0d
Instruction Fuzzy Hash: 2BE15DB22007059FD710DF68D880A6BB3E9EB88316F10892FF996C7341D775E859CB66

Uniqueness

Uniqueness Score: -1.00%

Function 004420B0 Relevance: 19.8, APIs: 13, Instructions: 320windowCOMMON

Download Yara Rule

APIs

GetCapture.USER32 ref: 004420CE
SetCapture.USER32(?,?,?,?,?,?,?,?,?,004824C8,000000FF,0044190D,?,?,?,?), ref: 004420EB

Part of subcall function 0047B7BC: __EH_prolog.LIBCMT ref: 0047B7C1
Part of subcall function 0047B7BC: 7406AC50.USER32(00412204,?,?,004302CF,00000000,?,?,?,00000101,00000000,00000000), ref: 0047B7EA

Part of subcall function 0044E590: GetWindowExtEx.GDI32(?,?), ref: 0044E5B3

Part of subcall function 0047B6EA: GetWindowExtEx.GDI32(?,?), ref: 0047B6FB
Part of subcall function 0047B6EA: GetViewportExtEx.GDI32(?,?), ref: 0047B708
Part of subcall function 0047B6EA: MulDiv.KERNEL32(?,00000000,00000000), ref: 0047B72D
Part of subcall function 0047B6EA: MulDiv.KERNEL32(?,00000000,00000000), ref: 0047B748

Part of subcall function 0047B27B: SetMapMode.GDI32(?,?), ref: 0047B294
Part of subcall function 0047B27B: SetMapMode.GDI32(?,?), ref: 0047B2A2

Part of subcall function 0047B1F0: SetROP2.GDI32(?,?), ref: 0047B209
Part of subcall function 0047B1F0: SetROP2.GDI32(?,?), ref: 0047B217

Part of subcall function 0047B194: SetBkMode.GDI32(?,?), ref: 0047B1AD
Part of subcall function 0047B194: SetBkMode.GDI32(?,?), ref: 0047B1BB

Part of subcall function 0047BAD1: __EH_prolog.LIBCMT ref: 0047BAD6
Part of subcall function 0047BAD1: CreatePen.GDI32(?,?,?), ref: 0047BAF9

Part of subcall function 0047B0B8: SelectObject.GDI32(004157D5,00000000), ref: 0047B0DA
Part of subcall function 0047B0B8: SelectObject.GDI32(004157D5,?), ref: 0047B0F0

GetCapture.USER32 ref: 004421B1
GetMessageA.USER32 ref: 004421D0
DispatchMessageA.USER32 ref: 00442211
DispatchMessageA.USER32 ref: 0044222D
ScreenToClient.USER32 ref: 00442274
GetCapture.USER32 ref: 0044229C
ReleaseCapture.USER32(?,?,?,?,?,00000000), ref: 004422C4
ReleaseCapture.USER32 ref: 00442320
DPtoLP.GDI32 ref: 00442364
InvalidateRect.USER32(?,00000000,00000000,?,00000000,?,?,?,00000000,?,?,?), ref: 004423ED
InvalidateRect.USER32(?,00000000,00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0044247B

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Capture$Mode$Message$DispatchH_prologInvalidateObjectRectReleaseSelectWindow$7406ClientCreateScreenViewport
String ID:
API String ID: 1004555303-0
Opcode ID: 001008fce1188447325db789c9a35fc94420ca8ad260802b1fe049d2893e2b10
Instruction ID: e9887a70872356bb1c1c423177b48945571a7baa6e98eed1b3838d1dad2926f0
Opcode Fuzzy Hash: 001008fce1188447325db789c9a35fc94420ca8ad260802b1fe049d2893e2b10
Instruction Fuzzy Hash: 0CB1B471204700ABE314EB65C985F6FB7E9FF88704F504A1EF15683291DBB8A905CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00435410 Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 405COMMON

Download Yara Rule

APIs

InflateRect.USER32(?,?,?), ref: 004354B6

Part of subcall function 004351E0: SetRect.USER32 ref: 004352C9
Part of subcall function 004351E0: OffsetRect.USER32(?,?,?), ref: 004352D6
Part of subcall function 004351E0: IntersectRect.USER32 ref: 004352F2
Part of subcall function 004351E0: IsRectEmpty.USER32(?), ref: 004352FD

InflateRect.USER32(?,?,?), ref: 00435529
CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 0043572D
GetClipRgn.GDI32(?,00000000), ref: 0043573C
CreatePolygonRgn.GDI32 ref: 004357BA
SelectClipRgn.GDI32(?,?), ref: 0043589D
CreatePolygonRgn.GDI32(?,00000005,00000002), ref: 004358C0
SelectClipRgn.GDI32(?,?), ref: 00435941
DeleteObject.GDI32(?), ref: 00435957

Strings

gfff, xrefs: 0043561D
H, xrefs: 004357CA, 004357D0

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$ClipCreate$InflatePolygonSelect$DeleteEmptyIntersectObjectOffset
String ID: gfff$H
API String ID: 1105800552-2392045001
Opcode ID: 24480c95a9a015950a5c9798a329ff35ab467dd5e8d069a2abaa74c6c7ec5451
Instruction ID: 8f11fe1a0958c3a0c75b828d3b6817e2439cf7443741597091c6e07c47dd55a3
Opcode Fuzzy Hash: 24480c95a9a015950a5c9798a329ff35ab467dd5e8d069a2abaa74c6c7ec5451
Instruction Fuzzy Hash: 02F126B06087419FC324DF19C980B6BBBE5FBC8704F508A1EF99987350EB74A945CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00420C20 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 312windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00420C5F
7406A520.GDI32 ref: 00420CBB
7406A590.GDI32(?,00000000), ref: 00420CEB
CreateRectRgn.GDI32(00000000,00000000,00000001,?), ref: 00420D80
SetRect.USER32 ref: 00420DA9

Part of subcall function 00417EE0: __ftol.LIBCMT ref: 00417FF9
Part of subcall function 00417EE0: __ftol.LIBCMT ref: 00418006

FillRgn.GDI32(?,?,?), ref: 00420E1C
PatBlt.GDI32(?,00000000,00000000,00000001,?,00F00021), ref: 00420E8F

Part of subcall function 00414D90: GetSysColor.USER32(0000000F), ref: 00414D9D

Part of subcall function 0047BB21: __EH_prolog.LIBCMT ref: 0047BB26
Part of subcall function 0047BB21: CreateSolidBrush.GDI32(?), ref: 0047BB43

GetObjectA.GDI32(?,00000018,?), ref: 00420F0B
7406A590.GDI32(?), ref: 00420F49
740797E0.GDI32(?,00000000,00000000,00000001,?,?,00000000,00000000,00CC0020,?,?,00000000), ref: 00420FA8

Strings

H, xrefs: 00420D90, 00420D94

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: 7406Rect$A590Create__ftol$740797A520BrushClientColorFillH_prologObjectSolid
String ID: H
API String ID: 1187104695-37590417
Opcode ID: ea804a5ef1608e4fdb760cace1928787edc351753dcdd9cf5fdc9dd8ef3e39ee
Instruction ID: 9049d862331fb0358eb04ab389df7b72663f76eb84b92d97c938ed84db432864
Opcode Fuzzy Hash: ea804a5ef1608e4fdb760cace1928787edc351753dcdd9cf5fdc9dd8ef3e39ee
Instruction Fuzzy Hash: 94C191712083419FC324DB65D985BAFB7E8EB84708F408D1EF59AD3291DB78E848CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0046C314 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 177COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32(00000000,00000100,0048FC6C,00000001,00000000,00000000,756F70F0,004D2A5C,?,?,?,00465E5D,?,?,?,00000000), ref: 0046C356
LCMapStringA.KERNEL32(00000000,00000100,0048FC68,00000001,00000000,00000000,?,?,00465E5D,?,?,?,00000000,00000001), ref: 0046C372
LCMapStringA.KERNEL32(?,?,?,]^F,?,?,756F70F0,004D2A5C,?,?,?,00465E5D,?,?,?,00000000), ref: 0046C3BB
MultiByteToWideChar.KERNEL32(?,?,?,]^F,00000000,00000000,756F70F0,004D2A5C,?,?,?,00465E5D,?,?,?,00000000), ref: 0046C3F3
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,?,00465E5D,?,?,?,00000000,00000001), ref: 0046C44B
LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,00465E5D,?,?,?,00000000,00000001), ref: 0046C461
LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,00465E5D,?,?,?,00000000,00000001), ref: 0046C494
LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,00465E5D,?,?,?,00000000,00000001), ref: 0046C4FC

Strings

\*M, xrefs: 0046C3E4, 0046C3EF
]^F, xrefs: 0046C3DE, 0046C440, 0046C3AF, 0046C38F

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: String$ByteCharMultiWide
String ID: \*M$]^F
API String ID: 352835431-2415851488
Opcode ID: 343f641efa579a81909145cdf1984c566d7f32c772feb07cb928ae13d810895a
Instruction ID: 97267bed13751c40bbf01e2f0cb65fafc3d96218538ea328aa2b06b7eb469878
Opcode Fuzzy Hash: 343f641efa579a81909145cdf1984c566d7f32c772feb07cb928ae13d810895a
Instruction Fuzzy Hash: E5517B31500209BFCF218F95DC89ABF7FB4FB88760F10452AF955A1260E7398D50EB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00475BED Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 172COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00475BF2
GetSystemMetrics.USER32 ref: 00475CA3
GlobalFix.KERNEL32 ref: 00475D2D
CreateDialogIndirectParamA.USER32(?,?,?,Function_00075A35,00000000), ref: 00475D5F

Strings

MS Shell Dlg, xrefs: 00475CB1
tCJ, xrefs: 00475C72
MS Sans Serif, xrefs: 00475CC4
Helv, xrefs: 00475CD7

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateDialogGlobalH_prologIndirectMetricsParamSystem
String ID: Helv$MS Sans Serif$MS Shell Dlg$tCJ
API String ID: 2252606490-2585673941
Opcode ID: 50b6441592a20713b80797d1e6ce444ecda63d78c5f9e8e3ab96ed61308fa6f3
Instruction ID: 3a8692d6f11826cbcc8df89ebd77084cea25cfdf96cbbc25903c29c101e0c2d5
Opcode Fuzzy Hash: 50b6441592a20713b80797d1e6ce444ecda63d78c5f9e8e3ab96ed61308fa6f3
Instruction Fuzzy Hash: 6361527190160AEFCF15EFA4C9859EEBBB1BF44304F20852FF519A6291DB784E40CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00417EE0 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 271COMMON

Download Yara Rule

APIs

Part of subcall function 00435DB0: 7406A7F0.GDI32(?,?,00000004,?,?,00000000), ref: 00435E37
Part of subcall function 00435DB0: 7406A590.GDI32(?,?,?,?,?,?,?,?,?,?,?,00417F2E,?,?,?), ref: 00435E4F
Part of subcall function 00435DB0: 7406A590.GDI32(?,?,?,?,?,?,?,?,?,?,?,00417F2E,?,?,?), ref: 00435E54
Part of subcall function 00435DB0: SelectObject.GDI32(00000000,?), ref: 00435E5D
Part of subcall function 00435DB0: 7406A520.GDI32(?,?,?,?,?,?,?,?,?,?,?,?,?,00417F2E,?,?), ref: 00435E70
Part of subcall function 00435DB0: SelectObject.GDI32(00000000,00000000), ref: 00435E82
Part of subcall function 00435DB0: 740797E0.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00435E9F
Part of subcall function 00435DB0: SelectObject.GDI32(00000000,?), ref: 00435EAB
Part of subcall function 00435DB0: DeleteDC.GDI32(00000000), ref: 00435EB4
Part of subcall function 00435DB0: SelectObject.GDI32(00000000,?), ref: 00435EBC
Part of subcall function 00435DB0: DeleteDC.GDI32(00000000), ref: 00435EBF

__ftol.LIBCMT ref: 00417FF9
__ftol.LIBCMT ref: 00418006
CreateRectRgn.GDI32(00000000,?,00000000,?), ref: 00418075
CombineRgn.GDI32(?,?,H,00000004), ref: 0041809B
SetRect.USER32 ref: 004180E6
IntersectRect.USER32 ref: 004180FE
IsRectEmpty.USER32(?), ref: 00418129
CreateRectRgn.GDI32(00000000,?,?,00000000), ref: 004181CB
CombineRgn.GDI32(?,?,H,00000004), ref: 004181F1

Strings

H, xrefs: 0041808C, 00418098

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$7406ObjectSelect$A590CombineCreateDelete__ftol$740797A520EmptyIntersect
String ID: H
API String ID: 516837991-37590417
Opcode ID: 67f3880d1402d512a79198f2c505b732820ac86d9190cd7617b8450f7a8b7647
Instruction ID: 3db6947e670e7fcff753088673829f72b05afccc5819ea1b2a5ad4fd1c5e28d7
Opcode Fuzzy Hash: 67f3880d1402d512a79198f2c505b732820ac86d9190cd7617b8450f7a8b7647
Instruction Fuzzy Hash: 2BA16D716087429BC314DF69C884A9BBBE9FBC8744F114E2DF5A583290EB74D848CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00470932 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 221COMMON

Download Yara Rule

APIs

CompareStringW.KERNEL32(00000000,00000000,0048FC6C,00000001,0048FC6C,00000001,00000000,0248118C,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,00464852), ref: 00470970
CompareStringA.KERNEL32(00000000,00000000,0048FC68,00000001,0048FC68,00000001), ref: 0047098D
CompareStringA.KERNEL32(004543E6,00000000,00000000,00000000,00464852,00000000,00000000,0248118C,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,00464852), ref: 004709EB
GetCPInfo.KERNEL32(00000000,00000000,00000000,0248118C,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,00464852,00000000), ref: 00470A3C
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000), ref: 00470ABB
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 00470B1C
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,?,00000000,00000000), ref: 00470B2F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 00470B7B
CompareStringW.KERNEL32(004543E6,00000000,00000000,00000000,?,00000000,?,00000000), ref: 00470B93

Strings

CE, xrefs: 00470932

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharCompareMultiStringWide$Info
String ID: CE
API String ID: 1651298574-970145093
Opcode ID: b8fab8065e42efd35e183f75f18393823568cb6e9f927555614edba559f021d1
Instruction ID: ecb0c712a4254f528f96f1eeaf4a24775b5bffd6531ef9882daca31f1f1c155a
Opcode Fuzzy Hash: b8fab8065e42efd35e183f75f18393823568cb6e9f927555614edba559f021d1
Instruction Fuzzy Hash: 6C71EF7290224AEFDF219F90DC85AEF7BB9FB14314F10802BF958A2221D3398D51CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0043EE10 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

CopyRect.USER32 ref: 0043EE87
IsRectEmpty.USER32(?), ref: 0043EE92
GetClientRect.USER32(00000000,?), ref: 0043EED1
DPtoLP.GDI32(?,?,00000002), ref: 0043EEE3
LPtoDP.GDI32(?,?,00000002), ref: 0043EF20
CreateRectRgnIndirect.GDI32(?), ref: 0043EF38
OffsetRect.USER32(?,?,?), ref: 0043EF5D
LPtoDP.GDI32(?,?,00000002), ref: 0043EF6F

Part of subcall function 0047BAD1: __EH_prolog.LIBCMT ref: 0047BAD6
Part of subcall function 0047BAD1: CreatePen.GDI32(?,?,?), ref: 0047BAF9

Part of subcall function 0047B0B8: SelectObject.GDI32(004157D5,00000000), ref: 0047B0DA
Part of subcall function 0047B0B8: SelectObject.GDI32(004157D5,?), ref: 0047B0F0

Part of subcall function 0047B07C: GetStockObject.GDI32(?), ref: 0047B085
Part of subcall function 0047B07C: SelectObject.GDI32(004157D5,00000000), ref: 0047B09F
Part of subcall function 0047B07C: SelectObject.GDI32(004157D5,00000000), ref: 0047B0AA

Part of subcall function 0047B1F0: SetROP2.GDI32(?,?), ref: 0047B209
Part of subcall function 0047B1F0: SetROP2.GDI32(?,?), ref: 0047B217

Rectangle.GDI32(?,?,?,?,?), ref: 0043EFE3

Part of subcall function 0047B4E5: SelectClipRgn.GDI32(?,00000000), ref: 0047B507
Part of subcall function 0047B4E5: SelectClipRgn.GDI32(?,?), ref: 0047B51D

Part of subcall function 0047BABB: DeleteObject.GDI32(00000000), ref: 0047BACA

Part of subcall function 0047B82E: __EH_prolog.LIBCMT ref: 0047B833
Part of subcall function 0047B82E: 7406B380.USER32(004804AD,00000000,00000000,?,004302FA,?,?,00000101,00000000,00000000), ref: 0047B852

Strings

H, xrefs: 0043EF48, 0043EF50

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ObjectSelect$Rect$ClipCreateH_prolog$7406B380ClientCopyDeleteEmptyIndirectOffsetRectangleStock
String ID: H
API String ID: 273476784-37590417
Opcode ID: e8d6bcb5af3ac1d473d74cd75e369bee8b63b47dfb9f74beb0e086271d0b4275
Instruction ID: f086e59d44bd8d074f736fb386279287a2245efb975e87ad9670f9733e78030c
Opcode Fuzzy Hash: e8d6bcb5af3ac1d473d74cd75e369bee8b63b47dfb9f74beb0e086271d0b4275
Instruction Fuzzy Hash: FD612C711083419FC314EF65C885AABB7E9EFC8718F408D1DF59683291DB74E909CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00412710 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00412737
VariantInit.OLEAUT32(00000000), ref: 00412766
VariantCopyInd.OLEAUT32(00000000), ref: 0041276E
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 004127EE

Part of subcall function 0042EF30: RtlAllocateHeap.KERNEL32(005B0000,00000000,00000008,?,?,004126D1,00000008,?), ref: 0042EF41

VariantCopyInd.OLEAUT32(?), ref: 00412996
VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 004129AF

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Variant$CopyInit$AllocateArrayChangeElementHeapSafeType
String ID:
API String ID: 2026756349-0
Opcode ID: dbcb156005947faecbea03a82310977e30429b1ded93ac97d4f51380c67aa9a1
Instruction ID: 7f661caaff2954062ea78aae0b45cde0b7328fb133db04f2524573b9b634337c
Opcode Fuzzy Hash: dbcb156005947faecbea03a82310977e30429b1ded93ac97d4f51380c67aa9a1
Instruction Fuzzy Hash: 1FC1B074E0020ADFCB14DF95C940AEEBBB4FF48304F14852AE815E7350D7B8A992DB99

Uniqueness

Uniqueness Score: -1.00%

Function 00433E40 Relevance: 16.8, APIs: 11, Instructions: 265windowCOMMON

Download Yara Rule

APIs

GetObjectA.GDI32(?,00000018,?), ref: 00433E7D
MulDiv.KERNEL32(?,?,00000064), ref: 00433EB2
MulDiv.KERNEL32(?,?,00000064), ref: 00433EDD
7406AD70.GDI32 ref: 00433F17
7406AEF0.GDI32(?,00000000,000000FF,00000004), ref: 00433F51
7406A8F0.GDI32(00000000), ref: 00433F5C
7406A520.GDI32(?,?,?), ref: 00433FBC
7406A590.GDI32(?,00000000), ref: 00433FEF
7406A590.GDI32(?,?,?,00000000), ref: 00434028
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,?,?,00CC0020), ref: 0043408B
GlobalFree.KERNEL32 ref: 00434153

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: 7406$A590$A520FreeGlobalObjectStretch
String ID:
API String ID: 2018015179-0
Opcode ID: a337f33bde855dbde2f4352a0957b890021945ea2802c3b9d5a67494c6cca572
Instruction ID: 9d2d3f47ebc186811d91032617178b933ccf7fdb3f0329b5f35e10d71c2f8396
Opcode Fuzzy Hash: a337f33bde855dbde2f4352a0957b890021945ea2802c3b9d5a67494c6cca572
Instruction Fuzzy Hash: 639192711083459FC710EF65C985BAFB7E8EBD9708F10491EF69583281DB78E904CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00451210 Relevance: 16.8, APIs: 11, Instructions: 258COMMON

Download Yara Rule

APIs

GetTextExtentPoint32A.GDI32(?,?,?,00000090), ref: 0045128F
GetTextExtentPoint32A.GDI32(?,?,?,00000090), ref: 004512B4
GetWindowRect.USER32 ref: 0045133E
SetRect.USER32 ref: 00451373
SetRect.USER32 ref: 004513B8
SetRect.USER32 ref: 0045142B
GetSystemMetrics.USER32 ref: 00451456
GetSystemMetrics.USER32 ref: 0045145C
OffsetRect.USER32(00000080,00000000,00000000), ref: 00451474
OffsetRect.USER32(00000080,00000000,00000000), ref: 00451482
OffsetRect.USER32(00000080,00000000,00000000), ref: 00451494

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Offset$ExtentMetricsPoint32SystemText$Window
String ID:
API String ID: 1551820068-0
Opcode ID: 568e233c3f99a239965c23561fdeafeeb7651e8cd3d5cad68f474b1a89de41a7
Instruction ID: ab99320e7ffaf1d5ffec12e31d3551cd4b9c4b82ecc3fba400bbaf64d39525f0
Opcode Fuzzy Hash: 568e233c3f99a239965c23561fdeafeeb7651e8cd3d5cad68f474b1a89de41a7
Instruction Fuzzy Hash: 2E9126742007069FD318CF69C985B6AF7EAFB88700F048A2DA95AC7755EB74FC098B54

Uniqueness

Uniqueness Score: -1.00%

Function 00448760 Relevance: 16.7, APIs: 11, Instructions: 197windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 0044879E
FillRect.USER32 ref: 00448802
FillRect.USER32 ref: 0044886E
FillRect.USER32 ref: 004488E7
7406A590.GDI32(?,?,00000001,?,?,?,?,00482A68,000000FF,0043715B,?), ref: 00448913
SelectObject.GDI32(00000000,?), ref: 00448929
SetStretchBltMode.GDI32(?,00000000), ref: 0044895D
StretchBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 00448994
740797E0.GDI32(?,00000000,?,?,?,00000000,00000000,00000000,00CC0020,?,?,?,?,?,00000001,?), ref: 004489C3

Part of subcall function 0047BB21: __EH_prolog.LIBCMT ref: 0047BB26
Part of subcall function 0047BB21: CreateSolidBrush.GDI32(?), ref: 0047BB43

SelectObject.GDI32(00000000,00000000), ref: 004489CB
DeleteDC.GDI32(00000000), ref: 004489D8

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Fill$ObjectSelectStretch$7406740797A590BrushClientCreateDeleteH_prologModeSolid
String ID:
API String ID: 1267275162-0
Opcode ID: cf03410e6f52d6d43d7967e8ca027decbac577418776b770267753bad0a3620f
Instruction ID: c3682f1ed94968963a3b414ed834178ef93b6c7ac39406867be1a853dce42385
Opcode Fuzzy Hash: cf03410e6f52d6d43d7967e8ca027decbac577418776b770267753bad0a3620f
Instruction Fuzzy Hash: 7D712DB46047459BD724EF54C884F6FB7E8FB88704F104A1EF59A83250DB38E845CB2A

Uniqueness

Uniqueness Score: -1.00%

Function 00421640 Relevance: 16.7, APIs: 11, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetCurrentObject.GDI32(?,00000001), ref: 00421679
GetCurrentObject.GDI32(?,00000002), ref: 004216C3
GetCurrentObject.GDI32(?,00000006), ref: 0042170D
GetTextColor.GDI32(?), ref: 0042174C
GetBkMode.GDI32(?), ref: 00421776
GetBkColor.GDI32(?), ref: 00421795
GetBkMode.GDI32(?), ref: 004217B8
GetBkColor.GDI32(?), ref: 004217D7
GetROP2.GDI32(?), ref: 004217FF
GetStretchBltMode.GDI32(?), ref: 00421820
GetPolyFillMode.GDI32(?), ref: 0042184C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Mode$ColorCurrentObject$FillPolyStretchText
String ID:
API String ID: 544274770-0
Opcode ID: 153aa2ff55a13b1f9af38d9f4392a827cc845da893fc023923e8ee6096251449
Instruction ID: 3bc3837b24aac6b7313a536f8afac0c29271d09263701addaec41f89c540040d
Opcode Fuzzy Hash: 153aa2ff55a13b1f9af38d9f4392a827cc845da893fc023923e8ee6096251449
Instruction Fuzzy Hash: 18514C35300B119BC764DB64D898BAFB3A5EFD4301F544A2EE26F87260DB34B845CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004474A0 Relevance: 16.6, APIs: 11, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047B924: __EH_prolog.LIBCMT ref: 0047B929
Part of subcall function 0047B924: BeginPaint.USER32(?,?,?,?,004179D9), ref: 0047B952

GetClientRect.USER32(?,?), ref: 004474DD
7406A520.GDI32 ref: 00447512
7406A590.GDI32(?,00000000), ref: 00447542

Part of subcall function 0047B065: SelectObject.GDI32(?,?), ref: 0047B06D

PatBlt.GDI32(?,00000000,00000000,?,?,00000042), ref: 0044757A
GetObjectA.GDI32(00000000,00000018,?), ref: 00447595
7406A590.GDI32(?), ref: 004475A0
SelectObject.GDI32(00000000,00000000), ref: 004475B0
740797E0.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 004475D3
SelectObject.GDI32(00000000,?), ref: 004475DF
DeleteDC.GDI32(00000000), ref: 004475E2
740797E0.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0044760B

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$7406Select$740797A590$A520BeginClientDeleteH_prologPaintRect
String ID:
API String ID: 770215537-0
Opcode ID: 75d89777f30c3fb15880ea5d36798292519c205164840d6228a5ce0ebb2b9570
Instruction ID: e13551d561944143d30f0db11bd72f934b713269a621f4a6fc76a21eee797511
Opcode Fuzzy Hash: 75d89777f30c3fb15880ea5d36798292519c205164840d6228a5ce0ebb2b9570
Instruction Fuzzy Hash: FF513A71208345AFD310DFA5DC85F6FBBE8EBC9714F00892DF69987291D778A8048B66

Uniqueness

Uniqueness Score: -1.00%

Function 00433690 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 368windowCOMMON

Download Yara Rule

APIs

CreatePopupMenu.USER32 ref: 0043380E
AppendMenuA.USER32 ref: 00433971
AppendMenuA.USER32 ref: 004339A9
ModifyMenuA.USER32(?,00004E2F,00000000,00004E2F,00004E2F), ref: 004339C7
AppendMenuA.USER32 ref: 00433A25
ModifyMenuA.USER32(?,?,?,?,?), ref: 00433A4A
AppendMenuA.USER32 ref: 00433A92
ModifyMenuA.USER32(?,?,?,?,?), ref: 00433AB7

Strings

tCJ, xrefs: 00433747

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$Append$Modify$CreatePopup
String ID: tCJ
API String ID: 3846898120-3789860310
Opcode ID: 967f73f0a6161e0cb79921ca3dcf0cfca6b23245a9c87366d7a15fc686ec2f37
Instruction ID: 0b6ee8803bf2b73c1c574e253d7af27752d4b551d54346ce6192d1aa8aa5d52e
Opcode Fuzzy Hash: 967f73f0a6161e0cb79921ca3dcf0cfca6b23245a9c87366d7a15fc686ec2f37
Instruction Fuzzy Hash: 93D178B1A083119BD714DF18D880B2BBBE4FF89715F044A2DF98597351E778AD048B9A

Uniqueness

Uniqueness Score: -1.00%

Function 00432C80 Relevance: 15.3, APIs: 10, Instructions: 288COMMON

Download Yara Rule

APIs

CreateSolidBrush.GDI32(00FFFFFF), ref: 00432DDF
GetWindowRect.USER32 ref: 00432E09
GetStockObject.GDI32(00000005), ref: 00432E37
LoadCursorA.USER32 ref: 00432E45
GetWindowRect.USER32 ref: 00432EB3
GetWindowRect.USER32 ref: 00432EC4
GetWindowRect.USER32 ref: 00432ED9
GetSystemMetrics.USER32 ref: 00432EEF
GetWindowRect.USER32 ref: 00432F7A
OffsetRect.USER32(?,00000000,?), ref: 00432F94

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Window$BrushCreateCursorLoadMetricsObjectOffsetSolidStockSystem
String ID:
API String ID: 3805611468-0
Opcode ID: 76e76e8cbaffc67b547c0e5900eb93566219c00d6ef160d4aafb473d97c0b47c
Instruction ID: e02b8823936c3c1fa7bf56bde872cc3ce35b9b10710a42f87947d88e35dfc9f0
Opcode Fuzzy Hash: 76e76e8cbaffc67b547c0e5900eb93566219c00d6ef160d4aafb473d97c0b47c
Instruction Fuzzy Hash: BEA19070244701AFD724DF65C945F6FB7E6EB88708F10891EF15A87381EBB8E8058B59

Uniqueness

Uniqueness Score: -1.00%

Function 00420810 Relevance: 15.2, APIs: 10, Instructions: 198COMMON

Download Yara Rule

APIs

Part of subcall function 0047B924: __EH_prolog.LIBCMT ref: 0047B929
Part of subcall function 0047B924: BeginPaint.USER32(?,?,?,?,004179D9), ref: 0047B952

Part of subcall function 0047B4D5: GetClipBox.GDI32(?,?), ref: 0047B4DC

GetClientRect.USER32(?,?), ref: 0042085E
IntersectRect.USER32 ref: 00420876
IsRectEmpty.USER32(?), ref: 004208A6
GetObjectA.GDI32(?,00000018,?), ref: 004208DD
7406A590.GDI32(?), ref: 00420903
IntersectRect.USER32 ref: 00420958
IsRectEmpty.USER32(?), ref: 00420963
740797E0.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 004209A1
DPtoLP.GDI32(?,?,00000002), ref: 00420A26
IsWindow.USER32(?), ref: 00420A88

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$EmptyIntersect$7406740797A590BeginClientClipH_prologObjectPaintWindow
String ID:
API String ID: 72605487-0
Opcode ID: a69dd2083fe405b8121ba6132d6a15a7ddf87d06e52fa37d2c8cc43ca26d3da4
Instruction ID: 50aac37945f742de17e6a454ab5a578caee390cab5aa2db7574385bdf5cd4349
Opcode Fuzzy Hash: a69dd2083fe405b8121ba6132d6a15a7ddf87d06e52fa37d2c8cc43ca26d3da4
Instruction Fuzzy Hash: 85813AB15083459FC324DF25D984AABB7F9FBC8704F008E2EF5AA93251D734A909CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00431530 Relevance: 15.2, APIs: 10, Instructions: 179COMMON

Download Yara Rule

APIs

GetWindowRect.USER32 ref: 0043154D
GetWindowRect.USER32 ref: 0043155C
IntersectRect.USER32 ref: 004315B5
EqualRect.USER32 ref: 004315E5
GetWindowRect.USER32 ref: 00431603
OffsetRect.USER32(?,?,?), ref: 0043167A
OffsetRect.USER32(?,?,00000000), ref: 00431694
OffsetRect.USER32(?,?,00000000), ref: 004316AC
OffsetRect.USER32(?,00000000,?), ref: 004316C6
OffsetRect.USER32(?,00000000,?), ref: 004316DE

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Offset$Window$EqualIntersect
String ID:
API String ID: 2638238157-0
Opcode ID: 71b43f1db842fd2a6d12ab610d6a83b8234b66a4c51c75f38a7e86d933133437
Instruction ID: f50355deebde98cfe47066dc19e027c75513c1bcd32cc354cdae68b899d5c092
Opcode Fuzzy Hash: 71b43f1db842fd2a6d12ab610d6a83b8234b66a4c51c75f38a7e86d933133437
Instruction Fuzzy Hash: 78510AB56083029FC708CF68C99596FBBE9ABC8744F005A2EF985D3354EA74ED05CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00447EE0 Relevance: 15.1, APIs: 10, Instructions: 86COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00447EF1
GetSystemMetrics.USER32 ref: 00447EF7
GetSystemMetrics.USER32 ref: 00447EFD
GetSystemMetrics.USER32 ref: 00447F08
GetSystemMetrics.USER32 ref: 00447F16
GetSystemMetrics.USER32 ref: 00447F22
GetWindowRect.USER32 ref: 00447F47
GetParent.USER32(?), ref: 00447F4D
GetWindowRect.USER32 ref: 00447F72
SetRect.USER32 ref: 00447FA4

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MetricsSystem$Rect$Window$Parent
String ID:
API String ID: 3457858938-0
Opcode ID: 4773ff2314954bfe791662f436aeaa8b9154e478d9205dc1095a043e68b5ca83
Instruction ID: 628e1fa87174c6a6573a187bb674d58967ada193e658fd1bcaf2a3c28d7bce9a
Opcode Fuzzy Hash: 4773ff2314954bfe791662f436aeaa8b9154e478d9205dc1095a043e68b5ca83
Instruction Fuzzy Hash: D2216271A043066BD704DF68EC4597FB7A9EBC4700F00492EF905D7280EBB4ED0A8BA6

Uniqueness

Uniqueness Score: -1.00%

Function 0044F830 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 260windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 0044F85D
GetParent.USER32(?), ref: 0044F869
GetClientRect.USER32(?,?), ref: 0044F87A

Part of subcall function 0047B666: ClientToScreen.USER32(00416ED8,?), ref: 0047B67A
Part of subcall function 0047B666: ClientToScreen.USER32(00416ED8,?), ref: 0047B683

GetParent.USER32(?), ref: 0044F88C

Part of subcall function 0047B62A: ScreenToClient.USER32 ref: 0047B63E
Part of subcall function 0047B62A: ScreenToClient.USER32 ref: 0047B647

Part of subcall function 0047B7BC: __EH_prolog.LIBCMT ref: 0047B7C1
Part of subcall function 0047B7BC: 7406AC50.USER32(00412204,?,?,004302CF,00000000,?,?,?,00000101,00000000,00000000), ref: 0047B7EA

SendMessageA.USER32 ref: 0044F8BF

Part of subcall function 0047B0B8: SelectObject.GDI32(004157D5,00000000), ref: 0047B0DA
Part of subcall function 0047B0B8: SelectObject.GDI32(004157D5,?), ref: 0047B0F0

GetTextExtentPoint32A.GDI32(?,0049A298,00000001,?), ref: 0044F8EC
EqualRect.USER32 ref: 0044FAAA

Strings

tCJ, xrefs: 0044F920

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Client$Screen$Rect$ObjectParentSelect$7406EqualExtentH_prologMessagePoint32SendText
String ID: tCJ
API String ID: 3577762290-3789860310
Opcode ID: 4f1c26692fda7e95a60462a1aae357fcfcfd506489bfe79a0527d95bf2fa0144
Instruction ID: a97bdb7e18b8f32e8fe66f6e49d71dc2db9934a92548635e53fbec186e9581a3
Opcode Fuzzy Hash: 4f1c26692fda7e95a60462a1aae357fcfcfd506489bfe79a0527d95bf2fa0144
Instruction Fuzzy Hash: 9E91ADB12083419FD718DF29C881B6BB7E5EBC8704F144A2EF586C3351E778E9098B5A

Uniqueness

Uniqueness Score: -1.00%

Function 0046F2E5 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(00000001,0048FC6C,00000001,?,756F70F0,004D2A5C,?,?,00465E5D,?,?,?,00000000,00000001), ref: 0046F324
GetStringTypeA.KERNEL32(00000000,00000001,0048FC68,00000001,?,?,00465E5D,?,?,?,00000000,00000001), ref: 0046F33E
GetStringTypeA.KERNEL32(?,?,?,?,]^F,756F70F0,004D2A5C,?,?,00465E5D,?,?,?,00000000,00000001), ref: 0046F372
MultiByteToWideChar.KERNEL32(?,\*M,?,?,00000000,00000000,756F70F0,004D2A5C,?,?,00465E5D,?,?,?,00000000,00000001), ref: 0046F3AA
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,00465E5D,?), ref: 0046F400
GetStringTypeW.KERNEL32(?,?,00000000,]^F,?,?,?,?,?,?,00465E5D,?), ref: 0046F412

Strings

\*M, xrefs: 0046F39B, 0046F3A6
]^F, xrefs: 0046F40A, 0046F365

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: StringType$ByteCharMultiWide
String ID: \*M$]^F
API String ID: 3852931651-2415851488
Opcode ID: b43222df558aa0ed92c66c057f02d38dcbd6bcbae9188a6dad43a4da9b729e67
Instruction ID: 2a80b801782b752ba134e6af0189496be66e9282a7d9242fc9c383740c45d801
Opcode Fuzzy Hash: b43222df558aa0ed92c66c057f02d38dcbd6bcbae9188a6dad43a4da9b729e67
Instruction Fuzzy Hash: 2D41627260021AAFCF209F94EC859EF7F79FB14750F10443AF951D2250E7389959CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00468DE6 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 00468E53
GetStdHandle.KERNEL32(000000F4,0048F9F8,00000000,00000000,00000000,?), ref: 00468F29
WriteFile.KERNEL32(00000000), ref: 00468F30

Strings

TJ, xrefs: 00468DF4
Microsoft Visual C++ Runtime Library, xrefs: 00468EFF
<program name unknown>, xrefs: 00468E63
Runtime Error!Program: , xrefs: 00468EB9
..., xrefs: 00468EA5

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$HandleModuleNameWrite
String ID: TJ$...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 3784150691-3723146964
Opcode ID: b3ace696b564468c1508138f1d10bb85a13ae17b0220a3db9cb1dfb1124032c2
Instruction ID: 48b449a47df230445cf3d7b6ee7230ff953b95f828c875f01ac8a49ae0f6fa78
Opcode Fuzzy Hash: b3ace696b564468c1508138f1d10bb85a13ae17b0220a3db9cb1dfb1124032c2
Instruction Fuzzy Hash: 8031E472A00218AFDF24EB60DD45FDE37ADEB86304F50056FF148E6141FB78A9808B5A

Uniqueness

Uniqueness Score: -1.00%

Function 0047ACCA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

GetStockObject.GDI32(00000011), ref: 0047ACE6
GetStockObject.GDI32(0000000D), ref: 0047ACEE
GetObjectA.GDI32(00000000,0000003C,?), ref: 0047ACFB
7406AC50.USER32(00000000), ref: 0047AD0A
7406AD70.GDI32(00000000,0000005A), ref: 0047AD21
MulDiv.KERNEL32(?,00000048,00000000), ref: 0047AD2D
7406B380.USER32(00000000,00000000), ref: 0047AD38

Strings

System, xrefs: 0047ACDF, 0047AD4E

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: 7406Object$Stock$B380
String ID: System
API String ID: 2665536657-3470857405
Opcode ID: 859e23acf64c5958c08af174c97bccf3e802f159274e14569276f33467cb605b
Instruction ID: c1195b8b9601d8e59a30c4b8953ba1f3266c894e592037720b7ba1ecdf0e70fc
Opcode Fuzzy Hash: 859e23acf64c5958c08af174c97bccf3e802f159274e14569276f33467cb605b
Instruction Fuzzy Hash: E6118631A40319EBEB109B91DC45FEF7BB9AB85741F00842AFB05EB1C0DB749D4187A9

Uniqueness

Uniqueness Score: -1.00%

Function 004700F2 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,00468F0A,?,Microsoft Visual C++ Runtime Library,00012010,?,0048F9F8,?,0048FA48,?,?,?,Runtime Error!Program: ), ref: 00470104
GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0047011C
GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0047012D
GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 0047013A

Strings

MessageBoxA, xrefs: 00470116
GetActiveWindow, xrefs: 00470127
GetLastActivePopup, xrefs: 0047012F
user32.dll, xrefs: 004700FF

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
API String ID: 2238633743-4044615076
Opcode ID: 43e03485036f54cb29386338810cf4752911abe39e237f68b472da588692e6d8
Instruction ID: 5c39528a94b83d3d159f115ef7bf397f119b4fe2061c32781ca6c889b7ab764f
Opcode Fuzzy Hash: 43e03485036f54cb29386338810cf4752911abe39e237f68b472da588692e6d8
Instruction Fuzzy Hash: 09014831702301EF9711BFB59D8096B7BE8DB94740754493FF509C3261DBB988059B6C

Uniqueness

Uniqueness Score: -1.00%

Function 0042CB00 Relevance: 13.9, APIs: 9, Instructions: 387windowCOMMON

Download Yara Rule

APIs

IsChild.USER32(?,?), ref: 0042CB38
GetParent.USER32(?), ref: 0042CBC9
IsWindow.USER32(?), ref: 0042CCFB
IsWindowVisible.USER32(?), ref: 0042CD0D

Part of subcall function 004791EE: IsWindowEnabled.USER32(?), ref: 004791F8

GetParent.USER32(?), ref: 0042CD5E
IsChild.USER32(?,?), ref: 0042CD7E
GetParent.USER32(?), ref: 0042CF27
SendMessageA.USER32 ref: 0042CF44
IsWindow.USER32(?), ref: 0042CF9F

Part of subcall function 00423190: IsChild.USER32(?,?), ref: 0042320D
Part of subcall function 00423190: GetParent.USER32(?), ref: 00423227

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ParentWindow$Child$EnabledMessageSendVisible
String ID:
API String ID: 2452671399-0
Opcode ID: ac859f31eeae8aec45f0c41176f956edf99d8a7fc280011264c345f800d88913
Instruction ID: a546ecdd9e558e6d1615b8326233b4c993099d3f2e0b60c3c1f8608d13032096
Opcode Fuzzy Hash: ac859f31eeae8aec45f0c41176f956edf99d8a7fc280011264c345f800d88913
Instruction Fuzzy Hash: A0E1B1716043619FC720DF25D880B6FB7A5BF84704F410A1EF98597381DB78E845CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0041E660 Relevance: 13.8, APIs: 9, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eb393ad4b5330079ce9062c9e448743eb589bff39b53f134795a2e1a33a842e
Instruction ID: c25cc67b644a3a8cb1fa31252e549801047dc12b835a354afe43ef7be16ca432
Opcode Fuzzy Hash: 9eb393ad4b5330079ce9062c9e448743eb589bff39b53f134795a2e1a33a842e
Instruction Fuzzy Hash: 4D81D1B63106019FE320DF69DC85FABB3A9EB94318F10892FF542CB291C7B5E8458794

Uniqueness

Uniqueness Score: -1.00%

Function 004312E0 Relevance: 13.6, APIs: 9, Instructions: 118COMMON

Download Yara Rule

APIs

GetCapture.USER32 ref: 004312E6
ClientToScreen.USER32(?,?), ref: 00431323
OffsetRect.USER32(?,?,?), ref: 0043134C
GetParent.USER32(?), ref: 00431352

Part of subcall function 0047B62A: ScreenToClient.USER32 ref: 0047B63E
Part of subcall function 0047B62A: ScreenToClient.USER32 ref: 0047B647

GetClientRect.USER32(?,?), ref: 00431375
OffsetRect.USER32(?,?,00000000), ref: 00431393
OffsetRect.USER32(?,?,00000000), ref: 004313AB
OffsetRect.USER32(?,00000000,?), ref: 004313C9
OffsetRect.USER32(?,00000000,?), ref: 004313E9

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Offset$Client$Screen$CaptureParent
String ID:
API String ID: 838496554-0
Opcode ID: 5599ea29f8a67689f22f36e5de41102046a13bbaac24b705a6d23c0eaa79aaf4
Instruction ID: aad55b07f9613fd7caa71014b898f45e57517ed1c6978bb186146f18cb0ed150
Opcode Fuzzy Hash: 5599ea29f8a67689f22f36e5de41102046a13bbaac24b705a6d23c0eaa79aaf4
Instruction Fuzzy Hash: D841E4B5204302AFD708DF69D984D6FB7E9ABC8704F008A1EF986C3651DB74ED058B66

Uniqueness

Uniqueness Score: -1.00%

Function 00475ED1 Relevance: 13.6, APIs: 9, Instructions: 113COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00475ED6
FindResourceA.KERNEL32(?,00000000,00000005), ref: 00475F0E
LoadResource.KERNEL32(?,00000000,?,?,?,?,?,00000000,-0000040D), ref: 00475F16

Part of subcall function 00476D11: UnhookWindowsHookEx.USER32(?), ref: 00476D36

LockResource.KERNEL32(?,00000000,?,?,?,?,?,?,00000000,-0000040D), ref: 00475F23
IsWindowEnabled.USER32(?), ref: 00475F56
EnableWindow.USER32(?,00000000), ref: 00475F64
EnableWindow.USER32(?,00000001), ref: 00475FF2
GetActiveWindow.USER32 ref: 00475FFD
SetActiveWindow.USER32(?,?,00000000,?,?,?,?,?,?,00000000,-0000040D), ref: 0047600B

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Resource$ActiveEnable$EnabledFindH_prologHookLoadLockUnhookWindows
String ID:
API String ID: 401145483-0
Opcode ID: 88bc35041b52a28736d86f80f2fb5d0ad9150f1a98ea8c94848395003fa75992
Instruction ID: 59f9b71012d37575c3ab9e5c836821366656bd315d1851aae250d3c2ea6f8bdd
Opcode Fuzzy Hash: 88bc35041b52a28736d86f80f2fb5d0ad9150f1a98ea8c94848395003fa75992
Instruction Fuzzy Hash: 2B41EF30900A01DFCB21AF75CC49AEEBBB5FF84B15F10851FF506A6291CBB94D408B69

Uniqueness

Uniqueness Score: -1.00%

Function 0042E8A0 Relevance: 13.6, APIs: 9, Instructions: 85windowCOMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,?,00000001,?,?,?,?), ref: 0042E8BA
GetTopWindow.USER32(?), ref: 0042E8C0
IsWindowVisible.USER32(00000000), ref: 0042E8D1
GetWindowLongA.USER32 ref: 0042E8E2
GetClientRect.USER32(00000000,?), ref: 0042E935
IntersectRect.USER32 ref: 0042E94A
IsRectEmpty.USER32(?), ref: 0042E955
InvalidateRect.USER32(00000000,00000000,00000000,?,?,?,?), ref: 0042E966
GetWindow.USER32(00000000,00000002), ref: 0042E96B

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Window$Invalidate$ClientEmptyIntersectLongVisible
String ID:
API String ID: 938479747-0
Opcode ID: c0a1be0c6affc032b8b62154bdf8bbc6ce8bd8c02b7320caf7d14c17238f2aeb
Instruction ID: 224b5ecbfc3c8c2be897543f1bce454ab97dd274427134e6a98399e2583fee5b
Opcode Fuzzy Hash: c0a1be0c6affc032b8b62154bdf8bbc6ce8bd8c02b7320caf7d14c17238f2aeb
Instruction Fuzzy Hash: 0D2171B1200313AB9314DF55EC84DAFB7ACFF88704B004A2EF54593240EB34D945CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 004729F9 Relevance: 13.6, APIs: 9, Instructions: 80windowstringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000048,?,?,?,?,0041DBFD,00000000,00412204,00412204,?,?,00000000), ref: 00472A03
GetFocus.USER32 ref: 00472A1E

Part of subcall function 00476D11: UnhookWindowsHookEx.USER32(?), ref: 00476D36

IsWindowEnabled.USER32(?), ref: 00472A47
EnableWindow.USER32(?,00000000), ref: 00472A59
7583B9A0.COMDLG32(?,?,00000001), ref: 00472A84
7583BA80.COMDLG32(?,?,00000001), ref: 00472A8B
EnableWindow.USER32(?,00000001), ref: 00472AA2
IsWindow.USER32(?), ref: 00472AA8
SetFocus.USER32(?), ref: 00472AB6

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$7583EnableFocus$EnabledHookUnhookWindowslstrlen
String ID:
API String ID: 3899332460-0
Opcode ID: f711cdb85b5c98d086fbc638264fcb174baefd769f9326806442bda1a9f7d8b3
Instruction ID: 4548e9c1e45f581062163cc0a64aeade5352eb7f20690489185919dbb9d2da90
Opcode Fuzzy Hash: f711cdb85b5c98d086fbc638264fcb174baefd769f9326806442bda1a9f7d8b3
Instruction Fuzzy Hash: E7218131200701AFD731AB72DC46BAF77E8EF40705F00882EF59A86291DBB9D8008769

Uniqueness

Uniqueness Score: -1.00%

Function 00439CB0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93networkCOMMON

Download Yara Rule

APIs

accept.WS2_32 ref: 00439CF4

Strings

P, xrefs: 00439CEC
%s:%d, xrefs: 00439D6E

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: accept
String ID: %s:%d$P
API String ID: 3005279540-612342447
Opcode ID: 17fb6fb6a40e6784d8b320a87d7e7ba6a5c611e3aeb1435a5a02c0ac02efdce6
Instruction ID: e35c7aa98a23238e9535d1f7a9d393a79595ed155efaaa1c24f0991f1ee46c02
Opcode Fuzzy Hash: 17fb6fb6a40e6784d8b320a87d7e7ba6a5c611e3aeb1435a5a02c0ac02efdce6
Instruction Fuzzy Hash: DF3195711046025FD310EB68DC999BFB3E8FFD4324F004F2DF591922D0E6B8994A8B65

Uniqueness

Uniqueness Score: -1.00%

Function 00413180 Relevance: 12.3, APIs: 8, Instructions: 323COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 004131BE
VariantCopyInd.OLEAUT32(?,?), ref: 004131CE
VariantClear.OLEAUT32(?), ref: 0041351E

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Variant$ClearCopyInit
String ID:
API String ID: 1785138364-0
Opcode ID: f35915346370a48d46a366a4661b38195c0ff6ea25bee52385c10aa42d2f33a0
Instruction ID: 7e4b20974fc5607b45eb5f7b3d822c648b1cf696105c6b6ee5d2e2e036a053b9
Opcode Fuzzy Hash: f35915346370a48d46a366a4661b38195c0ff6ea25bee52385c10aa42d2f33a0
Instruction Fuzzy Hash: 41B1CF35B00216ABDB11DF98C8406EFB7A4EB45706F1440AAEC55DB340D339DED2CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0045C950 Relevance: 12.3, APIs: 8, Instructions: 306COMMON

Download Yara Rule

APIs

__ftol.LIBCMT ref: 0045CCA8
__ftol.LIBCMT ref: 0045CCC5
__ftol.LIBCMT ref: 0045CCE1
__ftol.LIBCMT ref: 0045CCFB
__ftol.LIBCMT ref: 0045CD19
__ftol.LIBCMT ref: 0045CD37
__ftol.LIBCMT ref: 0045CD53
__ftol.LIBCMT ref: 0045CD6D

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __ftol
String ID:
API String ID: 495808979-0
Opcode ID: d2f9d21452f53aa072a7c050e2f1143e1998a61a6c6a692ecea655ea8b4dde0b
Instruction ID: 1fc8bef9910845a564c0689f1352d1dcf985674cc43a2e563b275cd023bedba4
Opcode Fuzzy Hash: d2f9d21452f53aa072a7c050e2f1143e1998a61a6c6a692ecea655ea8b4dde0b
Instruction Fuzzy Hash: A6D12172908342DFD302AF21D18925ABBF0FFD5744FA60999E0D56626AE3318578CF86

Uniqueness

Uniqueness Score: -1.00%

Function 00430020 Relevance: 12.2, APIs: 8, Instructions: 181windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047B924: __EH_prolog.LIBCMT ref: 0047B929
Part of subcall function 0047B924: BeginPaint.USER32(?,?,?,?,004179D9), ref: 0047B952

Part of subcall function 0047B4D5: GetClipBox.GDI32(?,?), ref: 0047B4DC

IsRectEmpty.USER32(?), ref: 0043006D
GetSysColor.USER32(0000000F), ref: 0043007E

Part of subcall function 0047BB21: __EH_prolog.LIBCMT ref: 0047BB26
Part of subcall function 0047BB21: CreateSolidBrush.GDI32(?), ref: 0047BB43

Part of subcall function 0047B0B8: SelectObject.GDI32(004157D5,00000000), ref: 0047B0DA
Part of subcall function 0047B0B8: SelectObject.GDI32(004157D5,?), ref: 0047B0F0

PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 004300C8
GetClientRect.USER32(?,?), ref: 004300E1
LoadBitmapA.USER32 ref: 00430118
GetObjectA.GDI32(?,00000018,?), ref: 00430167
7406A590.GDI32(?,?,00000000), ref: 0043018D
740797E0.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020,?,?,00000000,?,00000000), ref: 0043021F

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$H_prologRectSelect$7406740797A590BeginBitmapBrushClientClipColorCreateEmptyLoadPaintSolid
String ID:
API String ID: 3950015637-0
Opcode ID: 45433f44987c4383e5f89a0e279c49759b604d7ee73d7e82c4ee1a681bac2cb6
Instruction ID: ea6d919db272a6dd167f554a45bdfb398d6d1040dc92870cda0a992f9bbb130e
Opcode Fuzzy Hash: 45433f44987c4383e5f89a0e279c49759b604d7ee73d7e82c4ee1a681bac2cb6
Instruction Fuzzy Hash: CC614A711083819FD324DB65C945FAFBBE8FBC9714F048A1DF59983291DB389908CB66

Uniqueness

Uniqueness Score: -1.00%

Function 0044E3C0 Relevance: 12.2, APIs: 8, Instructions: 162COMMON

Download Yara Rule

APIs

7406AD70.GDI32(?,00000058), ref: 0044E3D8
7406AD70.GDI32(?,0000005A), ref: 0044E3E1
7406AD70.GDI32(?,0000006E), ref: 0044E3F2
7406AD70.GDI32(?,0000006F), ref: 0044E40F
7406AD70.GDI32(?,00000070), ref: 0044E424
7406AD70.GDI32(?,00000071), ref: 0044E439
7406AD70.GDI32(?,00000008), ref: 0044E44E
7406AD70.GDI32(?,0000000A), ref: 0044E463

Part of subcall function 0044E1A0: __ftol.LIBCMT ref: 0044E1A5

Part of subcall function 0044E1D0: __ftol.LIBCMT ref: 0044E1D5

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: 7406$__ftol
String ID:
API String ID: 4058028774-0
Opcode ID: 34a65369ffdad1f9516315d15ce814bc76ecd09fd208a794df9a786e18c0522b
Instruction ID: e8e0777d6c97373b03c0d644085fcca297da6982dc533457aba22a73bf80cd8d
Opcode Fuzzy Hash: 34a65369ffdad1f9516315d15ce814bc76ecd09fd208a794df9a786e18c0522b
Instruction Fuzzy Hash: 17514770508701AFE300EF6ACC85A6FBBE8FFC9704F014D5DFA9456290DAB1D9248B96

Uniqueness

Uniqueness Score: -1.00%

Function 0046881F Relevance: 12.1, APIs: 8, Instructions: 132COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,0046419C), ref: 0046883A
GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,0046419C), ref: 0046884E
GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,0046419C), ref: 0046887A
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,0046419C), ref: 004688B2
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,0046419C), ref: 004688D4
FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,0046419C), ref: 004688ED
GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,0046419C), ref: 00468900
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0046893E

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: EnvironmentStrings$ByteCharFreeMultiWide
String ID:
API String ID: 1823725401-0
Opcode ID: afcf8c9887b250599265e510ae7cdbf6ce74410c882cad36060a5d8082d3ecfe
Instruction ID: d8318bfdd08ab43aedbb75b4d0b980282b705ba0d0db04aa918ebfe03219f4b5
Opcode Fuzzy Hash: afcf8c9887b250599265e510ae7cdbf6ce74410c882cad36060a5d8082d3ecfe
Instruction Fuzzy Hash: 8731E4B25052256FD7207BB95C8483F779CE6493687150A3FF541D3201FE294C4583AF

Uniqueness

Uniqueness Score: -1.00%

Function 004473C0 Relevance: 12.1, APIs: 8, Instructions: 77COMMON

Download Yara Rule

APIs

ReleaseCapture.USER32 ref: 00447491

Part of subcall function 004791EE: IsWindowEnabled.USER32(?), ref: 004791F8

GetClientRect.USER32(?,?), ref: 004473E7
PtInRect.USER32(?,?,?), ref: 004473FC
ClientToScreen.USER32(?,?), ref: 0044740D
WindowFromPoint.USER32(?,?), ref: 0044741D
ReleaseCapture.USER32 ref: 00447437
GetCapture.USER32 ref: 00447451
SetCapture.USER32(?), ref: 0044745C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Capture$ClientRectReleaseWindow$EnabledFromPointScreen
String ID:
API String ID: 3076215760-0
Opcode ID: ef4438bb3e5fc0ec4f22e81c5a0576b25637ab4baf51ccc88ce2fc0e0af22e40
Instruction ID: 28f61ffd31beeba50c62091426a86fb252324cbfcc1cf9fdafc84d95245359c9
Opcode Fuzzy Hash: ef4438bb3e5fc0ec4f22e81c5a0576b25637ab4baf51ccc88ce2fc0e0af22e40
Instruction Fuzzy Hash: 7321B3352046119BE310EB28D849FBF77A9BBC4718F048D1EF98582251EB39D9078B69

Uniqueness

Uniqueness Score: -1.00%

Function 004795FA Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON

Download Yara Rule

APIs

GlobalFix.KERNEL32 ref: 0047961A
lstrcmp.KERNEL32 ref: 00479626
739B30C0.WINSPOOL.DRV(?,?,00000000), ref: 00479638
739B15A0.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 0047965B
GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00479663
GlobalFix.KERNEL32 ref: 00479670
739B15A0.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 0047967D
7399D660.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 0047969B

Part of subcall function 0047C483: GlobalFlags.KERNEL32(?), ref: 0047C48D
Part of subcall function 0047C483: GlobalUnWire.KERNEL32(?), ref: 0047C4A4
Part of subcall function 0047C483: GlobalFree.KERNEL32 ref: 0047C4AF

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$7399AllocD660.FlagsFreeWirelstrcmp
String ID:
API String ID: 1758955305-0
Opcode ID: 5ffcb0e42dbadfc309be6c95a1194426b03c6845448518ce155357a3aa44cd70
Instruction ID: 7d7b104e9402846372c2907ace57d3d3d99c82431609b673a23e9d7e93589e9b
Opcode Fuzzy Hash: 5ffcb0e42dbadfc309be6c95a1194426b03c6845448518ce155357a3aa44cd70
Instruction Fuzzy Hash: 5D114C71500204BBDB216FB6CC8AEAF7BBDEB85744F00855EF608D2112D63A9E509768

Uniqueness

Uniqueness Score: -1.00%

Function 00422B80 Relevance: 10.8, APIs: 7, Instructions: 268windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 00422BBD
GetParent.USER32(?), ref: 00422BCF
SendMessageA.USER32 ref: 00422BF7
GetWindowRect.USER32 ref: 00422C81
InvalidateRect.USER32(?,?,00000001,?), ref: 00422CA4
GetWindowRect.USER32 ref: 00422E6C
InvalidateRect.USER32(?,?,00000001,?), ref: 00422E8D

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Window$Invalidate$MessageParentSend
String ID:
API String ID: 236041146-0
Opcode ID: acffff217e4b61929986fa1c1afb2333ed80c0f3f1923484c71ad51c6383ed45
Instruction ID: 6663141e54be46a99a260d83b28320bbddad1ea5593e5106ba02560968008613
Opcode Fuzzy Hash: acffff217e4b61929986fa1c1afb2333ed80c0f3f1923484c71ad51c6383ed45
Instruction Fuzzy Hash: 4F91C271700311ABD720EF259D40B6F73E8AF84758F454A1EF9059B381EBB8ED058B9A

Uniqueness

Uniqueness Score: -1.00%

Function 00411650 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 250COMMON

Download Yara Rule

APIs

__ftol.LIBCMT ref: 0041174A

Strings

VUUU, xrefs: 004118CC
VUUU, xrefs: 004118E9

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __ftol
String ID: VUUU$VUUU
API String ID: 495808979-3149182767
Opcode ID: c9fe8b82f4e2dbc1e4aa236a81457b57cefe8ca5d6e7f930904a6d054a237abe
Instruction ID: 31005cd6af01f34c7c05d7972f604c54d19ab84c6aa0ad5b2e3c9766e8d9d186
Opcode Fuzzy Hash: c9fe8b82f4e2dbc1e4aa236a81457b57cefe8ca5d6e7f930904a6d054a237abe
Instruction Fuzzy Hash: C591D3716083059BC704EF19E4505AEBBE4FFC5355F408A6EF88987260EF35CA49C786

Uniqueness

Uniqueness Score: -1.00%

Function 00461B80 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 211COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00461BA5

Part of subcall function 004771C1: GetWindowTextLengthA.USER32(?), ref: 004771CE
Part of subcall function 004771C1: GetWindowTextA.USER32 ref: 004771E6

GetCurrentObject.GDI32(?,00000006), ref: 00461C15
OffsetRect.USER32(?,00000001,00000001), ref: 00461CDC

Part of subcall function 00474DF3: InterlockedDecrement.KERNEL32(-000000F4), ref: 00474E07

Strings

tCJ, xrefs: 00461BAB

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectTextWindow$ClientCurrentDecrementInterlockedLengthObjectOffset
String ID: tCJ
API String ID: 2119403043-3789860310
Opcode ID: d8baa13d19ac8abedc50613db92dc90594613043e814482907de91124fd54d9a
Instruction ID: 648d3c0c52009e5cb98db27db549d99c7ea306488f8a8b4455d3a0a569281305
Opcode Fuzzy Hash: d8baa13d19ac8abedc50613db92dc90594613043e814482907de91124fd54d9a
Instruction Fuzzy Hash: 188123B52083419FC724DF58C884A6EB7EABFC9710F504A1EF99683390D778E845CB66

Uniqueness

Uniqueness Score: -1.00%

Function 00411F70 Relevance: 10.7, APIs: 7, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 00412104
TrackPopupMenu.USER32(00000000,00000002,?,?,00000000,?,00000000), ref: 00412163
DestroyMenu.USER32(00000000), ref: 0041216A
SetForegroundWindow.USER32(?), ref: 00412180
TrackPopupMenu.USER32(00000000,00000008,?,?,00000000,?,00000000), ref: 004121A1
PostMessageA.USER32 ref: 004121B1
DestroyMenu.USER32(00000000), ref: 004121B8

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$DestroyPopupTrack$CursorForegroundMessagePostWindow
String ID:
API String ID: 1044074573-0
Opcode ID: 13f98dcf2ed491209796074551e0bb426879fad2468068d5383648452c94588e
Instruction ID: 89bd3f820e85b015279e0da6a349c0edf516348cd41e24f10b438347cabb4a73
Opcode Fuzzy Hash: 13f98dcf2ed491209796074551e0bb426879fad2468068d5383648452c94588e
Instruction Fuzzy Hash: CE61C471600311ABC314DF15CD41F6BB3E9BF88718F444A1DF945A7382E778E9058BAA

Uniqueness

Uniqueness Score: -1.00%

Function 004351E0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170COMMON

Download Yara Rule

APIs

SetRect.USER32 ref: 004352C9
OffsetRect.USER32(?,?,?), ref: 004352D6
IntersectRect.USER32 ref: 004352F2
IsRectEmpty.USER32(?), ref: 004352FD
OffsetRect.USER32(?,?,?), ref: 0043533A

Strings

2, xrefs: 00435286

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Offset$EmptyIntersect
String ID: 2
API String ID: 765610062-450215437
Opcode ID: 8fb9ff963106aad3c88dd48400114d4ff374b2ed69c4d915f2654f65147a39fe
Instruction ID: 5728c2e7ccde6654bec0912a14d926c1e7de814750d08611d15d9a8c3eb8f7fa
Opcode Fuzzy Hash: 8fb9ff963106aad3c88dd48400114d4ff374b2ed69c4d915f2654f65147a39fe
Instruction Fuzzy Hash: 456113752087419FC318CF69C884A6BBBE9BBC8354F149A2EF98987321D730E905CF56

Uniqueness

Uniqueness Score: -1.00%

Function 00420620 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 155windowCOMMON

Download Yara Rule

APIs

IsRectEmpty.USER32(?), ref: 00420642
CreateRectRgn.GDI32 ref: 004206C4
GetClientRect.USER32(?,?), ref: 004206ED
FillRgn.GDI32(?,?,?), ref: 0042075C
PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 004207D2

Strings

H, xrefs: 004206D8, 004206DC

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$ClientCreateEmptyFill
String ID: H
API String ID: 97219908-37590417
Opcode ID: 4094a19b6daf0f689846a17b5f698f9c798c0922b5262a912ba057eccfae880f
Instruction ID: c55b7501808ff5da424cac8302a9a452e58ea7b3dae52bdded11a4ef44a89634
Opcode Fuzzy Hash: 4094a19b6daf0f689846a17b5f698f9c798c0922b5262a912ba057eccfae880f
Instruction Fuzzy Hash: C35148B1204342AFD704DF65D985B6BB3E8FBC8704F40891EB55A83251E738E808CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0047D50E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 0047D532
GetParent.USER32(?), ref: 0047D539

Part of subcall function 0047905F: GetWindowLongA.USER32 ref: 0047906B

SendMessageA.USER32 ref: 0047D58C
SendMessageA.USER32 ref: 0047D5DD
SendMessageA.USER32 ref: 0047D668

Strings

, xrefs: 0047D50F

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$LongParentWindow
String ID:
API String ID: 779260966-3916222277
Opcode ID: fbd8a9f90982a541e3ae0f070310ccc6b25e80334ccd1e9e699cd8765c0bef24
Instruction ID: b8147210d93feb734ac320b84a391e90222f437bac50caad9652e6e3e0130fc7
Opcode Fuzzy Hash: fbd8a9f90982a541e3ae0f070310ccc6b25e80334ccd1e9e699cd8765c0bef24
Instruction Fuzzy Hash: EC31F7B0A207187FCA247A368C41DAF76FDEF85748B11892EF54ED7281DA29DC02466C

Uniqueness

Uniqueness Score: -1.00%

Function 0044DAB0 Relevance: 10.6, APIs: 7, Instructions: 130windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 0044DACB

Part of subcall function 00479209: EnableWindow.USER32(?,00000000), ref: 00479217

Part of subcall function 00478F85: GetDlgItem.USER32 ref: 00478F93

SendMessageA.USER32 ref: 0044DB05
SendMessageA.USER32 ref: 0044DB1C
SendMessageA.USER32 ref: 0044DB6D
SendMessageA.USER32 ref: 0044DBA7
SendMessageA.USER32 ref: 0044DBD4
SendMessageA.USER32 ref: 0044DC0A

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$EnableItemWindow
String ID:
API String ID: 607626308-0
Opcode ID: f4fd3a06c65753b0a3874cf8c347009dd70978183cf9abd474463c0bcf3f6b58
Instruction ID: 35b4f46f69155a490433a1613babbb840d97eb86d38a0921651dcaa102c0a44c
Opcode Fuzzy Hash: f4fd3a06c65753b0a3874cf8c347009dd70978183cf9abd474463c0bcf3f6b58
Instruction Fuzzy Hash: 1131927578074077E63466798C9AFEB61969BC5B04F21891EF21B9F1C2DD68BD00835C

Uniqueness

Uniqueness Score: -1.00%

Function 00478A04 Relevance: 10.6, APIs: 7, Instructions: 122windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00478A38
PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 00478A61
UpdateWindow.USER32(?), ref: 00478A7D
SendMessageA.USER32 ref: 00478AA3
SendMessageA.USER32 ref: 00478AC2
UpdateWindow.USER32(?), ref: 00478B05
PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 00478B38

Part of subcall function 0047905F: GetWindowLongA.USER32 ref: 0047906B

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message$Window$PeekSendUpdate$LongParent
String ID:
API String ID: 2853195852-0
Opcode ID: 700b16eca3d036685de9b98bae20c423b9397752962a99d8ba59a918710fe1c3
Instruction ID: 44899159b383cf662fa6df058267dbae569034227ecd5a9b769483954a53e0a3
Opcode Fuzzy Hash: 700b16eca3d036685de9b98bae20c423b9397752962a99d8ba59a918710fe1c3
Instruction Fuzzy Hash: C341BD306443419BD720DF269848E9BBBE4FFC0B44F048A1FF49992251DB79E945CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00431720 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 004317AD
wsprintfA.USER32 ref: 004317C9

Strings

- , xrefs: 004317F4
tCJ, xrefs: 0043180C
- [, xrefs: 00431748
%d / %d], xrefs: 004317A7
?? / %d], xrefs: 004317C3

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf
String ID: - $ - [$%d / %d]$?? / %d]$tCJ
API String ID: 2111968516-75549865
Opcode ID: 4c39cf8ff481729c70de3f71baa4b2585bf1a7a72bd4cc3f834ee0cad13a04e7
Instruction ID: c6aa76a63970cdae0ea18272dffcff3245dd89fba199a928032d25bcccc3afe6
Opcode Fuzzy Hash: 4c39cf8ff481729c70de3f71baa4b2585bf1a7a72bd4cc3f834ee0cad13a04e7
Instruction Fuzzy Hash: 54319374604700AFC314DF15CC81FABB7E5EBC5714F04891EF49A87291DBB8A805CB66

Uniqueness

Uniqueness Score: -1.00%

Function 0047D25F Relevance: 10.6, APIs: 7, Instructions: 94windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047E983: __EH_prolog.LIBCMT ref: 0047E988

Part of subcall function 0047905F: GetWindowLongA.USER32 ref: 0047906B

SendMessageA.USER32 ref: 0047D2A8
SendMessageA.USER32 ref: 0047D2B7
SendMessageA.USER32 ref: 0047D2D0
SendMessageA.USER32 ref: 0047D2F8
SendMessageA.USER32 ref: 0047D307
SendMessageA.USER32 ref: 0047D31D
PtInRect.USER32(?,000000FF,?), ref: 0047D329

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$H_prologLongRectWindow
String ID:
API String ID: 2846605207-0
Opcode ID: a614c0339d0a7ba9366fcaf1c7f72f09035eef7e48ce721649a856514be40605
Instruction ID: 98fa13ae048cfad7dc4943b5e5bb426fbc1b65e356f2f469586b6647f5468045
Opcode Fuzzy Hash: a614c0339d0a7ba9366fcaf1c7f72f09035eef7e48ce721649a856514be40605
Instruction Fuzzy Hash: 22311871A0020DFFDB10DFA5CC81DAEB7B9EF44348B10856AF916A72A1D774AE12DB14

Uniqueness

Uniqueness Score: -1.00%

Function 00472AD4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00472AD9
GetParent.USER32(?), ref: 00472B16
SendMessageA.USER32 ref: 00472B3E
GetParent.USER32(?), ref: 00472B67
SendMessageA.USER32 ref: 00472B84

Strings

tCJ, xrefs: 00472B02

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageParentSend$H_prolog
String ID: tCJ
API String ID: 1056721960-3789860310
Opcode ID: 592072a190f16fd4f21de26875197b988b78e8857ac70cc1f61d4ef1ee0ff967
Instruction ID: 8104d41fa7853736b030683ca5b7dcd27a25f94d551ec90c5cb0ff1d36a4ddd5
Opcode Fuzzy Hash: 592072a190f16fd4f21de26875197b988b78e8857ac70cc1f61d4ef1ee0ff967
Instruction Fuzzy Hash: D2319270900616ABCB14EFA5DC45EFEB774FF84318F10852EB525A71E1DB78A905CB18

Uniqueness

Uniqueness Score: -1.00%

Function 0047F674 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,?,00000000), ref: 0047F6A2
RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 0047F6C5
RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 0047F6E4
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0047F6F4
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0047F6FE

Strings

software, xrefs: 0047F68C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCreate$Open
String ID: software
API String ID: 1740278721-2010147023
Opcode ID: 160dc57d448306ef4094f8c30054b5fee583e7877eaf05b03aa505c479fdbca4
Instruction ID: 66f683cce5292ffe98e63cd6e250ea3556e9784fa061f910bca6ce1392dac9f1
Opcode Fuzzy Hash: 160dc57d448306ef4094f8c30054b5fee583e7877eaf05b03aa505c479fdbca4
Instruction Fuzzy Hash: 6411B372900159FBCB21DB9ADC88DEFFFBCEFC5714F1040AAA604A2121D6719A05DB64

Uniqueness

Uniqueness Score: -1.00%

Function 00463DAA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61stringCOMMON

Download Yara Rule

APIs

SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00463DE8
GetSystemMetrics.USER32 ref: 00463E00
GetSystemMetrics.USER32 ref: 00463E07
lstrcpy.KERNEL32(?,DISPLAY), ref: 00463E2B

Strings

B, xrefs: 00463DC9
DISPLAY, xrefs: 00463E25

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: System$Metrics$InfoParameterslstrcpy
String ID: B$DISPLAY
API String ID: 1409579217-3316187204
Opcode ID: 0041a624dc9bc0569c659500a20a4c2731dbbeb1dcdbdf2119f2083517bda99a
Instruction ID: b9269b0280ea3bd8edaf38b5afcfd2360843b44499b4de947d25dfd5dbec7e37
Opcode Fuzzy Hash: 0041a624dc9bc0569c659500a20a4c2731dbbeb1dcdbdf2119f2083517bda99a
Instruction Fuzzy Hash: F81106716002A4ABDF119F54DC8498B7FA8EF05752B004467FC089A245E3B6DA00CBBA

Uniqueness

Uniqueness Score: -1.00%

Function 0047AD5B Relevance: 10.5, APIs: 7, Instructions: 29COMMON

Download Yara Rule

APIs

GetSysColor.USER32(0000000F), ref: 0047AD67
GetSysColor.USER32(00000010), ref: 0047AD6E
GetSysColor.USER32(00000014), ref: 0047AD75
GetSysColor.USER32(00000012), ref: 0047AD7C
GetSysColor.USER32(00000006), ref: 0047AD83
GetSysColorBrush.USER32(0000000F), ref: 0047AD90
GetSysColorBrush.USER32(00000006), ref: 0047AD97

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Color$Brush
String ID:
API String ID: 2798902688-0
Opcode ID: 90f8ab5f70e10e2a75a9c7db14bc6217c80c733c6ca9ec9c5931d2210d259a2e
Instruction ID: c197fbe403f394d55e35438afc85bbba69fc034763fb7905598b4897e5ac5de7
Opcode Fuzzy Hash: 90f8ab5f70e10e2a75a9c7db14bc6217c80c733c6ca9ec9c5931d2210d259a2e
Instruction Fuzzy Hash: 3FF01C719407489BE770BFB29D09B4BBAE4FFC4B10F020D2ED2858BA90E6B5A440DF54

Uniqueness

Uniqueness Score: -1.00%

Function 0042D030 Relevance: 9.2, APIs: 6, Instructions: 176windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0042D081
IsWindow.USER32(?), ref: 0042D096
IsChild.USER32(?,?), ref: 0042D0A7
SetFocus.USER32(?), ref: 0042D0B8
IsWindow.USER32(?), ref: 0042D1B0
IsWindowVisible.USER32(?), ref: 0042D1BE

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$ChildFocusVisible
String ID:
API String ID: 372613587-0
Opcode ID: 3afb29c833e0a939c99a8deeffbcee603753a3f1de8ea7f7ca17ecc918b5eb17
Instruction ID: 2eba5cc87fc1ad21a4b4b65f35c49a7a5a53e66994b0755ff78ee792ce458ba0
Opcode Fuzzy Hash: 3afb29c833e0a939c99a8deeffbcee603753a3f1de8ea7f7ca17ecc918b5eb17
Instruction Fuzzy Hash: 5B5181B1B007159FC720EF65D980D6BB3E8BF84348F45492EF85587241DB78E906CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0041DA60 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 404COMMON

Download Yara Rule

Strings

hlp, xrefs: 0041DF2E

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologMessageParentSend$DecrementInterlocked
String ID: hlp
API String ID: 158108401-549983773
Opcode ID: c6d2ff6ea4eaea7a8237ab9cf521a6e9df6bb1c9194ab6c918753a3f77014551
Instruction ID: 372615b0b11f9c81262fec9d2d64216bfbd7ca97bd140c25f92cd35487f0b497
Opcode Fuzzy Hash: c6d2ff6ea4eaea7a8237ab9cf521a6e9df6bb1c9194ab6c918753a3f77014551
Instruction Fuzzy Hash: 7EF192B06083459FD724DF25C885BEFB7E4AF84304F10492EF59A87281E778E949CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0044D020 Relevance: 9.1, APIs: 6, Instructions: 133windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 0044D04C

Part of subcall function 00474B68: InterlockedIncrement.KERNEL32(-000000F4), ref: 00474B7D

739B30C0.WINSPOOL.DRV(?,?,00000000), ref: 0044D07D
739B15A0.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,?,?,00000000), ref: 0044D0C5
739B15A0.WINSPOOL.DRV(?,?,?,00000000,00000000,0000000E,00000000,?,00000000,00000000,00000000,00000002,00000000), ref: 0044D152
7399D660.WINSPOOL.DRV(?,?,?,?,00000000,00000000,0000000E,00000000,?,00000000,00000000,00000000,00000002,00000000), ref: 0044D187

Part of subcall function 00474DF3: InterlockedDecrement.KERNEL32(-000000F4), ref: 00474E07

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Interlocked$7399D660.DecrementIncrementMessageSend
String ID:
API String ID: 4170088483-0
Opcode ID: b90e579594fb2052e7633e1db3b75b05954e6221512e344b3138ca7eb73ab019
Instruction ID: 8c046fdbae1eb7fcf4c8703823bb10fc31b90b8eb3ae8c5ab6563b28dfb45e1a
Opcode Fuzzy Hash: b90e579594fb2052e7633e1db3b75b05954e6221512e344b3138ca7eb73ab019
Instruction Fuzzy Hash: CC41E6B4104345ABC724EF25C881EEF7BA9EFD8764F00490EF85987281D739D945C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 0043F0D0 Relevance: 9.1, APIs: 6, Instructions: 124COMMON

Download Yara Rule

APIs

CopyRect.USER32 ref: 0043F112
IsRectEmpty.USER32(?), ref: 0043F143
OffsetRect.USER32(?,00000000,?), ref: 0043F193
LPtoDP.GDI32(?,?,00000002), ref: 0043F1C8
GetClientRect.USER32(?,?), ref: 0043F1D7
IntersectRect.USER32 ref: 0043F1EC

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$ClientCopyEmptyIntersectOffset
String ID:
API String ID: 1743551499-0
Opcode ID: 0f0b31b47345d63c797446c6a400b074a8f2cccecdd8f47db5b3a9ec0e73550f
Instruction ID: 9e905bf7502dec90721c341422c27f73148e6a8ddd8b1cf6252266db34844659
Opcode Fuzzy Hash: 0f0b31b47345d63c797446c6a400b074a8f2cccecdd8f47db5b3a9ec0e73550f
Instruction Fuzzy Hash: 7F4139B66047019FC318CF69D880A6BB7E9FBC8700F048A2EF556C7251DB34E849CB92

Uniqueness

Uniqueness Score: -1.00%

Function 004350A0 Relevance: 9.1, APIs: 6, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 00435010: 7406A7F0.GDI32(?,?,00000004,?,?,00000000,?,004350C7,?,?,?,00000032), ref: 0043508B

7406A590.GDI32(?), ref: 004350FA
DeleteObject.GDI32(00000000), ref: 0043510F

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: 7406$A590DeleteObject
String ID:
API String ID: 146616141-0
Opcode ID: 7e7cda3245f5473cb6031d14488533fc8911f387ef34b3fb70fb085c4f129b4e
Instruction ID: 2efd617fb948f31ad94794c296e6b823703f2b5173f237aaf8526f746f862eec
Opcode Fuzzy Hash: 7e7cda3245f5473cb6031d14488533fc8911f387ef34b3fb70fb085c4f129b4e
Instruction Fuzzy Hash: 8A318D722047419BC314DF29CD84F6BB7E8FBC9724F008A2EF59983291D739A8058B66

Uniqueness

Uniqueness Score: -1.00%

Function 0047E6F6 Relevance: 9.1, APIs: 6, Instructions: 85memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

TlsGetValue.KERNEL32(004D223C,004D222C,00000000,?,004D223C,?,0047E95E,004D222C,00000000,?,00000000,0047E375,0047DC74,0047E391,00479B63,0047AE02), ref: 0047E701
RtlEnterCriticalSection.KERNEL32(004D2258,00000010,?,004D223C,?,0047E95E,004D222C,00000000,?,00000000,0047E375,0047DC74,0047E391,00479B63,0047AE02), ref: 0047E750
RtlLeaveCriticalSection.KERNEL32(004D2258,00000000,?,004D223C,?,0047E95E,004D222C,00000000,?,00000000,0047E375,0047DC74,0047E391,00479B63,0047AE02), ref: 0047E763
LocalAlloc.KERNEL32(00000000,00000005,?,004D223C,?,0047E95E,004D222C,00000000,?,00000000,0047E375,0047DC74,0047E391,00479B63,0047AE02), ref: 0047E779
LocalReAlloc.KERNEL32(?,00000005,00000002,?,004D223C,?,0047E95E,004D222C,00000000,?,00000000,0047E375,0047DC74,0047E391,00479B63,0047AE02), ref: 0047E78B
TlsSetValue.KERNEL32(004D223C,00000000), ref: 0047E7C7

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocCriticalLocalSectionValue$EnterLeave
String ID:
API String ID: 4117633390-0
Opcode ID: c39d46e07af168927cd178dad7861a176ba8098abab275601ca8f4e8b74a01e5
Instruction ID: 490ea44f9017dd6c2d60532d1d2b98ba0d1734679d6f5f67bdab2b0cd37688a9
Opcode Fuzzy Hash: c39d46e07af168927cd178dad7861a176ba8098abab275601ca8f4e8b74a01e5
Instruction Fuzzy Hash: 21319F75100605EFD728DF16C889FAAB7E8FB48754F00CA6EE51AC7690E734E805CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00477531 Relevance: 9.1, APIs: 6, Instructions: 82windowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00477536
SendMessageA.USER32 ref: 00477583
SendMessageA.USER32 ref: 004775A5
GetCapture.USER32 ref: 004775B7
SendMessageA.USER32 ref: 004775C6
WinHelpA.USER32 ref: 004775DA

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CaptureH_prologHelp
String ID:
API String ID: 432264411-0
Opcode ID: 1e5527544449dea777a27285460e5d79e38e131c5726f6da5093ecb0789885dd
Instruction ID: eec718940fbdb7c1e6c7b59ff42755f142ad89985bdffddbd4618fa38533488b
Opcode Fuzzy Hash: 1e5527544449dea777a27285460e5d79e38e131c5726f6da5093ecb0789885dd
Instruction Fuzzy Hash: 9D21A171200209BFEB306F61CC89FBE7AB9EF48744F10856EB205971E2CB748D009B14

Uniqueness

Uniqueness Score: -1.00%

Function 0047CA07 Relevance: 9.1, APIs: 6, Instructions: 67COMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 0047CA3A
GetLastActivePopup.USER32(?), ref: 0047CA49
IsWindowEnabled.USER32(?), ref: 0047CA5E
EnableWindow.USER32(?,00000000), ref: 0047CA71
GetWindowLongA.USER32 ref: 0047CA83
GetParent.USER32(?), ref: 0047CA91

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
String ID:
API String ID: 670545878-0
Opcode ID: d626fe776b0ca770fb85877b16ce1770862e76f880b704d76532b266f2f2abc3
Instruction ID: cd81f3a3133347abd355454468dbedd359a2adba3923dc511e4f44849cb14767
Opcode Fuzzy Hash: d626fe776b0ca770fb85877b16ce1770862e76f880b704d76532b266f2f2abc3
Instruction Fuzzy Hash: 7311773260133A578621DAA95CC4BAF7698AF95F53F05852FE909D7314DB28DC0142ED

Uniqueness

Uniqueness Score: -1.00%

Function 0041C050 Relevance: 9.1, APIs: 6, Instructions: 54windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 0041C06B
SendMessageA.USER32 ref: 0041C07D
SendMessageA.USER32 ref: 0041C08B
SendMessageA.USER32 ref: 0041C09D
SendMessageA.USER32 ref: 0041C0AF
SendMessageA.USER32 ref: 0041C0BD

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: f0a1ebb4642cb9f83b535d773a861011abb72fa0078eb205711c8353cc4e2d6d
Instruction ID: 3a023662e35746ac1859dd0efd110042e89094340b3e9f3aedbdbd2ad0f6e16a
Opcode Fuzzy Hash: f0a1ebb4642cb9f83b535d773a861011abb72fa0078eb205711c8353cc4e2d6d
Instruction Fuzzy Hash: 66014FB27803057AF53496A59CC2FE7A2AD9F98B91F008A19B7419B1C0D5E5EC814A34

Uniqueness

Uniqueness Score: -1.00%

Function 00441DA0 Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00441DC2
ScreenToClient.USER32 ref: 00441DD1

Part of subcall function 00441E50: DPtoLP.GDI32(?,?,00000001), ref: 00441F67

LoadCursorA.USER32 ref: 00441E01
SetCursor.USER32(00000000), ref: 00441E08
LoadCursorA.USER32 ref: 00441E27
SetCursor.USER32(00000000), ref: 00441E2E

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Cursor$Load$ClientScreen
String ID:
API String ID: 789353160-0
Opcode ID: 63c946174c7ffb13aa313d4707d72a9cba5f7a5940c7ad3f3cf5ee392e45721d
Instruction ID: 79867d11f9a0be78ee9bdd993ba46b94b789969fe7fdb8d4e99109943b1807eb
Opcode Fuzzy Hash: 63c946174c7ffb13aa313d4707d72a9cba5f7a5940c7ad3f3cf5ee392e45721d
Instruction Fuzzy Hash: F511C835504202ABDB10DF64ED49F9F73A9ABD4F12F004A2EF549862D0EA78D948C7B7

Uniqueness

Uniqueness Score: -1.00%

Function 0047C40C Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32(?,?,?,0042C459,?), ref: 0047C40F

Part of subcall function 0047C2B1: GetWindowLongA.USER32 ref: 0047C2C2

GetParent.USER32(00000000), ref: 0047C436

Part of subcall function 0047C2B1: GetClassNameA.USER32(00000000,?,0000000A), ref: 0047C2DD
Part of subcall function 0047C2B1: lstrcmpi.KERNEL32 ref: 0047C2EC

GetWindowLongA.USER32 ref: 0047C451
GetParent.USER32(?), ref: 0047C45F
GetDesktopWindow.USER32 ref: 0047C463
SendMessageA.USER32 ref: 0047C477

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$LongParent$ClassDesktopFocusMessageNameSendlstrcmpi
String ID:
API String ID: 2818563221-0
Opcode ID: a929d30218297caa4842a975ace6f5935f6a96ceb0bf16508ac57e07a614a25c
Instruction ID: 367383d6fc8c4e5fcb27335792a5d7a464e49b9135b0b464a208cbd17001e535
Opcode Fuzzy Hash: a929d30218297caa4842a975ace6f5935f6a96ceb0bf16508ac57e07a614a25c
Instruction Fuzzy Hash: 87F0AF3274162227D6222B296CD8FFF615C5B82F55F19C52EFA19B6394EB1C8C0182AD

Uniqueness

Uniqueness Score: -1.00%

Function 0047C326 Relevance: 9.0, APIs: 6, Instructions: 46COMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 0047C335
GetWindow.USER32(?,00000005), ref: 0047C346
GetDlgCtrlID.USER32 ref: 0047C34F
GetWindowLongA.USER32 ref: 0047C35E
GetWindowRect.USER32 ref: 0047C370
PtInRect.USER32(?,?,?), ref: 0047C380

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Rect$ClientCtrlLongScreen
String ID:
API String ID: 1315500227-0
Opcode ID: 150f43a37b464344fe980a2634bca2bf3715af1e7d9e804d1aebf1d6c85d3eac
Instruction ID: bc37d669bd3913f49a86b7997bb7931247461eac434520f77a2ee05fec260a49
Opcode Fuzzy Hash: 150f43a37b464344fe980a2634bca2bf3715af1e7d9e804d1aebf1d6c85d3eac
Instruction Fuzzy Hash: 2D014436100116ABDB115BA4DC48FEF776CEF45715F00C539FD1595160E738D9158B98

Uniqueness

Uniqueness Score: -1.00%

Function 0046FB1C Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 207timeCOMMON

Download Yara Rule

APIs

Part of subcall function 0046B414: RtlInitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046E171,00000009,00000000,00000000,00000001,00468B99,00000001,00000074,?,?,00000000,00000001), ref: 0046B451
Part of subcall function 0046B414: RtlEnterCriticalSection.KERNEL32(?,?,?,0046E171,00000009,00000000,00000000,00000001,00468B99,00000001,00000074,?,?,00000000,00000001), ref: 0046B46C

Part of subcall function 0046B475: RtlLeaveCriticalSection.KERNEL32(?,00465AF2,00000009,00465ADE,00000000,?,00000000,00000000,00000000), ref: 0046B482

GetTimeZoneInformation.KERNEL32(0000000C,?,?,?,0000000B,0000000B,?,0046FB0D,0046F203,?,?,?,?,004669EE,?,?), ref: 0046FB6A
WideCharToMultiByte.KERNEL32(00000220,004D27FC,000000FF,0000003F,00000000,?,?,0046FB0D,0046F203,?,?,?,?,004669EE,?,?), ref: 0046FC00
WideCharToMultiByte.KERNEL32(00000220,004D2850,000000FF,0000003F,00000000,?,?,0046FB0D,0046F203,?,?,?,?,004669EE,?,?), ref: 0046FC39

Strings

l|J, xrefs: 0046FC4C, 0046FD7F, 0046FD8D
,|J, xrefs: 0046FC0B, 0046FC16, 0046FCC0

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$ByteCharMultiWide$EnterInformationInitializeLeaveTimeZone
String ID: ,|J$l|J
API String ID: 3442286286-2160891293
Opcode ID: 81e27cbfe5b47ce2fdb1fcf948fc4d8411a9a954b0f90276bb73755d200c833c
Instruction ID: 3afe7b9791d3739bfda4fc64ce704bf16522dfd83a784e9d6603852ca214a6e6
Opcode Fuzzy Hash: 81e27cbfe5b47ce2fdb1fcf948fc4d8411a9a954b0f90276bb73755d200c833c
Instruction Fuzzy Hash: D861E171508244AED731AF29FC41A263FA8FB46324F14013FE5C18B2A1FB785986D79E

Uniqueness

Uniqueness Score: -1.00%

Function 0041C870 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047B924: __EH_prolog.LIBCMT ref: 0047B929
Part of subcall function 0047B924: BeginPaint.USER32(?,?,?,?,004179D9), ref: 0047B952

Part of subcall function 0047B4D5: GetClipBox.GDI32(?,?), ref: 0047B4DC

IsRectEmpty.USER32(?), ref: 0041C8B6
PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 0041C93D
GetCurrentObject.GDI32(?,00000006), ref: 0041C9CA
GetClientRect.USER32(?,?), ref: 0041CA3C

Part of subcall function 0047B996: __EH_prolog.LIBCMT ref: 0047B99B
Part of subcall function 0047B996: EndPaint.USER32(?,?,?,?,00417A53), ref: 0047B9B8

Strings

tCJ, xrefs: 0041C94D

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologPaintRect$BeginClientClipCurrentEmptyObject
String ID: tCJ
API String ID: 3717962522-3789860310
Opcode ID: e5e373478cf9df39721ae50e9d6b2ec093df8316dc53c8d51e4a7694f70d65f4
Instruction ID: f820441c28996030b6233f8530c0059e805937771f798770e3da3f74fa58e75d
Opcode Fuzzy Hash: e5e373478cf9df39721ae50e9d6b2ec093df8316dc53c8d51e4a7694f70d65f4
Instruction Fuzzy Hash: 89613E711083419FD324DB65C885FAFB7E8EBD8714F40891EF59A83291DB38A948CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0045D5C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 0045D6DE

Part of subcall function 00473357: SendMessageA.USER32 ref: 00473378

Strings

OK, xrefs: 0045D613

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: OK
API String ID: 3850602802-1927176014
Opcode ID: 443c9bd02f1ed4ed9c1342cdd8baedf1cd1c9c2746718690d889dee3185188b0
Instruction ID: 5d7e473484eb519243fee58bc76c881df04208465b346d340724490dc2090b06
Opcode Fuzzy Hash: 443c9bd02f1ed4ed9c1342cdd8baedf1cd1c9c2746718690d889dee3185188b0
Instruction Fuzzy Hash: C451BF31A007019BD724CE16DC40BABB3E4EFC8722F40492EFD49D7681E378E9098B55

Uniqueness

Uniqueness Score: -1.00%

Function 00448130 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 150windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 00448199
SendMessageA.USER32 ref: 00448259

Strings

xOK, xrefs: 00448204
xOK, xrefs: 00448289
xOK, xrefs: 00448243

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSendWindow
String ID: xOK$xOK$xOK
API String ID: 701072176-2363173631
Opcode ID: b616c023cb05f3f4ae81c3bba87a9522ed95d5b1edc9c45108d61bab226b5d02
Instruction ID: 55c916bf3e408deba283dee7563f4caeed6bc2263b5d8775e049ec9a35ab2366
Opcode Fuzzy Hash: b616c023cb05f3f4ae81c3bba87a9522ed95d5b1edc9c45108d61bab226b5d02
Instruction Fuzzy Hash: 9341BE327002055BE7109A6AAC81BBFB395FBC8724F54467FFA0587241DB6DD84A836A

Uniqueness

Uniqueness Score: -1.00%

Function 004167F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 144windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004791EE: IsWindowEnabled.USER32(?), ref: 004791F8

IsWindowVisible.USER32(?), ref: 0041682A

Part of subcall function 004771C1: GetWindowTextLengthA.USER32(?), ref: 004771CE
Part of subcall function 004771C1: GetWindowTextA.USER32 ref: 004771E6

Part of subcall function 00473793: SendMessageA.USER32 ref: 0047379F

wsprintfA.USER32 ref: 004168C4
SendMessageA.USER32 ref: 004168F0
SendMessageA.USER32 ref: 004168FF

Strings

tCJ, xrefs: 00416848

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$MessageSend$Text$EnabledLengthVisiblewsprintf
String ID: tCJ
API String ID: 1914814478-3789860310
Opcode ID: 0ec36a7486182b3e3568ac34758974ed4e1f83ef18a73b230211edc9db2155b0
Instruction ID: b314aad920c74bfd0ea70d66a3f9123bbdd75b7b3f196b5922b73bd1a4ab03bf
Opcode Fuzzy Hash: 0ec36a7486182b3e3568ac34758974ed4e1f83ef18a73b230211edc9db2155b0
Instruction Fuzzy Hash: 335156B56087419FD724EF14C981BABB7F5BBC8710F10891EE59A87780DB78E801CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00468C08 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32 ref: 00468C27
GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 00468C5C
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00468CBC

Strings

__GLOBAL_HEAP_SELECTED, xrefs: 00468C96
__MSVCRT_HEAP_SELECT, xrefs: 00468C57

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: EnvironmentFileModuleNameVariableVersion
String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
API String ID: 1385375860-4131005785
Opcode ID: 1f76f4e6b5fe4e8f4ab3937ba3cb85c3bd4a1af9b0a134037f28c1cbee118461
Instruction ID: 488f73aa4527cb0a9c3653b1b5444bf13ff11e42d4ad5781627e820a1ab62503
Opcode Fuzzy Hash: 1f76f4e6b5fe4e8f4ab3937ba3cb85c3bd4a1af9b0a134037f28c1cbee118461
Instruction Fuzzy Hash: C53105719462886AEF3596705C45BDF37689B12708F2405EFD185D6282FA3C8D89CB3F

Uniqueness

Uniqueness Score: -1.00%

Function 004427F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 00442864
SendMessageA.USER32 ref: 004428BD
SendMessageA.USER32 ref: 004428CC
SendMessageA.USER32 ref: 004428FA

Strings

tCJ, xrefs: 00442885

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$Window
String ID: tCJ
API String ID: 2326795674-3789860310
Opcode ID: 6d24ae688ea3dc0fb96486fe2e8e23c441ffe4ffb946bf105a679ab5105213fd
Instruction ID: d622f9db562d4007cdf98c28b8ab39ea4d047fe49d33dc821cc91df25305a63d
Opcode Fuzzy Hash: 6d24ae688ea3dc0fb96486fe2e8e23c441ffe4ffb946bf105a679ab5105213fd
Instruction Fuzzy Hash: 6D41B3722487419BE320DB59CC41B6BF7D4EB89720F448B2EF9A5873D1C7789405CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00476F1F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 00476FD8
GetWindowLongA.USER32 ref: 00476FE9
GetWindowLongA.USER32 ref: 00476FF9
SetWindowLongA.USER32 ref: 00477015

Strings

(, xrefs: 00476FC3

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID: (
API String ID: 2178440468-3887548279
Opcode ID: 7307027d802a40a76817bf60cfea55b2e2bd817239a5d1cdc9e00f30cc31fefe
Instruction ID: 89102dc9ddc59ed1f571a982f55e219daf118c6c37df6be6173931e00c313492
Opcode Fuzzy Hash: 7307027d802a40a76817bf60cfea55b2e2bd817239a5d1cdc9e00f30cc31fefe
Instruction Fuzzy Hash: 7A31D6306007009FDB20AF75E844B9E77F6BF48714F15866EE549A7692DB38EC04CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0047F1C5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88stringCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 0047F1F6

Part of subcall function 0047F2E2: lstrlen.KERNEL32(00000104,00000000,?,0047F226), ref: 0047F319

lstrcpy.KERNEL32(?,.HLP), ref: 0047F297
lstrcat.KERNEL32(?,.INI), ref: 0047F2C4

Strings

.INI, xrefs: 0047F2BE
.HLP, xrefs: 0047F291

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileModuleNamelstrcatlstrcpylstrlen
String ID: .HLP$.INI
API String ID: 2421895198-3011182340
Opcode ID: a38605b7d7e81bbd781dd7a6c25fa34be737baae668175b4c2ed7a396b2241f7
Instruction ID: 41af24aa32f948d04b998ee918862199952e151ee90002d7196dd54f0a90337e
Opcode Fuzzy Hash: a38605b7d7e81bbd781dd7a6c25fa34be737baae668175b4c2ed7a396b2241f7
Instruction Fuzzy Hash: 0A319475804709DFDB21EB75D884BC6B7FCAB04314F1089BBE18DD3151EB74A9848B14

Uniqueness

Uniqueness Score: -1.00%

Function 00433D40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GlobalFix.KERNEL32 ref: 00433D80
GlobalSize.KERNEL32(?), ref: 00433DA3
GlobalSize.KERNEL32(?), ref: 00433DD3
GlobalUnWire.KERNEL32(?), ref: 00433DE3

Strings

BM, xrefs: 00433D9D

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$Size$Wire
String ID: BM
API String ID: 2995285337-2348483157
Opcode ID: a4fc1cd2e3d84ae108f7c414ed3d2f700c2f8528e44dbdc0ee2c13fe353e1ecc
Instruction ID: 2210eee9fedfa505ab37d102b7cdf60d787fbccfa9103952a9178c51229dc9ab
Opcode Fuzzy Hash: a4fc1cd2e3d84ae108f7c414ed3d2f700c2f8528e44dbdc0ee2c13fe353e1ecc
Instruction Fuzzy Hash: 9D21F576900258ABC710DFA9D841BDEFBB8FF48720F00466EF819E3381D77859008BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00433D3C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

GlobalFix.KERNEL32 ref: 00433D80
GlobalSize.KERNEL32(?), ref: 00433DA3
GlobalSize.KERNEL32(?), ref: 00433DD3
GlobalUnWire.KERNEL32(?), ref: 00433DE3

Strings

BM, xrefs: 00433D9D

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$Size$Wire
String ID: BM
API String ID: 2995285337-2348483157
Opcode ID: c78b83d837cc63dcfff352c3ab921fce81b7de1dd4adb13a0f33793ff141a52f
Instruction ID: 622ecb60a1451594d0eb9333bbe5980530866d6ef0f061e207a1155183675316
Opcode Fuzzy Hash: c78b83d837cc63dcfff352c3ab921fce81b7de1dd4adb13a0f33793ff141a52f
Instruction Fuzzy Hash: 9021E775900254ABC710EFA9D881BDEBBB8FF48764F10456EF819E3381D7785900CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0042B9B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIcon.SHELL32(00000001), ref: 0042BA29
DestroyCursor.USER32(?), ref: 0042BA36
Shell_NotifyIcon.SHELL32 ref: 0042BA69

Strings

X, xrefs: 0042B9C7
d, xrefs: 0042B9D9

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: IconNotifyShell_$CursorDestroy
String ID: X$d
API String ID: 3039372612-651813629
Opcode ID: 0417a4a404d414c479aefdc9d0ae4de78408e40b328e63f0e75ce79496be7f2b
Instruction ID: ed182362f5a99d6e1009033aeaf4d626b7060e6c4d246c84b3d223dca3035abc
Opcode Fuzzy Hash: 0417a4a404d414c479aefdc9d0ae4de78408e40b328e63f0e75ce79496be7f2b
Instruction Fuzzy Hash: 4A214AB56087019FE310DF15D804B9BBBE5FFD4704F40891EB9C993350EBB999188BA6

Uniqueness

Uniqueness Score: -1.00%

Function 00475A75 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

GetWindowLongA.USER32 ref: 00475AB6
GetDlgItem.USER32 ref: 00475AD5
IsWindowEnabled.USER32(00000000), ref: 00475AE0
SendMessageA.USER32 ref: 00475AF6

Strings

Edit, xrefs: 00475AC0

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$EnabledItemLongMessageSend
String ID: Edit
API String ID: 3499652902-554135844
Opcode ID: 350d0fdadcc4aa2b7793e8cdc5a768b0f633e36987adf37f856bb6928f6200bd
Instruction ID: e9f0a56baf342b6e6b72d96243a2932ec8715bf3ab4b9a5b3e5964a3cf23935b
Opcode Fuzzy Hash: 350d0fdadcc4aa2b7793e8cdc5a768b0f633e36987adf37f856bb6928f6200bd
Instruction Fuzzy Hash: D501A130200A026BEA2556219C4AFFF7755AF80B14F14CD3BF50DEA2E1EBE9E851C65C

Uniqueness

Uniqueness Score: -1.00%

Function 00466391 Relevance: 7.8, APIs: 5, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c9fd61c8e645d8f8b69020451b55fbc2ec60b3387aa1d8f7bfef77fd31ac0a8
Instruction ID: 046b962a76e9e92e7d58b77ded326eb55035ff3c294a327bb92a3a55cc0dbd71
Opcode Fuzzy Hash: 9c9fd61c8e645d8f8b69020451b55fbc2ec60b3387aa1d8f7bfef77fd31ac0a8
Instruction Fuzzy Hash: 20910771D01114BECF21AB69ED819DE7BB8EB44364F22052BF815B6291F7398D40CB6E

Uniqueness

Uniqueness Score: -1.00%

Function 0043F960 Relevance: 7.7, APIs: 5, Instructions: 229COMMON

Download Yara Rule

APIs

CopyRect.USER32 ref: 0043F9E9
GetClientRect.USER32(00000000,?), ref: 0043FA22
DPtoLP.GDI32 ref: 0043FA78
GetClientRect.USER32(00000000,?), ref: 0043FB4C
DPtoLP.GDI32 ref: 0043FBA2

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Client$Copy
String ID:
API String ID: 472922470-0
Opcode ID: 209845c7fef9bbc8a3bc5dd4c0ae570b1b5c3e76124eb43a97d01b574fa69372
Instruction ID: 0cca39d6a89f5b7ffe1345f5d7f5daeee69ad890499e7241e56429005b020c33
Opcode Fuzzy Hash: 209845c7fef9bbc8a3bc5dd4c0ae570b1b5c3e76124eb43a97d01b574fa69372
Instruction Fuzzy Hash: 2381C5712083459FC714EF69D491A6FB7E5FBCC708F00592EF19A87241EB78A809CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0042E4B0 Relevance: 7.7, APIs: 5, Instructions: 196windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0042E58C
SendMessageA.USER32 ref: 0042E5A3
GetWindowRect.USER32 ref: 0042E5F5
GetClientRect.USER32(?,00000000), ref: 0042E64D
GetWindowRect.USER32 ref: 0042E671

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow$ClientMessageSend
String ID:
API String ID: 1071774122-0
Opcode ID: 5459a45b73c0cc746498ab110809211a5b295105b3c7adfd3a2d880b6712c799
Instruction ID: b193a5d848ff648e314b770ea4a9cf4f8b702947f1f750609d9bd10becba5100
Opcode Fuzzy Hash: 5459a45b73c0cc746498ab110809211a5b295105b3c7adfd3a2d880b6712c799
Instruction Fuzzy Hash: F161B1B1604315AFC710DF65D880A6FB7E8EFC8748F404A1EF94597380EA38D945CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00468951 Relevance: 7.6, APIs: 5, Instructions: 150COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32(?), ref: 004689AF
GetFileType.KERNEL32(?,?,00000000), ref: 00468A5A
GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 00468ABD
GetFileType.KERNEL32(00000000,?,00000000), ref: 00468ACB
SetHandleCount.KERNEL32 ref: 00468B02

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileHandleType$CountInfoStartup
String ID:
API String ID: 1710529072-0
Opcode ID: 5a8a122611889dfc07db4a30232790bf0302eff618ccde704143627d5d02ecdc
Instruction ID: 87fbde5e785dfdccc7a742dd81b34e7356a573fa9e0d0539f96117c780a9c979
Opcode Fuzzy Hash: 5a8a122611889dfc07db4a30232790bf0302eff618ccde704143627d5d02ecdc
Instruction Fuzzy Hash: AE5109716042118FCB20CFA8C9547667BA0AF11328F254B6FD992C73E1EB789805C75B

Uniqueness

Uniqueness Score: -1.00%

Function 00460DD0 Relevance: 7.6, APIs: 5, Instructions: 127windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 00460DE6
73D41FD0.COMCTL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0045F69E), ref: 00460E6C
73D41FD0.COMCTL32(?), ref: 00460E92
SendMessageA.USER32 ref: 00460ED7
SendMessageA.USER32 ref: 00460F1A

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 0ee007d32404fb7f00e27a5d2cb06e666445ba851584531c9fbdbf3c7f2b2de1
Instruction ID: c884127e4c41e082136eb7d62f5366f38d6a7a4358084d705377080b85438005
Opcode Fuzzy Hash: 0ee007d32404fb7f00e27a5d2cb06e666445ba851584531c9fbdbf3c7f2b2de1
Instruction Fuzzy Hash: 30417E716053519FC724DF29C840A5BBBE4FF88754F000A2EF999D7280E779E905CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0042C620 Relevance: 7.6, APIs: 5, Instructions: 104windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0042C6F0
WinHelpA.USER32 ref: 0042C70B
GetMenu.USER32(?), ref: 0042C71B
SetMenu.USER32(?,00000000), ref: 0042C728
DestroyMenu.USER32(00000000), ref: 0042C733

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$DestroyHelpWindow
String ID:
API String ID: 427501538-0
Opcode ID: ec867a95479e97b320f36114294c69bd30fc765ae44762eff05d8b5c7449cfbf
Instruction ID: 9aa85f3ae055f8e7d6b705e514b76783c73edaca62dbb1e45599d25f1aa6ab51
Opcode Fuzzy Hash: ec867a95479e97b320f36114294c69bd30fc765ae44762eff05d8b5c7449cfbf
Instruction Fuzzy Hash: E331C471700615ABC314AF66EC85E6FB7ACFF85348F850A1FF90553240DB39B9408BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00438260 Relevance: 7.6, APIs: 5, Instructions: 103synchronizationCOMMON

Download Yara Rule

APIs

midiStreamStop.WINMM(?,00000000,-000001B1,00000000,00437DCA,00000000,004B4520,0042EA76,004B4520,?,0042972F,004B4520,004276F3,00000001,00000000,000000FF), ref: 00438295
midiOutReset.WINMM(?,?,0042972F,004B4520,004276F3,00000001,00000000,000000FF,?,0042EF91,?,?,00426DA5), ref: 004382B3
WaitForSingleObject.KERNEL32(?,000007D0,?,0042972F,004B4520,004276F3,00000001,00000000,000000FF,?,0042EF91,?,?,00426DA5), ref: 004382D6
midiStreamClose.WINMM(?,?,0042972F,004B4520,004276F3,00000001,00000000,000000FF,?,0042EF91,?,?,00426DA5), ref: 00438313
midiStreamClose.WINMM(?,?,0042972F,004B4520,004276F3,00000001,00000000,000000FF,?,0042EF91,?,?,00426DA5), ref: 00438347

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: midi$Stream$Close$ObjectResetSingleStopWait
String ID:
API String ID: 3142198506-0
Opcode ID: 93e93734d3aa7bd345a9c30dbebfe536da99ef262d15f6fc41ed230ff2d6b861
Instruction ID: 4af15d6401e4a05a51d080f77048d88965c364f1a3823f6c39abcf28ad1ffeea
Opcode Fuzzy Hash: 93e93734d3aa7bd345a9c30dbebfe536da99ef262d15f6fc41ed230ff2d6b861
Instruction Fuzzy Hash: 043160B2600B018BC7209FA5D48455FF7E9BF98711B145A3FF682D6700DB39E845CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0046D16C Relevance: 7.6, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.KERNEL32(00000000,00002020,004A5AD0,004A5AD0,?,?,0046D638,00000000,00000010,00000000,00000009,00000009,?,00465AD1,00000010,00000000), ref: 0046D18D
VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,0046D638,00000000,00000010,00000000,00000009,00000009,?,00465AD1,00000010,00000000), ref: 0046D1B1
VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,0046D638,00000000,00000010,00000000,00000009,00000009,?,00465AD1,00000010,00000000), ref: 0046D1CB
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,0046D638,00000000,00000010,00000000,00000009,00000009,?,00465AD1,00000010,00000000,?), ref: 0046D28C
HeapFree.KERNEL32(00000000,00000000,?,?,0046D638,00000000,00000010,00000000,00000009,00000009,?,00465AD1,00000010,00000000,?,00000000), ref: 0046D2A3

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Virtual$AllocFreeHeap$Allocate
String ID:
API String ID: 3000792370-0
Opcode ID: f56cc0f85e3b51c957334864a079e29804b208bc465c543e11d8022b7413da5a
Instruction ID: 6aab54d609ca89aa83591bd1b66545dd7b0606f69a730388be41cee34998c462
Opcode Fuzzy Hash: f56cc0f85e3b51c957334864a079e29804b208bc465c543e11d8022b7413da5a
Instruction Fuzzy Hash: 6131F072F40B029BD3309F24ED80B26BBE4FB55754F20863AE5559B790F7B8A840874E

Uniqueness

Uniqueness Score: -1.00%

Function 00428840 Relevance: 7.6, APIs: 5, Instructions: 92windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 004288B0
GetMenu.USER32(?), ref: 004288BF
DestroyAcceleratorTable.USER32 ref: 0042890C
SetMenu.USER32(?,00000000,?,?,?,?,00424D04,?), ref: 00428921
DestroyMenu.USER32(?,?,?,00424D04,?), ref: 00428931

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$Destroy$AcceleratorTableWindow
String ID:
API String ID: 1240299919-0
Opcode ID: 93e5c79777429e1d8c88d6d368f13c63b388f3942201c1b0e35115c02bc57ef1
Instruction ID: 401ad2ac8d3bcbb4ca243be2ec7b5da90f4d7fd77ef67b27b488f4ea0e780fa6
Opcode Fuzzy Hash: 93e5c79777429e1d8c88d6d368f13c63b388f3942201c1b0e35115c02bc57ef1
Instruction Fuzzy Hash: 1631D8B17002126FC720EF65DD44D6B77A8EF84758F01492EF80587252EB38E909CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 0042E340 Relevance: 7.6, APIs: 5, Instructions: 90COMMON

Download Yara Rule

APIs

IsChild.USER32(?,?), ref: 0042E35C

Part of subcall function 00423190: IsChild.USER32(?,?), ref: 0042320D
Part of subcall function 00423190: GetParent.USER32(?), ref: 00423227

GetCursorPos.USER32(?,?,00000000,?,?,?,?,0042DFD0), ref: 0042E374
GetClientRect.USER32(?,?), ref: 0042E383
PtInRect.USER32(?,?,?), ref: 0042E3A4
SetCursor.USER32(?,?,00000000,?,?,?,?,0042DFD0), ref: 0042E422

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ChildCursorRect$ClientParent
String ID:
API String ID: 1110532797-0
Opcode ID: ee560ecbdbac27a8874ed96aafc9b39231bfea6ce976f264bdc2a20a924ba3d6
Instruction ID: 971f463549fccad6d83bae0e6e499440e19b0bd6bcdd8a90a56c601ba866c740
Opcode Fuzzy Hash: ee560ecbdbac27a8874ed96aafc9b39231bfea6ce976f264bdc2a20a924ba3d6
Instruction Fuzzy Hash: 8F21E6717002226BC720EF66EC45F5FB3E8AF84714F944A1EF845D3280E778E90587A9

Uniqueness

Uniqueness Score: -1.00%

Function 004616D0 Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 0047905F: GetWindowLongA.USER32 ref: 0047906B

GetParent.USER32(?), ref: 004616F4
GetClientRect.USER32(?,?), ref: 0046170D
InvalidateRect.USER32(?,?,00000001,?,?), ref: 0046175C
UpdateWindow.USER32(?), ref: 00461762
InvalidateRect.USER32(?,00000000,00000000), ref: 00461781

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$InvalidateWindow$ClientLongParentUpdate
String ID:
API String ID: 529115757-0
Opcode ID: 3cdec9b471a21b853f053da525d55dd909d43d0568463742c3cb48bf9d164793
Instruction ID: 637d02d0459c03160f5fc18bd1c90774ea17675dfb56010dd114e00a2f49b1fb
Opcode Fuzzy Hash: 3cdec9b471a21b853f053da525d55dd909d43d0568463742c3cb48bf9d164793
Instruction Fuzzy Hash: A1216FB8604302AFD714EF51D880E6FB3E9EFC8714F04891EF94593350E638E80A8B66

Uniqueness

Uniqueness Score: -1.00%

Function 0041BFD0 Relevance: 7.6, APIs: 5, Instructions: 56windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00473654: SendMessageA.USER32 ref: 00473675

SendMessageA.USER32 ref: 0041BFF5
SendMessageA.USER32 ref: 0041C015
SendMessageA.USER32 ref: 0041C027
SendMessageA.USER32 ref: 0041C035
SendMessageA.USER32 ref: 0041C047

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 06b272979c1d31956c4a5676b640d11ebc4f7296e23b2d860f3fc4ef939d4610
Instruction ID: 5871872a1774bf5fb1b6d69ff83102bc08402195cb3f13da95b25f8535c8f587
Opcode Fuzzy Hash: 06b272979c1d31956c4a5676b640d11ebc4f7296e23b2d860f3fc4ef939d4610
Instruction Fuzzy Hash: 4101A7F27407017EE5359AA68CC1FA792AC9F9CB55F00452AF701E76C0CAE9EC464674

Uniqueness

Uniqueness Score: -1.00%

Function 00477396 Relevance: 7.6, APIs: 5, Instructions: 52stringregistryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0047739B
GetClassInfoA.USER32 ref: 004773B6
RegisterClassA.USER32 ref: 004773C1
lstrcat.KERNEL32(00000034,?), ref: 004773F8
lstrcat.KERNEL32(00000034,?), ref: 00477406

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Classlstrcat$H_prologInfoRegister
String ID:
API String ID: 106226465-0
Opcode ID: 1b499373e3ffabd75949de4e356cc9b6491515d21fe39bcc4131fbccfe6d699c
Instruction ID: 9bd2e9e15167bf691e26e1b875f2048243582e73113e62042e9c6edaf9b59ae8
Opcode Fuzzy Hash: 1b499373e3ffabd75949de4e356cc9b6491515d21fe39bcc4131fbccfe6d699c
Instruction Fuzzy Hash: 2F11E532504215BFCB10AFA5EC01ADE7FB8EF05754F00896FF909A7191D77896048769

Uniqueness

Uniqueness Score: -1.00%

Function 00468B74 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000103,7FFFFFFF,00467C4C,00467B86,00000000,?,?,00000000,00000001), ref: 00468B76
TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 00468B84
SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 00468BD0

Part of subcall function 0046E0BB: RtlAllocateHeap.KERNEL32(00000008,?,00000000,00000000,00000001,00468B99,00000001,00000074,?,?,00000000,00000001), ref: 0046E1B1

TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 00468BA8
GetCurrentThreadId.KERNEL32 ref: 00468BB9

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastValue$AllocateCurrentHeapThread
String ID:
API String ID: 2047054392-0
Opcode ID: ce77b71cfb023ac6840f8f4d94e07fd1acc81d2c2351c033c2370d30dfdf1d5f
Instruction ID: e9919fdfef625df06041153337c7931d73fabc26a1cb559e564bf55f4b90d726
Opcode Fuzzy Hash: ce77b71cfb023ac6840f8f4d94e07fd1acc81d2c2351c033c2370d30dfdf1d5f
Instruction Fuzzy Hash: AFF02B715016225BD6212B75BC0DA1E3B60AF81FB1B11077EF451962E0EFA8988147AE

Uniqueness

Uniqueness Score: -1.00%

Function 0047E530 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

TlsFree.KERNEL32(00000000,?,?,0047EA3D,00000000,00000001), ref: 0047E53C
GlobalHandle.KERNEL32(005C1920), ref: 0047E564
GlobalUnWire.KERNEL32(00000000), ref: 0047E56D
GlobalFree.KERNEL32 ref: 0047E574
RtlDeleteCriticalSection.KERNEL32(004D2220,?,?,0047EA3D,00000000,00000001), ref: 0047E57E

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$Free$CriticalDeleteHandleSectionWire
String ID:
API String ID: 1964465133-0
Opcode ID: cead8dd7f40cd473cd9abdd05b629485e5d5ba58978a850ee88c64a3c65bccdb
Instruction ID: 1c874e368fcd8adb699db684a836a5ccf19dd0f58c4173250f741c944ec55ddb
Opcode Fuzzy Hash: cead8dd7f40cd473cd9abdd05b629485e5d5ba58978a850ee88c64a3c65bccdb
Instruction Fuzzy Hash: 45F054312001116BC7205B7AAC4CA6F76BDAFD976571A4A9EF419D3391EB28DC02476C

Uniqueness

Uniqueness Score: -1.00%

Function 00432410 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 244windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004314F0: InvalidateRect.USER32(?,00000000,00000000), ref: 0043151A

Part of subcall function 004771C1: GetWindowTextLengthA.USER32(?), ref: 004771CE
Part of subcall function 004771C1: GetWindowTextA.USER32 ref: 004771E6

SendMessageA.USER32 ref: 00432692
SendMessageA.USER32 ref: 004326CE
SendMessageA.USER32 ref: 004326DB

Strings

tCJ, xrefs: 00432438

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$TextWindow$InvalidateLengthRect
String ID: tCJ
API String ID: 2881497910-3789860310
Opcode ID: ab9ccfd7eaca0c2b6ad2158266fa677734d395c297e522ccf5408a981104db65
Instruction ID: cdedaf06d3904ca918d352bfc5e03245838a9912b424a3426d7cb9e71362038e
Opcode Fuzzy Hash: ab9ccfd7eaca0c2b6ad2158266fa677734d395c297e522ccf5408a981104db65
Instruction Fuzzy Hash: DB8106F1A04302ABD610DB24D98292F73A8EFD8714F104E2FF99687291E67CDD45875B

Uniqueness

Uniqueness Score: -1.00%

Function 0046342F Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON

Download Yara Rule

APIs

__ftol.LIBCMT ref: 00463484
__ftol.LIBCMT ref: 004634B1

Strings

T7F, xrefs: 004634C9, 00463599, 004634F6, 00463518, 00463527
T7F, xrefs: 0046352F

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __ftol
String ID: T7F$T7F
API String ID: 495808979-3479663282
Opcode ID: 6190da6e02fa75a88ca0fb6a57b0287a2536960e8a4273991d1a5f8168a41bff
Instruction ID: abea43c675e02b0c0a9fc583c017d902780e8824a2ea6bc3d5e65bbf20e05cfa
Opcode Fuzzy Hash: 6190da6e02fa75a88ca0fb6a57b0287a2536960e8a4273991d1a5f8168a41bff
Instruction Fuzzy Hash: 6651BFB1A01219DBCB14CF5ED880199BBF5FF9C314B2584ABE819C7301E7B6DE128B85

Uniqueness

Uniqueness Score: -1.00%

Function 00442F10 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 157COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00442F4F
CreateFontIndirectA.GDI32(00000028), ref: 00442FB8
GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 00442FFF

Strings

(, xrefs: 00442FA4

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateExtentFontIndirectPoint32Textwsprintf
String ID: (
API String ID: 3175173087-3887548279
Opcode ID: d85772b7409649c735b9515981d7d792e4229e48eae05787aed0078e28d9f530
Instruction ID: 48753244204eb78f7d7e9d2bc6d405ef3e686931f2c4d6dff9ca7a81615adf3c
Opcode Fuzzy Hash: d85772b7409649c735b9515981d7d792e4229e48eae05787aed0078e28d9f530
Instruction Fuzzy Hash: C251D0712043458FD324DF28C885B6FB7E5FB88714F144A1EF59A83381DBB5AA05CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0044D2F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004771C1: GetWindowTextLengthA.USER32(?), ref: 004771CE
Part of subcall function 004771C1: GetWindowTextA.USER32 ref: 004771E6

wsprintfA.USER32 ref: 0044D3D3
SendMessageA.USER32 ref: 0044D3FB
SendMessageA.USER32 ref: 0044D40A

Strings

tCJ, xrefs: 0044D308

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSendTextWindow$Lengthwsprintf
String ID: tCJ
API String ID: 1782877324-3789860310
Opcode ID: 7a29c88a52d5c59df1ae792cdcc5f7f356ab28767b6175c461922171ad9cde85
Instruction ID: f925efe8d96e1363910b2dd51b4516c80a01a49a480f63634cd0b67436d35c36
Opcode Fuzzy Hash: 7a29c88a52d5c59df1ae792cdcc5f7f356ab28767b6175c461922171ad9cde85
Instruction Fuzzy Hash: 3931B071704701ABD7089B68CC92B6FB3A1FFC5724F248A2DF566972C0DB78E8018756

Uniqueness

Uniqueness Score: -1.00%

Function 0047ABB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

GlobalFix.KERNEL32 ref: 0047ABCC
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 0047AC1F
GlobalUnWire.KERNEL32(?), ref: 0047ACB6

Strings

@, xrefs: 0047AC09

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$ByteCharMultiWideWire
String ID: @
API String ID: 599868136-2766056989
Opcode ID: 04d562d25e4eeeb0a4ee23743614bd781bae7594b72bd7f092c1d138f1f1949e
Instruction ID: fe81c3b7620cb28542d9872656f42fec173d14d23ffdd42fd9ca14adf798e47c
Opcode Fuzzy Hash: 04d562d25e4eeeb0a4ee23743614bd781bae7594b72bd7f092c1d138f1f1949e
Instruction Fuzzy Hash: AB410C32800215FFCB15DF94C8859EEBBB5FF40354F14C16EE8199B244E3389A56CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0041C310 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 0041C34B
SendMessageA.USER32 ref: 0041C37D

Part of subcall function 0047CE96: SendMessageA.USER32 ref: 0047CEAE
Part of subcall function 0047CE96: SendMessageA.USER32 ref: 0047CEC7

SendMessageA.USER32 ref: 0041C3DA

Strings

tCJ, xrefs: 0041C35F

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: tCJ
API String ID: 3850602802-3789860310
Opcode ID: d0eb752ebf90153012efe811f1492bbccfe66c8cabb30d9bc7860656adf34700
Instruction ID: 470629f4c9cd9159453ff7fb15638a9f013880648742cca7f2f88075ad1e8943
Opcode Fuzzy Hash: d0eb752ebf90153012efe811f1492bbccfe66c8cabb30d9bc7860656adf34700
Instruction Fuzzy Hash: EB316D74244744AFC220DF168C85E6BBBE9EBC5754F008A2EF56686280DB78D805CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 0042BD70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86windowCOMMON

Download Yara Rule

APIs

DestroyAcceleratorTable.USER32 ref: 0042BD82
DestroyCursor.USER32(00000000), ref: 0042BE06
PostQuitMessage.USER32(00000000), ref: 0042BE3E

Strings

EK, xrefs: 0042BE25

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Destroy$AcceleratorCursorMessagePostQuitTable
String ID: EK
API String ID: 40448814-2869738666
Opcode ID: 6573a77c7a3606fc60257a7e731a068fb762e9f564825f021314a4437695015e
Instruction ID: b83788862f85a3e0553890cd7b11f395e50890115029fa107c6acfe7351d3dcc
Opcode Fuzzy Hash: 6573a77c7a3606fc60257a7e731a068fb762e9f564825f021314a4437695015e
Instruction Fuzzy Hash: 7321C9717002116BD724AB56EC45F9B73A8DF80704F95052FFD019B242EB68EC45C7B9

Uniqueness

Uniqueness Score: -1.00%

Function 0047EE47 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetMenuCheckMarkDimensions.USER32 ref: 0047EE53
7406A410.GDI32(?,?,00000001,00000001,?), ref: 0047EF02
LoadBitmapA.USER32 ref: 0047EF1A

Strings

, xrefs: 0047EE62

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: 7406A410BitmapCheckDimensionsLoadMarkMenu
String ID:
API String ID: 684335722-3916222277
Opcode ID: c47039119b41f23e4e75ab441dd3a8fca14194100161138f83aca86bf727ccdb
Instruction ID: e6de293c5c3fdaa44d34bf424176edfc01c6f5eb7cbaba2d27ea86a850735b58
Opcode Fuzzy Hash: c47039119b41f23e4e75ab441dd3a8fca14194100161138f83aca86bf727ccdb
Instruction Fuzzy Hash: D1219E72E00319AFEB10CB79CC85BEE7BB8EF84700F0046B6E505EB282D6749A44CB44

Uniqueness

Uniqueness Score: -1.00%

Function 0044FBB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 0044FC83

Part of subcall function 004771C1: GetWindowTextLengthA.USER32(?), ref: 004771CE
Part of subcall function 004771C1: GetWindowTextA.USER32 ref: 004771E6

GetParent.USER32(?), ref: 0044FC40
SendMessageA.USER32 ref: 0044FC65

Strings

tCJ, xrefs: 0044FBDD

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSendTextWindow$LengthParent
String ID: tCJ
API String ID: 484616098-3789860310
Opcode ID: 818263bf544219e05f5333b5ee467c3545908b3a02a25173c439d076be5b950b
Instruction ID: 9eac494b78ed1474221792d0d3f352e17c4bfac04d02e1707adf412dc2eaee77
Opcode Fuzzy Hash: 818263bf544219e05f5333b5ee467c3545908b3a02a25173c439d076be5b950b
Instruction Fuzzy Hash: 6B217CB1604741AFD324DF69C881B5BF7E4FB88B14F108A2EF99983780D778E8058B59

Uniqueness

Uniqueness Score: -1.00%

Function 0041F630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 0041F6C2
SendMessageA.USER32 ref: 0041F6E0
SendMessageA.USER32 ref: 0041F6F3

Strings

tCJ, xrefs: 0041F646

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: tCJ
API String ID: 3850602802-3789860310
Opcode ID: 7d4b6ea9c12528bb3b7837a68c529d0323c3f2316ee0f9951aa65fe11ac12f94
Instruction ID: b21bf5ed265e797d1d6d7220a2468cbe11f7995f6db612e80ce1d99be2d0929b
Opcode Fuzzy Hash: 7d4b6ea9c12528bb3b7837a68c529d0323c3f2316ee0f9951aa65fe11ac12f94
Instruction Fuzzy Hash: 2F217175204701ABC724DB28CC55FAB77A5EBC8720F108B1EF16A937E0DB78A8468755

Uniqueness

Uniqueness Score: -1.00%

Function 004176B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 00417706

Part of subcall function 004790F5: SetWindowTextA.USER32(?,0043184A), ref: 00479103

SendMessageA.USER32 ref: 00417723
SendMessageA.USER32 ref: 00417730

Strings

tCJ, xrefs: 004176C8

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$TextWindow
String ID: tCJ
API String ID: 1596935084-3789860310
Opcode ID: 8311130aede8d565f1f6934a93b9796418e8778e5f3bcfa26fa567f3bfadf3e4
Instruction ID: 6beafb9af5681f90f7dcc75f9da978b000ffe5c4d4c11fb5f391c40bc4be915b
Opcode Fuzzy Hash: 8311130aede8d565f1f6934a93b9796418e8778e5f3bcfa26fa567f3bfadf3e4
Instruction Fuzzy Hash: F6213AB1608345AFD320DF29C880A6BB7F9FBC9764F404A1EF5A993290C774A8058B56

Uniqueness

Uniqueness Score: -1.00%

Function 0044D1E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00472897: __EH_prolog.LIBCMT ref: 0047289C
Part of subcall function 00472897: lstrcpyn.KERNEL32(?,?,00000104), ref: 00472989

Part of subcall function 004729F9: lstrlen.KERNEL32(?,00000048,?,?,?,?,0041DBFD,00000000,00412204,00412204,?,?,00000000), ref: 00472A03
Part of subcall function 004729F9: GetFocus.USER32 ref: 00472A1E
Part of subcall function 004729F9: IsWindowEnabled.USER32(?), ref: 00472A47
Part of subcall function 004729F9: EnableWindow.USER32(?,00000000), ref: 00472A59
Part of subcall function 004729F9: 7583B9A0.COMDLG32(?,?,00000001), ref: 00472A84
Part of subcall function 004729F9: EnableWindow.USER32(?,00000001), ref: 00472AA2
Part of subcall function 004729F9: IsWindow.USER32(?), ref: 00472AA8
Part of subcall function 004729F9: SetFocus.USER32(?), ref: 00472AB6

Part of subcall function 00472AD4: __EH_prolog.LIBCMT ref: 00472AD9
Part of subcall function 00472AD4: GetParent.USER32(?), ref: 00472B16
Part of subcall function 00472AD4: SendMessageA.USER32 ref: 00472B3E
Part of subcall function 00472AD4: GetParent.USER32(?), ref: 00472B67
Part of subcall function 00472AD4: SendMessageA.USER32 ref: 00472B84

Part of subcall function 004790F5: SetWindowTextA.USER32(?,0043184A), ref: 00479103

Part of subcall function 00474DF3: InterlockedDecrement.KERNEL32(-000000F4), ref: 00474E07

SendMessageA.USER32 ref: 0044D28D
SendMessageA.USER32 ref: 0044D29C

Part of subcall function 00479230: SetFocus.USER32(?,0047D3E5), ref: 0047923A

Strings

prn, xrefs: 0044D20E
out.prn, xrefs: 0044D209

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$MessageSend$Focus$EnableH_prologParent$7583DecrementEnabledInterlockedTextlstrcpynlstrlen
String ID: out.prn$prn
API String ID: 247432649-3109735852
Opcode ID: 3d91cdcadcf3f9da7eeb85f5126d9529e6921faf875c8990851307853dc0f8ad
Instruction ID: b41965840c3eb2486568a163fc1f34b7a7eb8121ea939550a4b970d03a30dd96
Opcode Fuzzy Hash: 3d91cdcadcf3f9da7eeb85f5126d9529e6921faf875c8990851307853dc0f8ad
Instruction Fuzzy Hash: 54219F71148380ABD330EB14C846FEBBBA4AB94B10F108B1EB5A9562D1DBF865048796

Uniqueness

Uniqueness Score: -1.00%

Function 0047353D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53stringwindowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00473542
SendMessageA.USER32 ref: 0047358E
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00473597

Strings

tCJ, xrefs: 00473559

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologMessageSendlstrlen
String ID: tCJ
API String ID: 3754839358-3789860310
Opcode ID: e5c42c5493f2761b7db682c30ecc10ffe4a4feb3ebca142bded30802b3802e50
Instruction ID: 3217e17dc037157ad52cb88aac921bc36d4017aceed551a23221be9586c2684f
Opcode Fuzzy Hash: e5c42c5493f2761b7db682c30ecc10ffe4a4feb3ebca142bded30802b3802e50
Instruction Fuzzy Hash: BA118F72D00108EBCB00DF95EC80BDDBBB4FF88325F10812AF919AB191D7B49A04CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0046C428 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,?,00465E5D,?,?,?,00000000,00000001), ref: 0046C44B
LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,00465E5D,?,?,?,00000000,00000001), ref: 0046C461
LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,00465E5D,?,?,?,00000000,00000001), ref: 0046C494
LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,00465E5D,?,?,?,00000000,00000001), ref: 0046C4FC
WideCharToMultiByte.KERNEL32(?,00000220,?,00000000,?,?,00000000,00000000,?,00000000,?,?,00465E5D,?), ref: 0046C521

Strings

]^F, xrefs: 0046C440

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: String$ByteCharMultiWide
String ID: ]^F
API String ID: 352835431-547549326
Opcode ID: 7fb9dd4bcd14404a13aa96a1756abc89be43805a48eae09d980883d11df12faf
Instruction ID: 10f71e429de27572ae1a545531d78e0f7fd606ec6246b6369de851a33d5e2396
Opcode Fuzzy Hash: 7fb9dd4bcd14404a13aa96a1756abc89be43805a48eae09d980883d11df12faf
Instruction Fuzzy Hash: 05114C32900209AFCF22CF95DC84AEEBBB5FF88350F108156FA6562160E7369D60EB55

Uniqueness

Uniqueness Score: -1.00%

Function 00466B0D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

InterlockedIncrement.KERNEL32(004D2A5C), ref: 00466B33
InterlockedDecrement.KERNEL32(004D2A5C), ref: 00466B48

Strings

\*M, xrefs: 00466B2C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Interlocked$DecrementIncrement
String ID: \*M
API String ID: 2172605799-4259446723
Opcode ID: 9c78a0d2a46c6945e7fa1d9bf3feb87a464f534327ca0074e238317576ef356b
Instruction ID: efc5e6843077e9d6805fa331b46cd13b4bd12259bd85a1ea9aba63799b6446a2
Opcode Fuzzy Hash: 9c78a0d2a46c6945e7fa1d9bf3feb87a464f534327ca0074e238317576ef356b
Instruction Fuzzy Hash: 0FF0C832105262DBD720AF55ACC5A4B6B65EB90B15F16043FF100C5251EBA8A8818B6F

Uniqueness

Uniqueness Score: -1.00%

Function 00465E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

InterlockedIncrement.KERNEL32(004D2A5C), ref: 00465E32
InterlockedDecrement.KERNEL32(004D2A5C), ref: 00465E47

Strings

\*M, xrefs: 00465E2B

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Interlocked$DecrementIncrement
String ID: \*M
API String ID: 2172605799-4259446723
Opcode ID: 8a0ad5026636d35b4d426ceb406c619674c35b2801ecc7e7324303c9cfc54f9c
Instruction ID: 634fe7ae334e64c3f1adfad8d52d64b0407c16ef449c3cedff38c757ca0a1e42
Opcode Fuzzy Hash: 8a0ad5026636d35b4d426ceb406c619674c35b2801ecc7e7324303c9cfc54f9c
Instruction Fuzzy Hash: BCF0C232105742ABDA20AF65ECC594B7794EBA0315F10483FF100C5291EBAA9E82CA6F

Uniqueness

Uniqueness Score: -1.00%

Function 0045E000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 0045E009
ScreenToClient.USER32 ref: 0045E024
PostMessageA.USER32 ref: 0045E069

Strings

@, xrefs: 0045E056

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClientCursorMessagePostScreen
String ID: @
API String ID: 4019823077-2766056989
Opcode ID: ea02e06661cca65a026d00ed14678ae4130b5fd82de5dd799ffef3c5b004b94b
Instruction ID: a316a52c0d5fabafce9bdb447e529812df7eec06080c9d2505a8fc8ad73e3643
Opcode Fuzzy Hash: ea02e06661cca65a026d00ed14678ae4130b5fd82de5dd799ffef3c5b004b94b
Instruction Fuzzy Hash: A6F04B70604321AFCA24EF65D845A5F77A8AB84B41F008D1DF94597281E7B8EA098B9A

Uniqueness

Uniqueness Score: -1.00%

Function 0047113B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

APIs

InterlockedIncrement.KERNEL32(004D2A5C), ref: 00471147
InterlockedDecrement.KERNEL32(004D2A5C), ref: 0047115E

Part of subcall function 0046B414: RtlInitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046E171,00000009,00000000,00000000,00000001,00468B99,00000001,00000074,?,?,00000000,00000001), ref: 0046B451
Part of subcall function 0046B414: RtlEnterCriticalSection.KERNEL32(?,?,?,0046E171,00000009,00000000,00000000,00000001,00468B99,00000001,00000074,?,?,00000000,00000001), ref: 0046B46C

InterlockedDecrement.KERNEL32(004D2A5C), ref: 0047118A

Strings

\*M, xrefs: 00471140

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Interlocked$CriticalDecrementSection$EnterIncrementInitialize
String ID: \*M
API String ID: 2038102319-4259446723
Opcode ID: dfec82fd41ffbbc04711cfb2af63c068bee2368093abbfc6cd408ddb1496ba96
Instruction ID: 27ed7a504be4ddc4bd5d2656150bce83bcd2cf963fac0eea7c174ad87d3621cd
Opcode Fuzzy Hash: dfec82fd41ffbbc04711cfb2af63c068bee2368093abbfc6cd408ddb1496ba96
Instruction Fuzzy Hash: F5F0E93610121ABEE7102F99AC819DF3758DF88374F10C03FF6084D2618FB95982CAAD

Uniqueness

Uniqueness Score: -1.00%

Function 004712D4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

APIs

InterlockedIncrement.KERNEL32(004D2A5C), ref: 004712E0
InterlockedDecrement.KERNEL32(004D2A5C), ref: 004712F7

Part of subcall function 0046B414: RtlInitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046E171,00000009,00000000,00000000,00000001,00468B99,00000001,00000074,?,?,00000000,00000001), ref: 0046B451
Part of subcall function 0046B414: RtlEnterCriticalSection.KERNEL32(?,?,?,0046E171,00000009,00000000,00000000,00000001,00468B99,00000001,00000074,?,?,00000000,00000001), ref: 0046B46C

InterlockedDecrement.KERNEL32(004D2A5C), ref: 00471327

Strings

\*M, xrefs: 004712D9

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Interlocked$CriticalDecrementSection$EnterIncrementInitialize
String ID: \*M
API String ID: 2038102319-4259446723
Opcode ID: 250fb5f307f4ae0a9c3dbd1752aa5aadbf687deed76615c1afe9b8ddb9f99463
Instruction ID: 6ef3b542fde89d24dfadac5e82c0cddc37bb020fa67186d0b0090fbe88ca186e
Opcode Fuzzy Hash: 250fb5f307f4ae0a9c3dbd1752aa5aadbf687deed76615c1afe9b8ddb9f99463
Instruction Fuzzy Hash: E2F0B43250025AAFFB106F95AC819DF3758EF94364F04403BFA0849261DBB559528BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0047C2B1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27stringCOMMON

Download Yara Rule

APIs

GetWindowLongA.USER32 ref: 0047C2C2
GetClassNameA.USER32(00000000,?,0000000A), ref: 0047C2DD
lstrcmpi.KERNEL32 ref: 0047C2EC

Strings

combobox, xrefs: 0047C2E6

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClassLongNameWindowlstrcmpi
String ID: combobox
API String ID: 2054663530-2240613097
Opcode ID: 5eb3810eb8d9e9f0dc99461c231446e5dbeb462d89e2a2191d0ea405ef1b8db0
Instruction ID: 6d46f8dab0d7202ac17ec419dfea44dafc3b8177a5da6623555964ec979b7fe0
Opcode Fuzzy Hash: 5eb3810eb8d9e9f0dc99461c231446e5dbeb462d89e2a2191d0ea405ef1b8db0
Instruction Fuzzy Hash: E3E0E531954109BBCF006FA0CC49F9E3768EB10301F108935B416E50E1D738E245CB49

Uniqueness

Uniqueness Score: -1.00%

Function 0047F595 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

RtlDeleteCriticalSection.KERNEL32(004D23B0,?,?,?,004720F8,00000000,00000001), ref: 0047F5BB
RtlDeleteCriticalSection.KERNEL32(004D23C8,?,?,?,004720F8,00000000,00000001), ref: 0047F5CD

Strings

h#M, xrefs: 0047F5BD
`%M, xrefs: 0047F5D7

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalDeleteSection
String ID: `%M$h#M
API String ID: 166494926-1049129819
Opcode ID: 791d58f1f13f60e619ca45831a7d282430ae5a3bcc59d483acac444421c023db
Instruction ID: b9a0b505a2ccf52c54545099d5b785e563e916e2e63e9d67c6a8b9bf2246644e
Opcode Fuzzy Hash: 791d58f1f13f60e619ca45831a7d282430ae5a3bcc59d483acac444421c023db
Instruction Fuzzy Hash: 85E09231401304BBD6204F28FEB4B8973A8F761362F55813BE8055126293FC0E88C798

Uniqueness

Uniqueness Score: -1.00%

Function 00468F89 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(KERNEL32,00464261), ref: 00468F8E
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00468F9E

Strings

IsProcessorFeaturePresent, xrefs: 00468F98
KERNEL32, xrefs: 00468F89

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: fc5bb61316a0a446db2b00686ac5b504fd7418dc4f7e2ece4415b462384aa305
Instruction ID: c7ce2e2d0049ba2727801dba15d7e3d50d8fa2a7947443ef8621e42fd06c380e
Opcode Fuzzy Hash: fc5bb61316a0a446db2b00686ac5b504fd7418dc4f7e2ece4415b462384aa305
Instruction Fuzzy Hash: A5C0123034430299D91C77F14C09F1E13451B40B51F140E3E6809D1181EE58C005632E

Uniqueness

Uniqueness Score: -1.00%

Function 00438BC0 Relevance: 6.2, APIs: 4, Instructions: 246COMMON

Download Yara Rule

APIs

midiStreamOpen.WINMM(-00000195,-0000016D,00000001,004391F0,-000001B1,00030000,?,-000001B1,?,00000000), ref: 00438BEB
midiStreamProperty.WINMM ref: 00438CD2
midiOutPrepareHeader.WINMM(?,?,00000040,00000001,?,?,-000001B1,?,00000000), ref: 00438E20

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: midi$Stream$HeaderOpenPrepareProperty
String ID:
API String ID: 2061886437-0
Opcode ID: b57c86b45957890b2efd8683f4dae69f7b75115d7e666ef7fdf332f3bb9bd0b0
Instruction ID: cc145726a7a1e8b08726e02cbf1af71e7fa8805b831f1c837d97e4563ddba9c9
Opcode Fuzzy Hash: b57c86b45957890b2efd8683f4dae69f7b75115d7e666ef7fdf332f3bb9bd0b0
Instruction Fuzzy Hash: 2BA16B716006068FD724DF28D890BAAB7F6FB88304F10492EE686C7751EB35F919CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0046F59E Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(000001D0,000001D0,00000000,000001D0,00000000,00000000,00000000,00000000), ref: 0046F618
GetLastError.KERNEL32 ref: 0046F622
ReadFile.KERNEL32(?,?,00000001,000001D0,00000000), ref: 0046F6E8
GetLastError.KERNEL32 ref: 0046F6F2

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLastRead
String ID:
API String ID: 1948546556-0
Opcode ID: 5c87182d3b0eba443b2351c50d0f32d72832828fb1d096ed3e09fde160427406
Instruction ID: 89f59e61ae4567893365f22ad1f5e9104fdbaad9d32b44ea7b850e74ea195e26
Opcode Fuzzy Hash: 5c87182d3b0eba443b2351c50d0f32d72832828fb1d096ed3e09fde160427406
Instruction Fuzzy Hash: 9851CA346043859FDF218F58E884B9A7BB0AF16305F5444BBE4E587361E378994ACB1B

Uniqueness

Uniqueness Score: -1.00%

Function 00436410 Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 532f4dcdd722d89d515b8aaa76aa17d2ae0b5d40b1b483310031da8808a81501
Instruction ID: 5306a6987627ae706bd9e669e22a5535c7d9808ab8679896ad3d4dc191ed6526
Opcode Fuzzy Hash: 532f4dcdd722d89d515b8aaa76aa17d2ae0b5d40b1b483310031da8808a81501
Instruction Fuzzy Hash: 93512CB1508301AFC220EF65D8858AFF7E8EED9314F108E2EF59583251D779E909CB66

Uniqueness

Uniqueness Score: -1.00%

Function 00449040 Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(?), ref: 0044907E
7406AC50.USER32(?,00000000), ref: 004491E2
7406B380.USER32(?,?), ref: 00449206
DeleteObject.GDI32(?), ref: 00449238

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: 7406DeleteObject$B380
String ID:
API String ID: 1495672834-0
Opcode ID: 5a9b532b06d7105024a8a25ba9562f2fcbe8839b4cc93d625b821438c8ea375e
Instruction ID: 0a8b1a2f096ead8ffb66fcc283b281cc5b3a3d030ec5a4e4d5f6090ce9c53e3c
Opcode Fuzzy Hash: 5a9b532b06d7105024a8a25ba9562f2fcbe8839b4cc93d625b821438c8ea375e
Instruction Fuzzy Hash: D4516BB1A002049BEF14DF288884B9B7BE5BB94310F0885BAEC5DCF306DB749D49CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00424E00 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 00424E74
GetParent.USER32(?), ref: 00424EC4
IsWindow.USER32(?), ref: 00424EE4
SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000013), ref: 00424F5F

Part of subcall function 004791C7: ShowWindow.USER32(?,?,00479D8B,?,?,?,00000363,00000001,00000000,?,?,?,004795EC,?), ref: 004791D5

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$ParentShow
String ID:
API String ID: 2052805569-0
Opcode ID: a4cf37739261c1720168e05f507234ede5b5d686a798665ca819ffaf13f26329
Instruction ID: 67e65eba28acf5315eff77ef85b08eb57e2495b67cfb466276295eea7452fefe
Opcode Fuzzy Hash: a4cf37739261c1720168e05f507234ede5b5d686a798665ca819ffaf13f26329
Instruction Fuzzy Hash: 5541BF717007216BD320EE61AD81BABB3E8EFC4754F45452EFD049B381D778E8098BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0046F8B4 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,00000000,00000000,00000001,?,?), ref: 0046F97B

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 42daf25ab2e5db6001031655035c8e2caf714a078ca5fb2b381eb4c4b6da85f8
Instruction ID: 8455d8390e46a39081eb821bb5ed436f3a931361380c127d9112ecf78b76d954
Opcode Fuzzy Hash: 42daf25ab2e5db6001031655035c8e2caf714a078ca5fb2b381eb4c4b6da85f8
Instruction Fuzzy Hash: 4851C271900248EFCB11CFA8D880B9E7BB0FF41344F1581ABE859DB251E734DA49CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0041A0E0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 516e9e4748d4854abd8142971a99128c86d35e84d59e47649c0b97382ba3f97b
Instruction ID: 89c368a34e6514d7724c48bbd55e3fd0557bce90f93a068c813a253cce3c6573
Opcode Fuzzy Hash: 516e9e4748d4854abd8142971a99128c86d35e84d59e47649c0b97382ba3f97b
Instruction Fuzzy Hash: 29319072314601AFD720DF69EC41B9B73A5EB84714F008C2EF546DB281E779EC9287A6

Uniqueness

Uniqueness Score: -1.00%

Function 0044F5B0 Relevance: 6.1, APIs: 4, Instructions: 100windowCOMMON

Download Yara Rule

APIs

CreateSolidBrush.GDI32(?), ref: 0044F63A
SendMessageA.USER32 ref: 0044F67E
SendMessageA.USER32 ref: 0044F6B4
SendMessageA.USER32 ref: 0044F6C3

Part of subcall function 004790F5: SetWindowTextA.USER32(?,0043184A), ref: 00479103

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$BrushCreateSolidTextWindow
String ID:
API String ID: 3501373727-0
Opcode ID: 380b0b10357259a1349fd1b68d1fc94bfd5e2894337715a94c8250dfaafc7dc6
Instruction ID: d1e1d74dac5534b939db1d5a714a1630905732cfab39b41960a8e189e56b1bfa
Opcode Fuzzy Hash: 380b0b10357259a1349fd1b68d1fc94bfd5e2894337715a94c8250dfaafc7dc6
Instruction Fuzzy Hash: 663157B0604740AFD314DF19C841B2AF7E5EB88B14F008A1EF59987791DBB9E804CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0045E700 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0045E715
SendMessageA.USER32 ref: 0045E74C
SendMessageA.USER32 ref: 0045E7B2
ClientToScreen.USER32(?,?), ref: 0045E7DE

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$ClientScreenWindow
String ID:
API String ID: 4074774880-0
Opcode ID: cf9d624786084ac08702668b39a5d223e395b68e69355c0ac50f90ea4290ab76
Instruction ID: 796697b692aa965015531b81e23992313089d6cfd537773363ef9d7d585d02b5
Opcode Fuzzy Hash: cf9d624786084ac08702668b39a5d223e395b68e69355c0ac50f90ea4290ab76
Instruction Fuzzy Hash: 42318BB16087019FD328DF29D880A1BB7E9EBC8745F00892EF94583381D774E9098F6A

Uniqueness

Uniqueness Score: -1.00%

Function 0047C88F Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047CA07: GetParent.USER32(?), ref: 0047CA3A
Part of subcall function 0047CA07: GetLastActivePopup.USER32(?), ref: 0047CA49
Part of subcall function 0047CA07: IsWindowEnabled.USER32(?), ref: 0047CA5E
Part of subcall function 0047CA07: EnableWindow.USER32(?,00000000), ref: 0047CA71

SendMessageA.USER32 ref: 0047C8C5
GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,00000000), ref: 0047C933
MessageBoxA.USER32 ref: 0047C941
EnableWindow.USER32(00000000,00000001), ref: 0047C95D

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$EnableMessage$ActiveEnabledFileLastModuleNameParentPopupSend
String ID:
API String ID: 1958756768-0
Opcode ID: b07bce46bf6d7e794b22740b96a70f47ccd478a416f8392c13ba2594ecb778a5
Instruction ID: fa3c7782eca4bb176dc7a34dd4741e727d5127de6ca1c79dd80baafb3a44fc12
Opcode Fuzzy Hash: b07bce46bf6d7e794b22740b96a70f47ccd478a416f8392c13ba2594ecb778a5
Instruction Fuzzy Hash: EC21A2B2A00209AFDB209F94CCC2BEEB7B5FB44751F15842EF608E3280D7759E408B65

Uniqueness

Uniqueness Score: -1.00%

Function 004793E0 Relevance: 6.1, APIs: 4, Instructions: 85stringtimeCOMMON

Download Yara Rule

APIs

lstrcpyn.KERNEL32(004793DC,?,00000104,?,?,?,?,?,?,?,004793CA,?), ref: 0047940A
GetFileTime.KERNEL32(00000000,004793CA,?,?,?,?,?,?,?,?,?,004793CA,?), ref: 0047942B
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,004793CA,?), ref: 0047943A
GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,004793CA,?), ref: 0047945B

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$AttributesSizeTimelstrcpyn
String ID:
API String ID: 1499663573-0
Opcode ID: 5e070dc81316c3bfe040e30af0c7b0c6c560ac18dee7dddbe808bd4b2c91fa3c
Instruction ID: 57036c166be9f77bf089985ac6dad26bcc06927b9031720a31e01a01f8232edf
Opcode Fuzzy Hash: 5e070dc81316c3bfe040e30af0c7b0c6c560ac18dee7dddbe808bd4b2c91fa3c
Instruction Fuzzy Hash: 49318072504205AFC720DFA1CC85EEBB7B8BB14314F10892EE15AC7290EB74A989CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00420B10 Relevance: 6.1, APIs: 4, Instructions: 84windowCOMMON

Download Yara Rule

APIs

GetMessagePos.USER32 ref: 00420BA8
ScreenToClient.USER32 ref: 00420BCA
ChildWindowFromPointEx.USER32(?,?,?,00000005), ref: 00420BE0
GetFocus.USER32 ref: 00420BEB

Part of subcall function 00479230: SetFocus.USER32(?,0047D3E5), ref: 0047923A

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Focus$ChildClientFromMessagePointScreenWindow
String ID:
API String ID: 3117237277-0
Opcode ID: e9ca6eb6b8363c8018114efcba03993b53dd862e1b111b01fffbee73b604db34
Instruction ID: ae42dd532754a73838422764c4f12771b7eeed9f5f147c5d60aca474074c7bf9
Opcode Fuzzy Hash: e9ca6eb6b8363c8018114efcba03993b53dd862e1b111b01fffbee73b604db34
Instruction Fuzzy Hash: B521E6B13006127BD714AB25DD41F6F73A9AFC0708F04862EF94587282DB38F846C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 00464106 Relevance: 6.1, APIs: 4, Instructions: 81COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32 ref: 0046412C

Part of subcall function 00468D50: HeapCreate.KERNELBASE(00000000,00001000,00000000,00464164,00000001), ref: 00468D61
Part of subcall function 00468D50: HeapDestroy.KERNEL32 ref: 00468DA0

GetCommandLineA.KERNEL32 ref: 0046418C
GetStartupInfoA.KERNEL32(?), ref: 004641B7
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004641DA

Part of subcall function 00464233: ExitProcess.KERNEL32 ref: 00464250

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
String ID:
API String ID: 2057626494-0
Opcode ID: 55befaed2d22ac4b36578c3586deaf7d3fe475a77f31134a7de66b5f3e8edbf8
Instruction ID: dda6e8374589010dc2b5aecfd91a315540183ddb0928938e01c2df697285d14f
Opcode Fuzzy Hash: 55befaed2d22ac4b36578c3586deaf7d3fe475a77f31134a7de66b5f3e8edbf8
Instruction Fuzzy Hash: 9321B4B0900705AEDB08AFB5ED19BAD7BB8AF55704F10062FF905962A1FF784940C76A

Uniqueness

Uniqueness Score: -1.00%

Function 00450790 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 004507B9
SystemParametersInfoA.USER32 ref: 00450813
CreateFontIndirectA.GDI32(?), ref: 00450821
7406A8F0.GDI32(00000300,00000000), ref: 00450879

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: System$7406CreateFontIndirectInfoMetricsParameters
String ID:
API String ID: 3627359522-0
Opcode ID: fdc8722daeed68e315d3cdf7863fe360b9e193d17c54b7cbda6711696501ca74
Instruction ID: 9bb7fc3989be5cf63a210edfbec1ae3c2f29ccce1e3c9062a6ca55c20b3feaf3
Opcode Fuzzy Hash: fdc8722daeed68e315d3cdf7863fe360b9e193d17c54b7cbda6711696501ca74
Instruction Fuzzy Hash: 1831BFB40047408FD320DF29D888A9BFBF4FF85308F40896EE59A8B751DB75A408CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00421420 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

StartPage.GDI32(?), ref: 00421465
EndPage.GDI32(?), ref: 0042148B

Part of subcall function 0042F0D0: wsprintfA.USER32 ref: 0042F0DF

Part of subcall function 004790F5: SetWindowTextA.USER32(?,0043184A), ref: 00479103

UpdateWindow.USER32(?), ref: 004214DA
EndPage.GDI32(?), ref: 004214F2

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Page$Window$StartTextUpdatewsprintf
String ID:
API String ID: 104827578-0
Opcode ID: 6d2e5a754ea66ef6a952061807e9861858900598ea5a51feac6d04fac46e6d8f
Instruction ID: 19bda72ad1bd158899e6487db1f483dc6aab0bbd95e5c3295ac0b5e7168c77d2
Opcode Fuzzy Hash: 6d2e5a754ea66ef6a952061807e9861858900598ea5a51feac6d04fac46e6d8f
Instruction Fuzzy Hash: 84214171701B119BC2249F7ADC88A9BB7E4EFD4705F50882EE59FC6220EA34A4458B59

Uniqueness

Uniqueness Score: -1.00%

Function 00461790 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

Part of subcall function 00461870: GetTopWindow.USER32(7515CC50), ref: 0046187D
Part of subcall function 00461870: IsWindowVisible.USER32(00000000), ref: 00461892
Part of subcall function 00461870: GetTopWindow.USER32(00000000), ref: 0046189D
Part of subcall function 00461870: GetWindow.USER32(00000000,00000002), ref: 004618B8

GetWindowRect.USER32 ref: 004617F8
IntersectRect.USER32 ref: 00461805
IsRectEmpty.USER32(?), ref: 00461810

Part of subcall function 0047B62A: ScreenToClient.USER32 ref: 0047B63E
Part of subcall function 0047B62A: ScreenToClient.USER32 ref: 0047B647

7406B330.USER32(?,00000705,00000000,00000705,?,?,?,?,?,7515CC50,?,?,004834A8,000000FF,00461776,?), ref: 00461839

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Rect$ClientScreen$7406B330EmptyIntersectVisible
String ID:
API String ID: 3574057950-0
Opcode ID: 2380c2f83506588e5b0006882b3f17b3b1b4f33e1d7ccc2db7696169cf1f3f1e
Instruction ID: aea88bb8975c33675bda6a5c7536d442f44e43ce673fe0ee1412f5196b303603
Opcode Fuzzy Hash: 2380c2f83506588e5b0006882b3f17b3b1b4f33e1d7ccc2db7696169cf1f3f1e
Instruction Fuzzy Hash: 73216072108742ABC300EF54D985FAFB7A8FBC4B24F444E1DF14597190E778A9098BAB

Uniqueness

Uniqueness Score: -1.00%

Function 004178C0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetParent.USER32(000000D0), ref: 004178EC
GetParent.USER32(?), ref: 00417901
SetParent.USER32(?,?), ref: 0041791F
GetWindowRect.USER32 ref: 00417934

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Parent$RectWindow
String ID:
API String ID: 2276825053-0
Opcode ID: a0a69933c424b3268c90fe66fb5ab4084ebe46d0fcf8b2433ae5d7a9dc8fc4e9
Instruction ID: 6888a8688736186cf457e585b3017ab19090ca135f72d98b7088f3c52737cbbf
Opcode Fuzzy Hash: a0a69933c424b3268c90fe66fb5ab4084ebe46d0fcf8b2433ae5d7a9dc8fc4e9
Instruction Fuzzy Hash: E911A2B92007065FE724EF69D844DABB3BDEB84354F00891EB84587301DA78EC0A8774

Uniqueness

Uniqueness Score: -1.00%

Function 00470AED Relevance: 6.1, APIs: 4, Instructions: 67COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 00470B1C
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,?,00000000,00000000), ref: 00470B2F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 00470B7B
CompareStringW.KERNEL32(004543E6,00000000,00000000,00000000,?,00000000,?,00000000), ref: 00470B93

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide$CompareString
String ID:
API String ID: 376665442-0
Opcode ID: a61cb747295afe1d29deb5e6bc71e2915ba7f49352f2e00e91ddc858ee38fc37
Instruction ID: 70b41de9d99b9c936e808b92c60e0efff2129451468a905618a42962f8807ce1
Opcode Fuzzy Hash: a61cb747295afe1d29deb5e6bc71e2915ba7f49352f2e00e91ddc858ee38fc37
Instruction Fuzzy Hash: D021073291121AEFCF218FD4DD85DDEBFB5FB48364F10856AFA1862160C3369A21DB94

Uniqueness

Uniqueness Score: -1.00%

Function 00462390 Relevance: 6.1, APIs: 4, Instructions: 63windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 004623ED
SendMessageA.USER32 ref: 00462406
GetStockObject.GDI32(00000011), ref: 00462411
SendMessageA.USER32 ref: 00462424

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$ObjectStock
String ID:
API String ID: 1309931672-0
Opcode ID: b84625d65a7268a7fbf4ea183e8a153997f8a598c1ae55c0d265fc340832acdb
Instruction ID: 3cdb7c7fe1491e4a2246c7dc36f58000de96765254b5b26eae2606c39b595786
Opcode Fuzzy Hash: b84625d65a7268a7fbf4ea183e8a153997f8a598c1ae55c0d265fc340832acdb
Instruction Fuzzy Hash: 69117C32301611BBC614DF14E940F9B73A9EBC8B11F04481EFA049B280DBB4EC42CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00414E30 Relevance: 6.1, APIs: 4, Instructions: 63windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 00414E8D
SendMessageA.USER32 ref: 00414EA6
GetStockObject.GDI32(00000011), ref: 00414EB1
SendMessageA.USER32 ref: 00414EC4

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$ObjectStock
String ID:
API String ID: 1309931672-0
Opcode ID: 30c9bc97aa84d302ded9846a47ea7097b646d6273a89405277107318a9b0b199
Instruction ID: 0d3caf4929c0f3d5e77475092a287cb25028a30f4abb837ec2ce51f6cdbae7cc
Opcode Fuzzy Hash: 30c9bc97aa84d302ded9846a47ea7097b646d6273a89405277107318a9b0b199
Instruction Fuzzy Hash: 77114936301311ABDA64DF55E854F9B73A9BBC8B11F04881EB6059B680D774EC42CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0047E7FC Relevance: 6.1, APIs: 4, Instructions: 62COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.KERNEL32(?), ref: 0047E859
RtlLeaveCriticalSection.KERNEL32(?,?), ref: 0047E869
LocalFree.KERNEL32(?), ref: 0047E872
TlsSetValue.KERNEL32(?,00000000), ref: 0047E888

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$EnterFreeLeaveLocalValue
String ID:
API String ID: 2949335588-0
Opcode ID: 9001d56e6fcd5025e3205e0740d9699323ed2d138c4c81dfa3ee00e23e56a189
Instruction ID: 3b4a74d1d241e5a1937b2799cb6ff59f546d8c20d74b60e8d35a1e80d92c5600
Opcode Fuzzy Hash: 9001d56e6fcd5025e3205e0740d9699323ed2d138c4c81dfa3ee00e23e56a189
Instruction Fuzzy Hash: 3821AC31600201EFD724AF4AC844FAE77A4FF89741F05C5AEE9468B2A1C779E841CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00423350 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON

Download Yara Rule

APIs

GetTopWindow.USER32(?), ref: 0042335D

Part of subcall function 00423190: IsChild.USER32(?,?), ref: 0042320D
Part of subcall function 00423190: GetParent.USER32(?), ref: 00423227

SendMessageA.USER32 ref: 004233B6
SendMessageA.USER32 ref: 004233C6
GetWindow.USER32(00000000,00000002), ref: 004233CB

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSendWindow$ChildParent
String ID:
API String ID: 1043810220-0
Opcode ID: 4efbf542ec7a36d986d5509c7275c34521b603600415a349c39a5f9209bdc486
Instruction ID: 62e5cfa713195180d8e93dbb588bfa958e0d031af501ed926d0b70519fe9f150
Opcode Fuzzy Hash: 4efbf542ec7a36d986d5509c7275c34521b603600415a349c39a5f9209bdc486
Instruction Fuzzy Hash: EE01923238172236E2319A25AC46F6F626C5F41F11F540526FB00EA2D0DE98EF00826D

Uniqueness

Uniqueness Score: -1.00%

Function 004478E0 Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 004478FB
SendMessageA.USER32 ref: 00447925
SendMessageA.USER32 ref: 00447939
SendMessageA.USER32 ref: 0044795C

Part of subcall function 0047911C: GetDlgCtrlID.USER32 ref: 00479126

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CtrlParent
String ID:
API String ID: 1383977212-0
Opcode ID: 59c9204ab0794a93c93e40dbf29aa27a5fe6b63c21b569914e0eb5104900fd07
Instruction ID: 341732ae6811d7550cd1959b4e45aefb4fae0f6a8802f9c2e20e30f991b2dbc3
Opcode Fuzzy Hash: 59c9204ab0794a93c93e40dbf29aa27a5fe6b63c21b569914e0eb5104900fd07
Instruction Fuzzy Hash: 910184B620061A3BF5106A6A8C86D6FB6ADEBC4B05B50851EB20487681CF69EC02876C

Uniqueness

Uniqueness Score: -1.00%

Function 0046CCCA Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlReAllocateHeap.KERNEL32(00000000,00000050,00000000,00000000,0046CA92,00000000,00000000,00000000,00465A73,00000000,00000000,?,00000000,00000000,00000000), ref: 0046CCF2
RtlAllocateHeap.KERNEL32(00000008,000041C4,00000000,00000000,0046CA92,00000000,00000000,00000000,00465A73,00000000,00000000,?,00000000,00000000,00000000), ref: 0046CD26
VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 0046CD40
HeapFree.KERNEL32(00000000,?), ref: 0046CD57

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Heap$Allocate$AllocFreeVirtual
String ID:
API String ID: 94566200-0
Opcode ID: 2cf0bef4895a2b03dedceaf85cfcaba973c2436dd36473461ea2a0d86d607349
Instruction ID: b76449f33c8cf5e3e904065077319ec4b001f8fb28642d16bce319981501bc58
Opcode Fuzzy Hash: 2cf0bef4895a2b03dedceaf85cfcaba973c2436dd36473461ea2a0d86d607349
Instruction Fuzzy Hash: BB112B31201602AFC7318F29ED859267BB6FBA57507114A3FF1A2C76B0D3B19842CB1C

Uniqueness

Uniqueness Score: -1.00%

Function 004754A8 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 004754DC
GetCurrentProcess.KERNEL32(?,00000000), ref: 004754E2
DuplicateHandle.KERNEL32(00000000), ref: 004754E5
GetLastError.KERNEL32(00000000), ref: 004754FF

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentProcess$DuplicateErrorHandleLast
String ID:
API String ID: 3907606552-0
Opcode ID: 56c97b44816492a2977ca967c2481d506e1ac13dba374c01bf9bab1efd30b458
Instruction ID: ec0a5fafc688087f4c235ae9171e041839aa24b36803a058c883334bf9307bae
Opcode Fuzzy Hash: 56c97b44816492a2977ca967c2481d506e1ac13dba374c01bf9bab1efd30b458
Instruction Fuzzy Hash: 760188317002017BDB109BAADC49F9E77ADEFC4761F14852AF918DB291E6B4EC408764

Uniqueness

Uniqueness Score: -1.00%

Function 00473B91 Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

WindowFromPoint.USER32(?,?), ref: 00473BA9
GetParent.USER32(00000000), ref: 00473BB6
ScreenToClient.USER32 ref: 00473BD7
IsWindowEnabled.USER32(00000000), ref: 00473BF0

Part of subcall function 0047C2B1: GetWindowLongA.USER32 ref: 0047C2C2

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$ClientEnabledFromLongParentPointScreen
String ID:
API String ID: 2204725058-0
Opcode ID: b67d357af68710116f3d8d919fbbe901c1b0abbb6743d4761ddcaef06595b25a
Instruction ID: fda00c422927bf396239f8caf3a67a9524fcaa7a2ec433a7a86a2b77b24c03dc
Opcode Fuzzy Hash: b67d357af68710116f3d8d919fbbe901c1b0abbb6743d4761ddcaef06595b25a
Instruction Fuzzy Hash: 7101D436600506BB87029F999C05DEF7BB9EF85701704806EF509D7311EB38EE009758

Uniqueness

Uniqueness Score: -1.00%

Function 00477E60 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 00477E6B
GetTopWindow.USER32(00000000), ref: 00477E7E
GetTopWindow.USER32(?), ref: 00477EAE
GetWindow.USER32(00000000,00000002), ref: 00477EC9

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Item
String ID:
API String ID: 369458955-0
Opcode ID: 9b9b66ea578c8d1825a0d22d92d9bb3cbb59d6a951e2a23240a380f23dcce895
Instruction ID: 9c5ddbc9ebc95a946eeae19e920d3a52b991b750445dc6029e24938fcc46b3d3
Opcode Fuzzy Hash: 9b9b66ea578c8d1825a0d22d92d9bb3cbb59d6a951e2a23240a380f23dcce895
Instruction Fuzzy Hash: D801443210561AB78B222F619C04EDF3B5AAF45754B41C4A7FD0895211E739CD119AA9

Uniqueness

Uniqueness Score: -1.00%

Function 00477ED9 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON

Download Yara Rule

APIs

GetTopWindow.USER32(?), ref: 00477EE7
SendMessageA.USER32 ref: 00477F1D
GetTopWindow.USER32(00000000), ref: 00477F2A
GetWindow.USER32(00000000,00000002), ref: 00477F48

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$MessageSend
String ID:
API String ID: 1496643700-0
Opcode ID: e3d239840609e09337617b8148d294e6af29c44c57d871201e5104c0c9ccaa7b
Instruction ID: ea4dccacd63f79c5c4ffab94fab9c0c6048398dfad63ee9bf842a822e4b002f7
Opcode Fuzzy Hash: e3d239840609e09337617b8148d294e6af29c44c57d871201e5104c0c9ccaa7b
Instruction Fuzzy Hash: 93012D3200511ABBCF126FA1ED04EDF3B2AEF44350F458416FA0851160D73AC921EBAA

Uniqueness

Uniqueness Score: -1.00%

Function 004799BF Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON

Download Yara Rule

APIs

EnableMenuItem.USER32 ref: 004799E7
GetFocus.USER32 ref: 004799FA
GetParent.USER32(?), ref: 00479A08
GetNextDlgTabItem.USER32 ref: 00479A24

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Item$EnableFocusMenuNextParent
String ID:
API String ID: 988757621-0
Opcode ID: 3cea76691a35cf33263719ba2683d286787f6471d15145a9b806a6d03fb7975d
Instruction ID: 55bf8821dca60080971f03936a949faf30376f216042528f4ec581bc8332a93a
Opcode Fuzzy Hash: 3cea76691a35cf33263719ba2683d286787f6471d15145a9b806a6d03fb7975d
Instruction Fuzzy Hash: E9118271100641AFCB289F24DC19FAA77B5AF50314F10892EF146866A1D738EC41CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0047CC33 Relevance: 6.0, APIs: 4, Instructions: 44registryCOMMON

Download Yara Rule

APIs

RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?), ref: 0047CC5F
RegCloseKey.ADVAPI32(00000000,?,?), ref: 0047CC68
wsprintfA.USER32 ref: 0047CC84
WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 0047CC9D

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClosePrivateProfileStringValueWritewsprintf
String ID:
API String ID: 1902064621-0
Opcode ID: 9eafc0805d835f450588df55f915819136f997446e0986185526b696f2872c05
Instruction ID: 30bc714c9b08c4c6ccd4472cceb218c318e11b944e223a1f1a5088e1663650ed
Opcode Fuzzy Hash: 9eafc0805d835f450588df55f915819136f997446e0986185526b696f2872c05
Instruction Fuzzy Hash: 1F01627240061ABFCB125F64DC09FEF3BA8FF45714F04492AFB19A6190D774D5208B98

Uniqueness

Uniqueness Score: -1.00%

Function 004785C8 Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

GetObjectA.GDI32(00000000,0000000C,?), ref: 00478606
SetBkColor.GDI32(00000000,00000000), ref: 00478612
GetSysColor.USER32(00000008), ref: 00478622
SetTextColor.GDI32(00000000,?), ref: 0047862C

Part of subcall function 0047C2B1: GetWindowLongA.USER32 ref: 0047C2C2

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Color$LongObjectTextWindow
String ID:
API String ID: 2871169696-0
Opcode ID: 9a39a9163c548980f05334b98e4eef960812a612d9bed48064c8d2973e3f82cc
Instruction ID: 34a062cbb9d77ca85221620ce798735be2ef2e475a9e64b51adef7b5fff3ecf8
Opcode Fuzzy Hash: 9a39a9163c548980f05334b98e4eef960812a612d9bed48064c8d2973e3f82cc
Instruction Fuzzy Hash: 0A014B31180109BBDF215F64DC4DAEF3B65AB02380F10852AF90AD46E0DB79CD92DB59

Uniqueness

Uniqueness Score: -1.00%

Function 0044DC40 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0044DC83
wsprintfA.USER32 ref: 0044DC99

Strings

gfff, xrefs: 0044DC4B
%d.%d, xrefs: 0044DC93

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf
String ID: %d.%d$gfff
API String ID: 2111968516-3773932281
Opcode ID: 0f9feb9bd5bc3c878a96b2069b7df59393d3a358f9e2232dcd7128f301d95198
Instruction ID: 5a9e6f0c6c15bd2adab9d764c119cb031743c628f5a53c409df939fe5e73ea04
Opcode Fuzzy Hash: 0f9feb9bd5bc3c878a96b2069b7df59393d3a358f9e2232dcd7128f301d95198
Instruction Fuzzy Hash: F3F059B1B0021117CB4C992EBC09E1F2A9AABEA714F05C83FF548CB390D560DC11826A

Uniqueness

Uniqueness Score: -1.00%

Function 00471EB5 Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(004D29A8,00000001), ref: 00471EDD
RtlInitializeCriticalSection.KERNEL32(004D2990,?,?,?,00471E74), ref: 00471EE8
RtlEnterCriticalSection.KERNEL32(004D2990,?,?,?,00471E74), ref: 00471F27

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$EnterExchangeInitializeInterlocked
String ID:
API String ID: 3643093385-0
Opcode ID: 1c6e86ca1da377dc84b301c043096bd525f4d2fef05bc4e8dc8789351e1d0884
Instruction ID: b9a440e337e9bed01d165df241d90d264daf0278c84c92f089efc687efd15eb4
Opcode Fuzzy Hash: 1c6e86ca1da377dc84b301c043096bd525f4d2fef05bc4e8dc8789351e1d0884
Instruction Fuzzy Hash: 0FF0C8B134A301BFD6114B5C6E95B9B3764F7A07A2F3048BBF509C1271D3E98841971E

Uniqueness

Uniqueness Score: -1.00%

Function 0047B6EA Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

GetWindowExtEx.GDI32(?,?), ref: 0047B6FB
GetViewportExtEx.GDI32(?,?), ref: 0047B708
MulDiv.KERNEL32(?,00000000,00000000), ref: 0047B72D
MulDiv.KERNEL32(?,00000000,00000000), ref: 0047B748

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ViewportWindow
String ID:
API String ID: 1589084482-0
Opcode ID: 9052eea261aa2be04227296cdadf2c019948871d8cab2029a0de2d34c046dca1
Instruction ID: e6dba837210c6a437b2683297c80481ca054a59886bafddc9f6cebe3e3ae42c3
Opcode Fuzzy Hash: 9052eea261aa2be04227296cdadf2c019948871d8cab2029a0de2d34c046dca1
Instruction Fuzzy Hash: E2F01972400509BFEF116F69EC0ACAEBBBDEF803287104C2EF95192171EB716D609B58

Uniqueness

Uniqueness Score: -1.00%

Function 0047B753 Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

GetWindowExtEx.GDI32(?,?), ref: 0047B764
GetViewportExtEx.GDI32(?,?), ref: 0047B771
MulDiv.KERNEL32(?,00000000,00000000), ref: 0047B796
MulDiv.KERNEL32(?,00000000,00000000), ref: 0047B7B1

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ViewportWindow
String ID:
API String ID: 1589084482-0
Opcode ID: 05dd9d60443493d8e23513cb237522e73e26ab5883211a8d89d5cbd89a0afa96
Instruction ID: f081f09bc23504a6808649c6dcdce49559334f73d037b9746aa053e3375942a7
Opcode Fuzzy Hash: 05dd9d60443493d8e23513cb237522e73e26ab5883211a8d89d5cbd89a0afa96
Instruction Fuzzy Hash: 4AF01972400509BFEF116F69EC0ACAEBBBDEF803287104C2EF95192171EB716D609B58

Uniqueness

Uniqueness Score: -1.00%

Function 00461870 Relevance: 6.0, APIs: 4, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetTopWindow.USER32(7515CC50), ref: 0046187D
IsWindowVisible.USER32(00000000), ref: 00461892
GetTopWindow.USER32(00000000), ref: 0046189D
GetWindow.USER32(00000000,00000002), ref: 004618B8

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Visible
String ID:
API String ID: 3657826678-0
Opcode ID: d47ae3f6f95b12f58aa8f9314125d4f6209a3fe55e8b8a419b5d27c898984e32
Instruction ID: f1c0aabe0d2c910d0792071e106c01242b146feae62d7c5dc28cc141345674c1
Opcode Fuzzy Hash: d47ae3f6f95b12f58aa8f9314125d4f6209a3fe55e8b8a419b5d27c898984e32
Instruction Fuzzy Hash: 62F0A732602722778222776AAC45E5FB3DC5F86B60708053AF904E3261EB18DC0143FF

Uniqueness

Uniqueness Score: -1.00%

Function 004472A0 Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 004472AF
PtInRect.USER32(?,?,?), ref: 004472C4

Part of subcall function 004791EE: IsWindowEnabled.USER32(?), ref: 004791F8

Part of subcall function 004476E0: UpdateWindow.USER32(00000002), ref: 004476FD

GetCapture.USER32 ref: 004472EC
SetCapture.USER32(00000002), ref: 004472F7

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CaptureRectWindow$ClientEnabledUpdate
String ID:
API String ID: 2789096292-0
Opcode ID: 2303d543a452725ba2767e8d754736eb2d85e545a441af6aea36d52e3ffe04d0
Instruction ID: 3dbb40f62c3edd84adf7ba10b98ac231ff848054c8572f4831096fb5e5c1f37b
Opcode Fuzzy Hash: 2303d543a452725ba2767e8d754736eb2d85e545a441af6aea36d52e3ffe04d0
Instruction Fuzzy Hash: 5FF062712046116BE315EF65DC49AAF73A9BF84B00B04891EFC85C3250EB78ED06C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 0047F5E3 Relevance: 6.0, APIs: 4, Instructions: 36COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEnterCriticalSection.KERNEL32(004D23B0,?,00000000,?,?,0047E9A4,00000010,?,00000000,?,?,?,0047E38B,0047E3EE,0047DC74,0047E391), ref: 0047F61E
RtlInitializeCriticalSection.KERNEL32(00000000,?,00000000,?,?,0047E9A4,00000010,?,00000000,?,?,?,0047E38B,0047E3EE,0047DC74,0047E391), ref: 0047F630
RtlLeaveCriticalSection.KERNEL32(004D23B0,?,00000000,?,?,0047E9A4,00000010,?,00000000,?,?,?,0047E38B,0047E3EE,0047DC74,0047E391), ref: 0047F639
RtlEnterCriticalSection.KERNEL32(00000000,00000000,?,?,0047E9A4,00000010,?,00000000,?,?,?,0047E38B,0047E3EE,0047DC74,0047E391,00479B63), ref: 0047F64B

Part of subcall function 0047F550: GetVersion.KERNEL32(?,0047F5F3,?,0047E9A4,00000010,?,00000000,?,?,?,0047E38B,0047E3EE,0047DC74,0047E391,00479B63,0047AE02), ref: 0047F563

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$Enter$InitializeLeaveVersion
String ID:
API String ID: 1193629340-0
Opcode ID: 18376e5f8a043926e366e56d03fc5b1cb4a4c8de2152308806bdf0169a0e4ebb
Instruction ID: e916ffa231bf5b335d10e0df087968b3766bb7721ec58d89ac1bc12d5de1327c
Opcode Fuzzy Hash: 18376e5f8a043926e366e56d03fc5b1cb4a4c8de2152308806bdf0169a0e4ebb
Instruction Fuzzy Hash: 80F0447100221BEFC710DF65ED8499AB36DFB64316B00443BE54583121D779F55ACBAC

Uniqueness

Uniqueness Score: -1.00%

Function 0041C630 Relevance: 6.0, APIs: 4, Instructions: 35registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(?,?,00000000,00000001,00000000,00000000), ref: 0041C64A
RegQueryValueA.ADVAPI32 ref: 0041C66E
lstrcpy.KERNEL32(?,00000000), ref: 0041C681
RegCloseKey.ADVAPI32(?), ref: 0041C68C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseOpenQueryValuelstrcpy
String ID:
API String ID: 534897748-0
Opcode ID: 11d39f6b580597849017ed5e5e4b58e5de1101aeb916a8d47202fd26f140b24a
Instruction ID: 7eff2c019cb9fcfbd97019b6316e5ff2e23d787a9c84655a90e60581f9837966
Opcode Fuzzy Hash: 11d39f6b580597849017ed5e5e4b58e5de1101aeb916a8d47202fd26f140b24a
Instruction Fuzzy Hash: 40F04F75104302BFD320DB50DC88FAFBBA8FBC5754F00891CB98882250E670D844CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0047C39B Relevance: 6.0, APIs: 4, Instructions: 29stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?), ref: 0047C3A8
GetWindowTextA.USER32 ref: 0047C3C4
lstrcmp.KERNEL32 ref: 0047C3D8
SetWindowTextA.USER32(?,?), ref: 0047C3E8

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: TextWindow$lstrcmplstrlen
String ID:
API String ID: 330964273-0
Opcode ID: b013e0bc421f5f3eb06705e109babc2713e19be33992dbd2af8e26dc363faa65
Instruction ID: 7ac58a0d08977b2e63fb790717d9d942caf27dc0f7aeecabb222e60dde599451
Opcode Fuzzy Hash: b013e0bc421f5f3eb06705e109babc2713e19be33992dbd2af8e26dc363faa65
Instruction Fuzzy Hash: 80F05831000019ABCF226F64EC88ADE3B69EB08391F00C129FC49E1120E7758E948B98

Uniqueness

Uniqueness Score: -1.00%

Function 0046B3EB Relevance: 6.0, APIs: 4, Instructions: 12COMMON

Download Yara Rule

APIs

RtlInitializeCriticalSection.KERNEL32(?,00468B13,?,00464176), ref: 0046B3F8
RtlInitializeCriticalSection.KERNEL32(?,00468B13,?,00464176), ref: 0046B400
RtlInitializeCriticalSection.KERNEL32(?,00468B13,?,00464176), ref: 0046B408
RtlInitializeCriticalSection.KERNEL32(?,00468B13,?,00464176), ref: 0046B410

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalInitializeSection
String ID:
API String ID: 32694325-0
Opcode ID: e539cf54f1402545a71488362853849c709bedd549844713c4a7d27fe1909af5
Instruction ID: df6508a802ea40c843194a45905295114b862a4819a033d8c093af82786f146e
Opcode Fuzzy Hash: e539cf54f1402545a71488362853849c709bedd549844713c4a7d27fe1909af5
Instruction Fuzzy Hash: 20C002318154349ACE513B55FF0584D7FA6EB466A13054077B5045A03487261C30EFD8

Uniqueness

Uniqueness Score: -1.00%

Function 00427EF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 291COMMON

Download Yara Rule

Strings

<, xrefs: 0042827A

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 0f63abe384bcd926647d9a99c1a219319869b47f70c8d7a222e59f4b5430bfd4
Instruction ID: 3407d083611cb58227d9eedeac37be32f3a8b19ad2856ce58990b6ff5b8e6bd5
Opcode Fuzzy Hash: 0f63abe384bcd926647d9a99c1a219319869b47f70c8d7a222e59f4b5430bfd4
Instruction Fuzzy Hash: D0B1C0716097518FC764CF24D880A6FB7E1FBC4314F548A2EF59A97280DF38D9098BA6

Uniqueness

Uniqueness Score: -1.00%

Function 004642D2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00464362

Strings

pow, xrefs: 0046433A, 00464357

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 0a6f48e8a8ec64ab0d292ffc302b40189778dcd3bdc1cda3a1351915cd2762c7
Instruction ID: 6f3dc87766daa1bd17980e193b4459b211fdb70547257397c9b2b7f63d815a59
Opcode Fuzzy Hash: 0a6f48e8a8ec64ab0d292ffc302b40189778dcd3bdc1cda3a1351915cd2762c7
Instruction Fuzzy Hash: 75511961A1820186DF157B14C90137F2B9CDB81720F244D6FE899823A9FBBC8CD9978F

Uniqueness

Uniqueness Score: -1.00%

Function 00442C00 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

CopyRect.USER32 ref: 00442D60
IsRectEmpty.USER32(?), ref: 00442D6B

Part of subcall function 0043FE50: CreateFontIndirectA.GDI32(?), ref: 0043FF7C

Part of subcall function 0044F5B0: CreateSolidBrush.GDI32(?), ref: 0044F63A
Part of subcall function 0044F5B0: SendMessageA.USER32 ref: 0044F67E
Part of subcall function 0044F5B0: SendMessageA.USER32 ref: 0044F6B4
Part of subcall function 0044F5B0: SendMessageA.USER32 ref: 0044F6C3

Strings

tCJ, xrefs: 00442CCC

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CreateRect$BrushCopyEmptyFontIndirectSolid
String ID: tCJ
API String ID: 4199050670-3789860310
Opcode ID: 5d696d2b1021830224ed19bc6fd042a31c079a98b18270508336f978368449ba
Instruction ID: 82ba425f8c0a1c099dcaff737c9307bf7250ada0585165243a318c2ba7dcd72c
Opcode Fuzzy Hash: 5d696d2b1021830224ed19bc6fd042a31c079a98b18270508336f978368449ba
Instruction Fuzzy Hash: CE6194702047419FD324EF65C981B6FB7E9BFD8708F40491EF68693281EBB8E9058766

Uniqueness

Uniqueness Score: -1.00%

Function 00423C40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 172COMMON

Download Yara Rule

APIs

Part of subcall function 00427470: GetCurrentThreadId.KERNEL32 ref: 00427493
Part of subcall function 00427470: IsWindow.USER32(00020418), ref: 004274AF
Part of subcall function 00427470: SendMessageA.USER32 ref: 004274C8
Part of subcall function 00427470: ExitProcess.KERNEL32 ref: 004274DD

RtlDeleteCriticalSection.KERNEL32(004B4F90,?,?,?,?,?,?,?,?,0042E9DD), ref: 00423C7A

Part of subcall function 00476E85: __EH_prolog.LIBCMT ref: 00476E8A

Strings

#, xrefs: 00423EF3
!, xrefs: 00423C68

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalCurrentDeleteExitH_prologMessageProcessSectionSendThreadWindow
String ID: !$#
API String ID: 2888814780-2504090897
Opcode ID: c412a2d6b4571b66011ecb52c891591e15db7616dc414225216eb61df444487e
Instruction ID: e285e5ad97e563ecf60d36aad8f3ba46b802483f7cfa28b777e33d31a9e494c4
Opcode Fuzzy Hash: c412a2d6b4571b66011ecb52c891591e15db7616dc414225216eb61df444487e
Instruction Fuzzy Hash: 0A913E700097818AD321EF75C4447DABFE4AFA6348F54488EF4D607392DBBC6288C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 00423750 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON

Download Yara Rule

APIs

Part of subcall function 0047EA69: __EH_prolog.LIBCMT ref: 0047EA6E
Part of subcall function 0047EA69: GetCurrentThread.KERNEL32 ref: 0047EABC
Part of subcall function 0047EA69: GetCurrentThreadId.KERNEL32 ref: 0047EAC5

Part of subcall function 00437C30: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,0042E998), ref: 00437CA5

RtlInitializeCriticalSection.KERNEL32(004B4F90), ref: 00423A5C

Strings

, xrefs: 004239A3
tCJ, xrefs: 00423777, 00423786, 00423792, 00423881, 0042388C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentThread$CreateCriticalEventH_prologInitializeSection
String ID: $tCJ
API String ID: 1775145326-907449524
Opcode ID: 22b79caa98906b28c97f63ff86b38299c1d1fef80430713db8948276987009ad
Instruction ID: 9a597ccce6a3ce85f6aaa0e8f65aa010cb534d61b4d598ee901af21310af754f
Opcode Fuzzy Hash: 22b79caa98906b28c97f63ff86b38299c1d1fef80430713db8948276987009ad
Instruction Fuzzy Hash: 5B81D4B0541B058BC765EF26D4917DAFBE8BFA9304F40481FE4AB47351CBB82248CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00439DD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON

Download Yara Rule

Strings

, xrefs: 00439E09

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 0b56097e8ceb7f7034dd30e83f659813a6296a4f423e9d0460b60271a68ed7a0
Instruction ID: f786539ef979fae2895cb23b82cfbfadaeab7b1bf48b67237b05e24df21f7844
Opcode Fuzzy Hash: 0b56097e8ceb7f7034dd30e83f659813a6296a4f423e9d0460b60271a68ed7a0
Instruction Fuzzy Hash: DB51AD712043419FD318DF19C881BAFB7A4FB99318F000A2EF94683290DB78ED45CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00467F55 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 0046B414: RtlInitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046E171,00000009,00000000,00000000,00000001,00468B99,00000001,00000074,?,?,00000000,00000001), ref: 0046B451
Part of subcall function 0046B414: RtlEnterCriticalSection.KERNEL32(?,?,?,0046E171,00000009,00000000,00000000,00000001,00468B99,00000001,00000074,?,?,00000000,00000001), ref: 0046B46C

GetCPInfo.KERNEL32(00000000,?,?,00000000,00000000,?,?,004641A6), ref: 00467FA6

Part of subcall function 0046B475: RtlLeaveCriticalSection.KERNEL32(?,00465AF2,00000009,00465ADE,00000000,?,00000000,00000000,00000000), ref: 0046B482

Strings

xRJ, xrefs: 00467F8D
hSJ, xrefs: 00467F9A

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$EnterInfoInitializeLeave
String ID: hSJ$xRJ
API String ID: 1866836854-3596251540
Opcode ID: 7533cf472da11bf45df13210e0aca254e5ccc89a242013b56d705a968d409ba2
Instruction ID: a33c0a943127908a400dd306473a62bf1823e6ed9bdade224141ea3e865a16b9
Opcode Fuzzy Hash: 7533cf472da11bf45df13210e0aca254e5ccc89a242013b56d705a968d409ba2
Instruction Fuzzy Hash: 7D419D31508240AEDB10CF34DD4076A7BA1AB1A308F258A7FE64487392EEFD484AD75F

Uniqueness

Uniqueness Score: -1.00%

Function 0042AF70 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138memoryCOMMON

Download Yara Rule

APIs

GlobalUnWire.KERNEL32(00000000), ref: 0042B074
GlobalReAlloc.KERNEL32 ref: 0042B07E

Part of subcall function 0047DB2B: __EH_prolog.LIBCMT ref: 0047DB30

Part of subcall function 00474DF3: InterlockedDecrement.KERNEL32(-000000F4), ref: 00474E07

Strings

tCJ, xrefs: 0042AF8E, 0042AFD3

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$AllocDecrementH_prologInterlockedWire
String ID: tCJ
API String ID: 2572417634-3789860310
Opcode ID: 1ce0f312f2b200bb7541d17c01ab8ab80bde07795769995e664204ca6f99e753
Instruction ID: 3813fd4ef0f9708df291136fe51b27518099951e433b7a3204bfc93e72bb0c84
Opcode Fuzzy Hash: 1ce0f312f2b200bb7541d17c01ab8ab80bde07795769995e664204ca6f99e753
Instruction Fuzzy Hash: 77519D70D05298DFDB10EBA5D941BEDBBB0BF95304F1081CEE80967281DBB81B48DB66

Uniqueness

Uniqueness Score: -1.00%

Function 004681A8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,00000000), ref: 004681BC

Strings

, xrefs: 004681E1
, xrefs: 00468205

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Info
String ID: $
API String ID: 1807457897-3032137957
Opcode ID: 0d91f114a7d4bd84da5f1d23fcd095e3119385bed63d5e36880b877d18d7e329
Instruction ID: 168f01a73ef5addf3f8d92adffe47d2bd297fcf9f67f221d4bec4d13acb9545f
Opcode Fuzzy Hash: 0d91f114a7d4bd84da5f1d23fcd095e3119385bed63d5e36880b877d18d7e329
Instruction Fuzzy Hash: 99419E310042581EEB158B14CE69BFB3FA8EB05B04F1405EBD985C7292E6F94944D7BB

Uniqueness

Uniqueness Score: -1.00%

Function 0041BE60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047353D: __EH_prolog.LIBCMT ref: 00473542
Part of subcall function 0047353D: SendMessageA.USER32 ref: 0047358E
Part of subcall function 0047353D: lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00473597

SendMessageA.USER32 ref: 0041BF4C
SendMessageA.USER32 ref: 0041BEB8

Part of subcall function 00474DF3: InterlockedDecrement.KERNEL32(-000000F4), ref: 00474E07

Part of subcall function 0047503C: __EH_prolog.LIBCMT ref: 00475041

Part of subcall function 00474FD6: __EH_prolog.LIBCMT ref: 00474FDB

Part of subcall function 00474EE0: InterlockedIncrement.KERNEL32(-000000F4), ref: 00474F23

Strings

tCJ, xrefs: 0041BE78

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologMessageSend$Interlocked$DecrementIncrementlstrlen
String ID: tCJ
API String ID: 1725347760-3789860310
Opcode ID: ec0fb686d48a5c8aed557ca7314a329fe9728acc89bb7000bdff0771c76f8c82
Instruction ID: 036c1ebc90d0db81343474a73df3c21a4d55c0f40e2a2fc22afdd5d4439f0189
Opcode Fuzzy Hash: ec0fb686d48a5c8aed557ca7314a329fe9728acc89bb7000bdff0771c76f8c82
Instruction Fuzzy Hash: FE419371508381AFC315DB69C841AAFFBE8BFD4714F004A0EF59843280DBB8D908CB66

Uniqueness

Uniqueness Score: -1.00%

Function 00472897 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93stringCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0047289C
lstrcpyn.KERNEL32(?,?,00000104), ref: 00472989

Strings

tCJ, xrefs: 004728B5

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologlstrcpyn
String ID: tCJ
API String ID: 588646068-3789860310
Opcode ID: d4bbd4fd24b66ff6995db4bc836fa8ee24e4c6ef020e5d611dbd69fc17c7b1c5
Instruction ID: e5f29ec07f2a3a27573db9d61b2446b68023b0e1178aab18cb961ca15b471bbe
Opcode Fuzzy Hash: d4bbd4fd24b66ff6995db4bc836fa8ee24e4c6ef020e5d611dbd69fc17c7b1c5
Instruction Fuzzy Hash: BD314AB0600741DFD7219F39C981B9BBBE0FB45308F04882FEA9E97251D7B8A504CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00439B70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON

Download Yara Rule

Strings

, xrefs: 00439BA5

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: aaa32812752448799e47fa791c105fb8ce192fba99481760da0c98f9f3346bfe
Instruction ID: 51a4ba9d7768f47f8d3513600d6da03abc271ae9cd1ccee8bce221ecfffb32f3
Opcode Fuzzy Hash: aaa32812752448799e47fa791c105fb8ce192fba99481760da0c98f9f3346bfe
Instruction Fuzzy Hash: D53199711083409FD318DF15C840BAFB7F8FBC9724F004A2EF89693290D778A9458B5A

Uniqueness

Uniqueness Score: -1.00%

Function 0045D7C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 0045D819
SendMessageA.USER32 ref: 0045D89F

Strings

OK, xrefs: 0045D826

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: OK
API String ID: 3850602802-1927176014
Opcode ID: 378da7108eb5a97f7f3c39c7848fe7cf6cc24c9466801279939a801d9937fcee
Instruction ID: 48a93e22ee3ae7d431905f5713ebaefd80fb1679e39611ca8350940cb87857d8
Opcode Fuzzy Hash: 378da7108eb5a97f7f3c39c7848fe7cf6cc24c9466801279939a801d9937fcee
Instruction Fuzzy Hash: DF316B70B047019FD724DF2AC880B17B7E8BF88705F00492EE995D7681E774E9098B5A

Uniqueness

Uniqueness Score: -1.00%

Function 00430420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

LoadCursorA.USER32 ref: 00430493
LoadCursorA.USER32 ref: 004304C2

Strings

I, xrefs: 004304A8

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorLoad
String ID: I
API String ID: 3238433803-1966777607
Opcode ID: 2fc998dbd15e6c63416d7271a3f36cf52fb93f97e719e2a15b272092088abe0b
Instruction ID: 7f0980ebb934e80fb28e02cd2c2cf8e570ce62b263631af2c5080fe0d0ffb88c
Opcode Fuzzy Hash: 2fc998dbd15e6c63416d7271a3f36cf52fb93f97e719e2a15b272092088abe0b
Instruction Fuzzy Hash: 76115033B003104BDA20966EACA465F6314DBF8736F15277BEBA9D7351D22CDD0146A9

Uniqueness

Uniqueness Score: -1.00%

Function 00417220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 004172AD
SendMessageA.USER32 ref: 004172BC

Strings

tCJ, xrefs: 00417236

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: tCJ
API String ID: 3850602802-3789860310
Opcode ID: aea995cf9e1b298b3452fa7bb62d476555a4391b049b14f9ddfaf63d3fd98fe0
Instruction ID: 24483bea49d3d12a6d072a8fc0ec3f323036eeb085fc544d3050f5df1592c17b
Opcode Fuzzy Hash: aea995cf9e1b298b3452fa7bb62d476555a4391b049b14f9ddfaf63d3fd98fe0
Instruction Fuzzy Hash: 3C11B671244701ABD324DF29CC41FABB7E5ABC8720F104B0EF569933D0CB78A8058B66

Uniqueness

Uniqueness Score: -1.00%

Function 0041FB30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 0041FBB4
SendMessageA.USER32 ref: 0041FBC7

Strings

tCJ, xrefs: 0041FB46

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: tCJ
API String ID: 3850602802-3789860310
Opcode ID: 1c51e99a9082f8d494f7edec8bc07fe7efbbbe06a7447ce5357ac73b6b83346e
Instruction ID: a5231830d0e17175d4f8a79d4f17fa1aec485abd665d10336fa7f3a46ae565e1
Opcode Fuzzy Hash: 1c51e99a9082f8d494f7edec8bc07fe7efbbbe06a7447ce5357ac73b6b83346e
Instruction Fuzzy Hash: 291151B1104701ABD324DB28DC51BABB7A5ABC9770F144B1EF16A933D0DB78A8058755

Uniqueness

Uniqueness Score: -1.00%

Function 00473382 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00473387
SendMessageA.USER32 ref: 004733E1

Strings

tCJ, xrefs: 004733AE

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologMessageSend
String ID: tCJ
API String ID: 2337391251-3789860310
Opcode ID: 4372d64f007fbb20356255ba3839b0740f8311ca8ff4427523503c398ebd0b76
Instruction ID: d9b11b065b03561a5adf9e0ca89b9c0548ddd138b6e76ff2fa43264dfd3e44ff
Opcode Fuzzy Hash: 4372d64f007fbb20356255ba3839b0740f8311ca8ff4427523503c398ebd0b76
Instruction Fuzzy Hash: 60114C72D01119ABDB10DF94D881BEEB774FB44714F10842EF914A7181DB795A04CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0047D172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0047D177

Part of subcall function 0047E983: __EH_prolog.LIBCMT ref: 0047E988

Part of subcall function 0047905F: GetWindowLongA.USER32 ref: 0047906B

Part of subcall function 0047B7BC: __EH_prolog.LIBCMT ref: 0047B7C1
Part of subcall function 0047B7BC: 7406AC50.USER32(00412204,?,?,004302CF,00000000,?,?,?,00000101,00000000,00000000), ref: 0047B7EA

Part of subcall function 00463E86: SendMessageA.USER32 ref: 00463E8F

Part of subcall function 0047B0B8: SelectObject.GDI32(004157D5,00000000), ref: 0047B0DA
Part of subcall function 0047B0B8: SelectObject.GDI32(004157D5,?), ref: 0047B0F0

GetTextMetricsA.GDI32(?,\G), ref: 0047D1C9

Strings

\G, xrefs: 0047D1C2, 0047D1D8, 0047D1C5

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog$ObjectSelect$7406LongMessageMetricsSendTextWindow
String ID: \G
API String ID: 3903924867-3255581010
Opcode ID: 4b19ebffdbadd7084f3586ebb8c4dddfe9ddbab1456599602f9710e07e052d0b
Instruction ID: 8d764815366c13b1b3daa0249c072c100eb0abff70d35920907f027a93227260
Opcode Fuzzy Hash: 4b19ebffdbadd7084f3586ebb8c4dddfe9ddbab1456599602f9710e07e052d0b
Instruction Fuzzy Hash: E91186729105549BCB08ABA5CC81AEEB779EF85314F40812FE116E3251DF785D0687A9

Uniqueness

Uniqueness Score: -1.00%

Function 00447730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON

Download Yara Rule

APIs

GetSysColor.USER32(0000000F), ref: 0044778C

Part of subcall function 00447E80: IsWindow.USER32(?), ref: 00447E8E
Part of subcall function 00447E80: 7406B330.USER32(?,00000000,00000000,00000105,?,00447E7D,?,004478F7,?), ref: 00447EA5

GetSysColor.USER32(00000012), ref: 00447798

Part of subcall function 00447EB0: IsWindow.USER32(?), ref: 00447EBE
Part of subcall function 00447EB0: 7406B330.USER32(?,00000000,00000000,00000105,?,00447E70,?,004478F7,?), ref: 00447ED5

Part of subcall function 00474F30: lstrlen.KERNEL32(?,?,?,004729A4,?), ref: 00474F41

Strings

tCJ, xrefs: 0044775B, 0044776D

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: 7406B330ColorWindow$lstrlen
String ID: tCJ
API String ID: 2381285353-3789860310
Opcode ID: ef9aefb205705b31da8d3270911ac8bcd7d58950eacc66a5f98e530c4cfa1ba5
Instruction ID: 96bf631a1947f573f325209ea7056b5f6b80dd4c458d42a3dd51bddb5d7dc91e
Opcode Fuzzy Hash: ef9aefb205705b31da8d3270911ac8bcd7d58950eacc66a5f98e530c4cfa1ba5
Instruction Fuzzy Hash: 6D11ACB0300B059FD710EF19D802B6ABBE8FB85B14F004E2EF08587781C7BD69048BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0047C199 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52stringCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0047C19E
lstrcpyn.KERNEL32(00000000,?,?,?,00000000,?,?), ref: 0047C208

Strings

tCJ, xrefs: 0047C1BB

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologlstrcpyn
String ID: tCJ
API String ID: 588646068-3789860310
Opcode ID: 367b73719d0dfcf4c4920a468557d80cacb9d298fcb6b10a5cef79adf6e35ebc
Instruction ID: 477d6638f6df05f6edf9d7033e209aca88f13fc6c9212741fb4ba7eab4d351f9
Opcode Fuzzy Hash: 367b73719d0dfcf4c4920a468557d80cacb9d298fcb6b10a5cef79adf6e35ebc
Instruction Fuzzy Hash: 39115B3250024AEBCB24DF99CC85BEEBBB5BF45314F04846EF525972A1CB789A10CB14

Uniqueness

Uniqueness Score: -1.00%

Function 0047A219 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52stringCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0047A21E
lstrcpyn.KERNEL32(00000000,?,?,?,00000000,?,?), ref: 0047A288

Strings

tCJ, xrefs: 0047A23B

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologlstrcpyn
String ID: tCJ
API String ID: 588646068-3789860310
Opcode ID: ad44b5d07e2078ccc8f4420be5c02198c8a1628f875dde73cd97bf9063c65f4c
Instruction ID: 04ca4db9bf98a54fe0a0638e73d1dbddf4e938eca3a4c76ea28dcc84dbecc1e9
Opcode Fuzzy Hash: ad44b5d07e2078ccc8f4420be5c02198c8a1628f875dde73cd97bf9063c65f4c
Instruction Fuzzy Hash: 3711BF3250024AEFCB20DF99CC41BEEBBB4BF84314F04886EF026932A1C7789A10CB15

Uniqueness

Uniqueness Score: -1.00%

Function 00415F72 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 00415FF1
SendMessageA.USER32 ref: 00415FFE

Part of subcall function 004771C1: GetWindowTextLengthA.USER32(?), ref: 004771CE
Part of subcall function 004771C1: GetWindowTextA.USER32 ref: 004771E6

Part of subcall function 00474DF3: InterlockedDecrement.KERNEL32(-000000F4), ref: 00474E07

Strings

tCJ, xrefs: 00415F7D

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSendTextWindow$DecrementInterlockedLength
String ID: tCJ
API String ID: 2030857069-3789860310
Opcode ID: ac02af8fdcf6b302e810e9f9aeccb9df88ce18472ea3be3abf4a2395e1444d98
Instruction ID: 1bfc150506e1663f9fbac1b3a757861e5bc4eb5b214f10cde49f05911443e1b8
Opcode Fuzzy Hash: ac02af8fdcf6b302e810e9f9aeccb9df88ce18472ea3be3abf4a2395e1444d98
Instruction Fuzzy Hash: 74115E712047008FC324DF28D881BABB7E5FBC8324F104A2EF59A83381D778E9468B55

Uniqueness

Uniqueness Score: -1.00%

Function 0045DC70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004736D0: SendMessageA.USER32 ref: 004736F0

SendMessageA.USER32 ref: 0045DCA4
IsWindow.USER32(?), ref: 0045DCAB

Strings

F, xrefs: 0045DC90

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$Window
String ID: F
API String ID: 2326795674-1304234792
Opcode ID: ca1e1ca8abc794dfdcfd7773491c9f02a2a6e063696d9961fdde3cd1782ddfe3
Instruction ID: c4d18b8b68e0ebde1635fed4d6c663593716dba659ad363d1756c8804cc6b5ca
Opcode Fuzzy Hash: ca1e1ca8abc794dfdcfd7773491c9f02a2a6e063696d9961fdde3cd1782ddfe3
Instruction Fuzzy Hash: 65018071608301AFE324DF14C984B6FB7F9AFC9B05F00480EF98586290E7B499098B9A

Uniqueness

Uniqueness Score: -1.00%

Function 0047C239 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40windowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0047C23E
SendMessageA.USER32 ref: 0047C2AA

Strings

tCJ, xrefs: 0047C262

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologMessageSend
String ID: tCJ
API String ID: 2337391251-3789860310
Opcode ID: 29be210f5514005087f52393ef87bfc1ebe6a37603499ddd22824d77bb7f2371
Instruction ID: b99d23d2ae393ac71753ecc6981d8eea9e96858d141d6cbfb0257f494bae20f5
Opcode Fuzzy Hash: 29be210f5514005087f52393ef87bfc1ebe6a37603499ddd22824d77bb7f2371
Instruction Fuzzy Hash: C4018471901215AFDB10DFA5C806BDEBBA0FF04714F20855EF554AB191E7B8AA01CB89

Uniqueness

Uniqueness Score: -1.00%

Function 0047503C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39stringCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00475041
lstrlen.KERNEL32(00000000,00000000,?,?,0042715B,?,004B45F0,0049A224,?,?,?,?,?,?,00000000,004B4520), ref: 00475068

Strings

tCJ, xrefs: 00475048

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologlstrlen
String ID: tCJ
API String ID: 2133942097-3789860310
Opcode ID: 5ae51000b9a6074865b326dc282ddb838656994b852fb1755fc97dde5266a49d
Instruction ID: eee5179041ed68821fbe651c908b8bfac27f0ee6c2c163a4e5589fddf32f5057
Opcode Fuzzy Hash: 5ae51000b9a6074865b326dc282ddb838656994b852fb1755fc97dde5266a49d
Instruction Fuzzy Hash: A5012C7192025AEFCB15DF94CC45BEEB775FB48308F10881EF425A7290D7B8AA04CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 004750B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39stringCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004750B5
lstrlen.KERNEL32(?,?,?,?,0044FEEF,?,004A3FC8,?), ref: 004750DC

Strings

tCJ, xrefs: 004750BC

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologlstrlen
String ID: tCJ
API String ID: 2133942097-3789860310
Opcode ID: 9d8c1ca7f377c3ba94752181833c7bfe1516c8e0ce70b7069478e65f96aa72d8
Instruction ID: e08419d9ce2516e40c73fc87228b51c7687f59190d9f289746b24ae12ea4f621
Opcode Fuzzy Hash: 9d8c1ca7f377c3ba94752181833c7bfe1516c8e0ce70b7069478e65f96aa72d8
Instruction Fuzzy Hash: 93011E71910259EBCB15DFA4D845BEE7774FB48318F10841EF415A7290D7B8AA04CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0046F3E2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,00465E5D,?), ref: 0046F400
GetStringTypeW.KERNEL32(?,?,00000000,]^F,?,?,?,?,?,?,00465E5D,?), ref: 0046F412

Strings

]^F, xrefs: 0046F40A

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiStringTypeWide
String ID: ]^F
API String ID: 3139900361-547549326
Opcode ID: a28702c5743a3a621af6366a35de1b4b8a7e52448c673c7b49418b06323688c0
Instruction ID: 63ea2461163d955bd558694f3bf114987ad97c1ebaf4ff1b3ecfde6225c70832
Opcode Fuzzy Hash: a28702c5743a3a621af6366a35de1b4b8a7e52448c673c7b49418b06323688c0
Instruction Fuzzy Hash: 54F03A32500125ABCF218F80EC459EEBB32FF14361F004539FA52615A0D73549249B95

Uniqueness

Uniqueness Score: -1.00%

Function 00460990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 004609B6
PostMessageA.USER32 ref: 004609CC

Strings

, xrefs: 00460998

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message$PostSend
String ID:
API String ID: 2264170824-3916222277
Opcode ID: 7898b7746cbf4097b9e40941a52aa460b33d298abe8d7c033c007e858aee42b1
Instruction ID: 438f86496bd296493a06d80766ee5cdd6f7923ce3b00ff66e3dc52514777836c
Opcode Fuzzy Hash: 7898b7746cbf4097b9e40941a52aa460b33d298abe8d7c033c007e858aee42b1
Instruction Fuzzy Hash: 6EE0D871244711ABF6309B209C40F5B33997B14710F008E1FB291E65D2E6B4DC448718

Uniqueness

Uniqueness Score: -1.00%

Function 0045DF90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 0045DFB3
PostMessageA.USER32 ref: 0045DFC9

Strings

, xrefs: 0045DF98

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message$PostSend
String ID:
API String ID: 2264170824-3916222277
Opcode ID: 7cbfd5c0aab44883d50b9b79c0392d79da138c728bcb4387bdda7492a50728a5
Instruction ID: 4326e5814743305b2992ba2b1057dc37abe95271b39b6935e179847889e6fa72
Opcode Fuzzy Hash: 7cbfd5c0aab44883d50b9b79c0392d79da138c728bcb4387bdda7492a50728a5
Instruction Fuzzy Hash: 11E04832745311BBE6349B209C45F5B72996F44B02F008D1EB742D79D1D6B4D854C718

Uniqueness

Uniqueness Score: -1.00%

Function 00465BDD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.KERNEL32(?,00466C62,?,00000003,00000003,0046E22D,024849B0), ref: 00465C05

Part of subcall function 0046B414: RtlInitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046E171,00000009,00000000,00000000,00000001,00468B99,00000001,00000074,?,?,00000000,00000001), ref: 0046B451
Part of subcall function 0046B414: RtlEnterCriticalSection.KERNEL32(?,?,?,0046E171,00000009,00000000,00000000,00000001,00468B99,00000001,00000074,?,?,00000000,00000001), ref: 0046B46C

Strings

OJ, xrefs: 00465BEA
-M, xrefs: 00465BE1

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$Enter$Initialize
String ID: -M$OJ
API String ID: 1229453151-32877864
Opcode ID: dbd09b45147c30134303cd1ce8ca07d130f32efaa760951e88ff30d3a9826979
Instruction ID: e94fc13aa16fa6e6ecf18ced03b4cf4b51e9371f2803d4e910639463591623dc
Opcode Fuzzy Hash: dbd09b45147c30134303cd1ce8ca07d130f32efaa760951e88ff30d3a9826979
Instruction Fuzzy Hash: 89D023B57002010BCF1819795D4541F6108D1D4346B158C2FF401C2342DB2DC440511E

Uniqueness

Uniqueness Score: -1.00%

Function 00465C2F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

RtlLeaveCriticalSection.KERNEL32(?,00466C70,?,?,?,00000003,00000003,0046E22D,024849B0), ref: 00465C57

Part of subcall function 0046B475: RtlLeaveCriticalSection.KERNEL32(?,00465AF2,00000009,00465ADE,00000000,?,00000000,00000000,00000000), ref: 0046B482

Strings

-M, xrefs: 00465C33
OJ, xrefs: 00465C3C

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalLeaveSection
String ID: -M$OJ
API String ID: 3988221542-32877864
Opcode ID: dc16954acbbaae45c7a8060265cef96120327a2ece486d13ea9fff5faefe8eec
Instruction ID: f981c4423c0fb1cf40fa49e23049e405c475db9f9e030d9f77d09744affd0f23
Opcode Fuzzy Hash: dc16954acbbaae45c7a8060265cef96120327a2ece486d13ea9fff5faefe8eec
Instruction Fuzzy Hash: F4D022BA6006011BCF282EF1AD8A90E2218D2E0782B16CD2FF801C2282DB2CDC80810E

Uniqueness

Uniqueness Score: -1.00%

Function 00476729 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16windowtimeCOMMON

Download Yara Rule

APIs

Part of subcall function 0047E8EE: TlsGetValue.KERNEL32(004D223C,?,00000000,0047E375,0047DC74,0047E391,00479B63,0047AE02,?,00000000,?,004720C9,00000000,00000000,00000000,00000000), ref: 0047E92D

GetMessageTime.USER32(Function_0007DC74), ref: 0047673B
GetMessagePos.USER32 ref: 00476744

Strings

,"M, xrefs: 0047672F

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message$TimeValue
String ID: ,"M
API String ID: 3832333830-1640570267
Opcode ID: 295fb68abfac2e46c55dd7e1c7fc41306750d2a8d154e128531765ff0a660d8c
Instruction ID: e87930165ba64a018fa419e8656f2ec355b3d3215559e456180b39db047af397
Opcode Fuzzy Hash: 295fb68abfac2e46c55dd7e1c7fc41306750d2a8d154e128531765ff0a660d8c
Instruction Fuzzy Hash: 10D01774C00B208FC730AF36A5480AB7AF4EF457513414D6FE68AC7A10DB39A400CB48

Uniqueness

Uniqueness Score: -1.00%

Function 0042F740 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0042F7D1
wsprintfA.USER32 ref: 0042F7EB
wsprintfA.USER32 ref: 0042F806

Memory Dump Source

Source File: 00000001.00000002.598289468.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.598283942.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598308994.0000000000484000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598314618.0000000000485000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598321500.000000000049C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598326976.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598331916.00000000004A4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598338239.00000000004A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598344549.00000000004A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598350012.00000000004B4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598357710.00000000004D0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598362903.00000000004D4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.598369680.00000000004DE000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf
String ID:
API String ID: 2111968516-0
Opcode ID: a8f296da589dec73de6aaf3720a8d348c721aa5f97d257d4f50311e970beee50
Instruction ID: a4cc90dbe6a72bc3e5c1942f5a4b9382e65a9148821ab977b1c0c861774a707c
Opcode Fuzzy Hash: a8f296da589dec73de6aaf3720a8d348c721aa5f97d257d4f50311e970beee50
Instruction Fuzzy Hash: FA31C4F15043115BC204EF65EC4596FBBE8EFC4759F400A3EF94693281EB79DA0886AB

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Windows Analysis Report
SecuriteInfo.com.BackDoor.BlackHole.55951.25738.15896.exe

Function 004268B0 Relevance: 15.3, APIs: 10, Instructions: 281
libraryloaderCOMMON

Function 00476ACF Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 170
stringCOMMON

Function 0042BE60 Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 369
COMMON

Function 0045F280 Relevance: 19.9, APIs: 13, Instructions: 371
windowCOMMON

Function 0042D2A0 Relevance: 19.7, APIs: 13, Instructions: 187
windowCOMMON

Function 0047E587 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99
memoryCOMMONLIBRARYCODE

Function 0044B080 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 373
commemorythreadCOMMON

Function 004768F4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99
COMMON

Function 00412D60 Relevance: 15.2, APIs: 10, Instructions: 196
stringcomregistryCOMMON

Function 00415630 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 267
windowCOMMON

Function 00478BCF Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42
libraryloaderCOMMON

Function 0042A170 Relevance: 13.8, APIs: 9, Instructions: 289
COMMON

Function 0047F754 Relevance: 9.1, APIs: 6, Instructions: 61
stringCOMMON

Function 0047AD9F Relevance: 9.0, APIs: 6, Instructions: 35
COMMON

Function 0041E3D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 225
windowCOMMON