Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
SystemPropertiesAdvanced.exe

Overview

General Information

Sample Name:SystemPropertiesAdvanced.exe
Analysis ID:1326388
MD5:fa040b18d2d2061ab38cf4e52e753854
SHA1:b1b37124e9afd6c860189ce4d49cebbb2e4c57bc
SHA256:c61fa0f8c5d8d61110adbcceaa453a6c1d31255b3244dc7e3b605a4a931c245c
Errors
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score:0
Range:0 - 100
Whitelisted:true
Confidence:100%

Signatures

Sample file is different than original file name gathered from version info
Program does not show much activity (idle)
Binary contains a suspicious time stamp

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w7x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • System Summary
  • Data Obfuscation
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: SystemPropertiesAdvanced.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: SystemPropertiesAdvanced.pdb source: SystemPropertiesAdvanced.exe
Source: Binary string: SystemPropertiesAdvanced.pdbGCTL source: SystemPropertiesAdvanced.exe
Source: SystemPropertiesAdvanced.exeBinary or memory string: OriginalFilename vs SystemPropertiesAdvanced.exe
Source: SystemPropertiesAdvanced.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: clean1.winEXE@1/0@0/0
Source: SystemPropertiesAdvanced.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: SystemPropertiesAdvanced.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SystemPropertiesAdvanced.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SystemPropertiesAdvanced.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SystemPropertiesAdvanced.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SystemPropertiesAdvanced.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SystemPropertiesAdvanced.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SystemPropertiesAdvanced.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: SystemPropertiesAdvanced.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: SystemPropertiesAdvanced.pdb source: SystemPropertiesAdvanced.exe
Source: Binary string: SystemPropertiesAdvanced.pdbGCTL source: SystemPropertiesAdvanced.exe
Source: SystemPropertiesAdvanced.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SystemPropertiesAdvanced.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SystemPropertiesAdvanced.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SystemPropertiesAdvanced.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SystemPropertiesAdvanced.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: SystemPropertiesAdvanced.exeStatic PE information: 0x8BD77CC1 [Fri May 6 13:46:41 2044 UTC]
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SystemPropertiesAdvanced.exeCode function: 0_2_000000013FE11470 SetUnhandledExceptionFilter,0_2_000000013FE11470
Source: C:\Users\user\Desktop\SystemPropertiesAdvanced.exeCode function: 0_2_000000013FE1174C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_000000013FE1174C
Source: C:\Users\user\Desktop\SystemPropertiesAdvanced.exeCode function: 0_2_000000013FE11644 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,GetTickCount,QueryPerformanceCounter,0_2_000000013FE11644

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Timestomp		OS Credential Dumping1
System Time Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1326388 Sample: SystemPropertiesAdvanced.exe Startdate: 16/10/2023 Architecture: WINDOWS Score: 0 4 SystemPropertiesAdvanced.exe 2->4         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SystemPropertiesAdvanced.exe0%VirustotalBrowse
SystemPropertiesAdvanced.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:38.0.0 Ammolite
Analysis ID:1326388
Start date and time:2023-10-16 12:41:22 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 1m 32s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample file name:SystemPropertiesAdvanced.exe
Detection:CLEAN
Classification:clean1.winEXE@1/0@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 4
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Unable to launch sample, stop analysis
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.
  • Exclude process from analysis (whitelisted): dllhost.exe
  • Execution Graph export aborted for target SystemPropertiesAdvanced.exe, PID 1900 because there are no executed function

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):7.078407232206845
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:SystemPropertiesAdvanced.exe
File size:83'968 bytes
MD5:fa040b18d2d2061ab38cf4e52e753854
SHA1:b1b37124e9afd6c860189ce4d49cebbb2e4c57bc
SHA256:c61fa0f8c5d8d61110adbcceaa453a6c1d31255b3244dc7e3b605a4a931c245c
SHA512:511f5981bd2c446f1f3039f6674f972651512305630bd688b1ef159af36a23cb836b43d7010b132a86b5f4d6c46206057abd31600f1e7dc930cb32ed962298a4
SSDEEP:1536:9aZhtREC/rMcgEPJV+G57ThjEC0kzJP+V5Ja:GhzECTMpuDhjRVJGk
TLSH:8683D147B780869BE53E057198638BFA6E70BF01972013D73195F20D1FB2BC2763A998
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........9...j...j...j..{j...j...k...j...k...j...k...j...j...j...k...j...k...j...j...j...k...jRich...j........PE..d....|............"

File Icon

Icon Hash:27a686133739f55c

Static PE Info

General

Entrypoint:0x1400013d0
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:0x8BD77CC1 [Fri May 6 13:46:41 2044 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:10
OS Version Minor:0
File Version Major:10
File Version Minor:0
Subsystem Version Major:10
Subsystem Version Minor:0
Import Hash:68ca080ee65ae9ea92581804b773ecbd
Instruction
dec eax
sub esp, 28h
call 00007FC644516260h
dec eax
add esp, 28h
jmp 00007FC644515D73h
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
nop word ptr [eax+eax+00000000h]
dec eax
cmp ecx, dword ptr [00001C01h]
jne 00007FC644516002h
dec eax
rol ecx, 10h
test cx, FFFFh
jne 00007FC644515FF3h
ret
dec eax
ror ecx, 10h
jmp 00007FC644516367h
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [ecx]
cmp dword ptr [eax], E06D7363h
jne 00007FC644516015h
cmp dword ptr [eax+18h], 04h
jne 00007FC64451600Fh
mov ecx, dword ptr [eax+20h]
lea eax, dword ptr [ecx-19930520h]
cmp eax, 02h
jbe 00007FC644515FFAh
cmp ecx, 01994000h
jne 00007FC644515FF9h
call dword ptr [00000D87h]
int3
xor eax, eax
dec eax
add esp, 28h
ret
int3
int3
int3
int3
int3
int3
int3
dec eax
sub esp, 28h
dec eax
lea ecx, dword ptr [FFFFFFB5h]
call dword ptr [00000CB7h]
xor eax, eax
dec eax
add esp, 28h
ret
int3
int3
int3
int3
int3
int3
jmp dword ptr [00000D74h]
int3
int3
int3
Programming Language:
  • [IMP] VS2008 SP1 build 30729
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x264c0xc8.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x50000x12730.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x40000xcc.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x180000x20.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x22f00x54.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x20100x118.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x21280x138.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x9800xa00False0.61015625data5.58005297663194IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x20000xb8e0xc00False0.3974609375data4.071793179576692IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x30000x6780x200False0.064453125data0.30140680731160896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x40000xcc0x200False0.287109375data1.7041510621512759IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x50000x127300x12800False0.8205500422297297data7.274274783418295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x180000x200x200False0.083984375data0.4029411215812382IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
MUI0x176600xd0dataEnglishUnited States0.5432692307692307
RT_ICON0x58180x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3884146341463415
RT_ICON0x5e800x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.49731182795698925
RT_ICON0x61680x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5641891891891891
RT_ICON0x62900xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.6319296375266524
RT_ICON0x71380x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.756768953068592
RT_ICON0x79e00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.42991329479768786
RT_ICON0x7f480xb7e8PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9924384027187766
RT_ICON0x137300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.5195020746887967
RT_ICON0x15cd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6045966228893058
RT_ICON0x16d800x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5726950354609929
RT_GROUP_ICON0x171e80x92dataEnglishUnited States0.636986301369863
RT_VERSION0x172800x3e0dataEnglishUnited States0.43850806451612906
RT_MANIFEST0x53300x4e4XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.43450479233226835
DLLImport
msvcrt.dll?terminate@@YAXXZ, _commode, _fmode, _wcmdln, _XcptFilter, _initterm, __setusermatherr, _cexit, _exit, exit, __set_app_type, __wgetmainargs, _amsg_exit, __C_specific_handler
SYSDM.CPLDisplaySYSDMCPL
api-ms-win-core-synch-l1-2-0.dllSleep
api-ms-win-core-processthreads-l1-1-0.dllGetCurrentProcess, TerminateProcess, GetStartupInfoW, GetCurrentProcessId, GetCurrentThreadId
api-ms-win-core-errorhandling-l1-1-0.dllSetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-libraryloader-l1-2-0.dllGetModuleHandleW
api-ms-win-core-profile-l1-1-0.dllQueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dllGetTickCount, GetSystemTimeAsFileTime
api-ms-win-core-rtlsupport-l1-1-0.dllRtlVirtualUnwind, RtlCaptureContext, RtlLookupFunctionEntry

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

012345s020406080100

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:12:42:07
Start date:16/10/2023
Path:C:\Users\user\Desktop\SystemPropertiesAdvanced.exe
Wow64 process (32bit):false
Commandline:C:\Users\user\Desktop\SystemPropertiesAdvanced.exe
Imagebase:0x13fe10000
File size:83'968 bytes
MD5 hash:FA040B18D2D2061AB38CF4E52E753854
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Disassembly

Non-executed Functions

APIs
Memory Dump Source
  • Source File: 00000000.00000002.339453652.000000013FE11000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FE10000, based on PE: true
  • Associated: 00000000.00000002.339410876.000000013FE10000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.339456513.000000013FE12000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.339459395.000000013FE14000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_13fe10000_SystemPropertiesAdvanced.jbxd
Similarity
  • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
  • String ID:
  • API String ID: 4104442557-0
  • Opcode ID: 01f6ddb54f852553ff46788042b5311a713eb0d15f380dc403d23d32d0d976df
  • Instruction ID: f675b45f146a98c13349edf7653279fabbea324548206f7007f37de1ff08c50c
  • Opcode Fuzzy Hash: 01f6ddb54f852553ff46788042b5311a713eb0d15f380dc403d23d32d0d976df
  • Instruction Fuzzy Hash: B711ED36B00B448AEB10DF62EC543D933A4F759758F450A39EA6D87764DF78C6A58340
Uniqueness

Uniqueness Score: -1.00%

APIs
  • SetUnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 000000013FE11757
  • UnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 000000013FE11760
  • GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 000000013FE11766
Memory Dump Source
  • Source File: 00000000.00000002.339453652.000000013FE11000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FE10000, based on PE: true
  • Associated: 00000000.00000002.339410876.000000013FE10000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.339456513.000000013FE12000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.339459395.000000013FE14000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_13fe10000_SystemPropertiesAdvanced.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled$CurrentProcess
  • String ID:
  • API String ID: 1249254920-0
  • Opcode ID: a3c8df76f904a7c8498077c7ddbd056fcf0682c46bea9ea95399289e55787746
  • Instruction ID: 2d176fa687d4dc50d62f00dd198662a97e97f544f110475b0c725652849471dd
  • Opcode Fuzzy Hash: a3c8df76f904a7c8498077c7ddbd056fcf0682c46bea9ea95399289e55787746
  • Instruction Fuzzy Hash: 9DD0C9B1F11A0486FB1C9B63EC153EA2221A75DB51F07503ACF1786331DE7C868B8300
Uniqueness

Uniqueness Score: -1.00%

APIs
  • SetUnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 000000013FE1147B
Memory Dump Source
  • Source File: 00000000.00000002.339453652.000000013FE11000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FE10000, based on PE: true
  • Associated: 00000000.00000002.339410876.000000013FE10000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.339456513.000000013FE12000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.339459395.000000013FE14000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_13fe10000_SystemPropertiesAdvanced.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled
  • String ID:
  • API String ID: 3192549508-0
  • Opcode ID: 145d25adb241e50fa26159e0b5d655ea52988963f6cf1d6c41e1169dea893a6e
  • Instruction ID: c4dc50f733a4d827edd25cf24cbc4f16d7b0cba30fbbfa6b72e8d52b172a0c83
  • Opcode Fuzzy Hash: 145d25adb241e50fa26159e0b5d655ea52988963f6cf1d6c41e1169dea893a6e
  • Instruction Fuzzy Hash: 1FB01234F31400C1E604EB23DC813C022A07B5CB20FC30835C109C1130DA1C83EB8700
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.339453652.000000013FE11000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FE10000, based on PE: true
  • Associated: 00000000.00000002.339410876.000000013FE10000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.339456513.000000013FE12000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.339459395.000000013FE14000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_13fe10000_SystemPropertiesAdvanced.jbxd
Similarity
  • API ID: CurrentImageInfoNonwritableSleepStartup_amsg_exit_cexit_inittermexit
  • String ID:
  • API String ID: 642454821-0
  • Opcode ID: a691bbe06d05064f33441c8f69f3467d1c4f9e1d129da6edc443e9812924770e
  • Instruction ID: 6de9f504cc8c32e9e838e2d24c0a5ba90a6352d64af7ba351d5868bbd14a90c3
  • Opcode Fuzzy Hash: a691bbe06d05064f33441c8f69f3467d1c4f9e1d129da6edc443e9812924770e
  • Instruction Fuzzy Hash: 9C61153AE0564186FB609B53E8403E976E9F798B80F56413EDA49936B4DB3DCB43D700
Uniqueness

Uniqueness Score: -1.00%