Edit tour

Windows Analysis Report
SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe

Overview

General Information

Sample name:SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
Analysis ID:1377194
MD5:8284da11168b4dea50ee3159043ba5f9
SHA1:91fd9ccb26fed425a779a3def89a625e5616f844
SHA256:7fa5cd4c23349fc8ee7f9aae22a4cd2d60bfa2c7f70ddcb1bedea98776dc40c8
Tags:exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to download and execute PE files
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://api.flmgr.net/v1/client/update?CurVersion=1.0.0.0Avira URL Cloud: Label: malware
Source: api.flmgr.netVirustotal: Detection: 6%Perma Link
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeVirustotal: Detection: 8%Perma Link
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: E:\FLManager\temp\Link\FLDowner\Release\FLReport.pdb source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
Source: Binary string: E:\FLManager\temp\Link\FLDowner\Release\FLReport.pdb source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D21504 GetEnvironmentVariableW,PathAddBackslashW,PathAppendW,URLDownloadToFileW,CreateProcessW,WaitForSingleObject,CloseHandle,CloseHandle,CloseHandle,Concurrency::cancel_current_task,0_2_00D21504
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D21504 GetEnvironmentVariableW,PathAddBackslashW,PathAppendW,URLDownloadToFileW,CreateProcessW,WaitForSingleObject,CloseHandle,CloseHandle,CloseHandle,Concurrency::cancel_current_task,0_2_00D21504
Source: global trafficHTTP traffic detected: GET /v1/client/update?CurVersion=1.0.0.0 HTTP/1.1Connection: Keep-AliveUser-Agent: A WinHTTP Example Program/1.0Host: api.flmgr.net
Source: unknownDNS traffic detected: queries for: api.flmgr.net
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe, 00000000.00000002.2054205402.00000000009CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.flmgr.net/v1/client/update?CurVersion=1.0.0.0
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D4B0410_2_00D4B041
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D390380_2_00D39038
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D401100_2_00D40110
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D372190_2_00D37219
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D43CEE0_2_00D43CEE
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D445990_2_00D44599
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D32E100_2_00D32E10
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D43E0E0_2_00D43E0E
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D3B7D00_2_00D3B7D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D36FE70_2_00D36FE7
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D3AFA00_2_00D3AFA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: String function: 00D31AA0 appears 39 times
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe, 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFLDowner.exe. vs SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeBinary or memory string: OriginalFilenameFLDowner.exe. vs SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.winEXE@1/0@1/1
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeVirustotal: Detection: 8%
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: E:\FLManager\temp\Link\FLDowner\Release\FLReport.pdb source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
Source: Binary string: E:\FLManager\temp\Link\FLDowner\Release\FLReport.pdb source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D31608 push ecx; ret 0_2_00D3161B
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeAPI coverage: 7.1 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe TID: 6608Thread sleep time: -30000s >= -30000sJump to behavior
Source: SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe, 00000000.00000002.2054205402.000000000098E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe, 00000000.00000002.2054205402.00000000009F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D31843 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D31843
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D4734A mov eax, dword ptr fs:[00000030h]0_2_00D4734A
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D3DF48 mov eax, dword ptr fs:[00000030h]0_2_00D3DF48
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D49950 GetProcessHeap,0_2_00D49950
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D31843 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D31843
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D319D6 SetUnhandledExceptionFilter,0_2_00D319D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D35AD3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D35AD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D313A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00D313A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D31AE5 cpuid 0_2_00D31AE5
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: EnumSystemLocalesW,0_2_00D4907A
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: EnumSystemLocalesW,0_2_00D4902F
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: GetLocaleInfoW,0_2_00D4199C
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00D491A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: EnumSystemLocalesW,0_2_00D49115
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: GetLocaleInfoW,0_2_00D493F3
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: EnumSystemLocalesW,0_2_00D414F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00D49519
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00D496EE
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: GetLocaleInfoW,0_2_00D4961F
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: GetLocaleInfoW,0_2_00D48F88
Source: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exeCode function: 0_2_00D3173C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00D3173C
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
Exfiltration Over Other Network Medium1
Encrypted Channel
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Deobfuscate/Decode Files or Information
LSASS Memory21
Security Software Discovery
Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
Non-Application Layer Protocol
SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information
Security Account Manager1
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Application Layer Protocol
Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin HookBinary PaddingNTDS22
System Information Discovery
Distributed Component Object ModelInput CaptureTraffic Duplication12
Ingress Tool Transfer
Data DestructionVirtual Private ServerEmployee Names
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1377194 Sample: SecuriteInfo.com.not-a-viru... Startdate: 19/01/2024 Architecture: WINDOWS Score: 64 9 api.flmgr.net 2->9 13 Multi AV Scanner detection for domain / URL 2->13 15 Antivirus detection for URL or domain 2->15 17 Multi AV Scanner detection for submitted file 2->17 6 SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe 2->6         started        signatures3 process4 dnsIp5 11 api.flmgr.net 123.57.49.36, 49730, 80 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 6->11

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe8%ReversingLabs
SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe8%VirustotalBrowse
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
api.flmgr.net7%VirustotalBrowse
SourceDetectionScannerLabelLink
http://api.flmgr.net/v1/client/update?CurVersion=1.0.0.0100%Avira URL Cloudmalware
http://api.flmgr.net/v1/client/update?CurVersion=1.0.0.00%VirustotalBrowse

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
api.flmgr.net
123.57.49.36
truefalseunknown
NameMaliciousAntivirus DetectionReputation
http://api.flmgr.net/v1/client/update?CurVersion=1.0.0.0false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: malware
unknown
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPDomainCountryFlagASNASN NameMalicious
123.57.49.36
api.flmgr.netChina
37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
Joe Sandbox version:38.0.0 Ammolite
Analysis ID:1377194
Start date and time:2024-01-19 04:20:50 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 44s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:Run with higher sleep bypass
Number of analysed new started processes analysed:5
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
Detection:MAL
Classification:mal64.winEXE@1/0@1/1
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 89%
  • Number of executed functions: 5
  • Number of non-executed functions: 66
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
  • Stop behavior analysis, all processes terminated
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
No simulations
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
123.57.49.36_____NCM______2_10042231.exeGet hashmaliciousUnknownBrowse
  • api.flmgr.net/log/client/run?User=e3c4aca4bf472f3bc70d155d55d5bb2f&Ver=1.0.7.17&ChannelCode=2&Action=pc_server&InstallDate=2023-08-04
_____NCM______2_10042231.exeGet hashmaliciousUnknownBrowse
  • api.flmgr.net/v1/client/configs
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
api.flmgr.net_____NCM______2_10042231.exeGet hashmaliciousUnknownBrowse
  • 123.57.49.36
_____NCM______2_10042231.exeGet hashmaliciousUnknownBrowse
  • 123.57.49.36
#U5317#U4eac#U5e02#U5355#U4f4d#U793e#U4fdd#U8d39#U7ba1#U7406#U5ba2#U6237#U7aef_2_10044437.exeGet hashmaliciousUnknownBrowse
  • 123.57.49.36
#U5317#U4eac#U5e02#U5355#U4f4d#U793e#U4fdd#U8d39#U7ba1#U7406#U5ba2#U6237#U7aef_2_10044437.exeGet hashmaliciousUnknownBrowse
  • 123.57.49.36
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfattura proforma pdf.exeGet hashmaliciousDBatLoader, FormBookBrowse
  • 139.224.14.111
1d5ylg4FZx.elfGet hashmaliciousMiraiBrowse
  • 47.92.251.55
SecuriteInfo.com.FileRepPup.23700.16761.exeGet hashmaliciousUnknownBrowse
  • 8.130.41.80
hQabCLF24i.exeGet hashmaliciousCobaltStrikeBrowse
  • 121.40.63.121
file.exeGet hashmaliciousBlackMoonBrowse
  • 47.105.66.148
https://www.wjx.cn/vm/t68QDC0.aspxGet hashmaliciousUnknownBrowse
  • 121.199.107.25
huhu.mpsl.elfGet hashmaliciousMiraiBrowse
  • 139.246.180.232
huhu.arm.elfGet hashmaliciousMiraiBrowse
  • 47.114.18.22
huhu.x86.elfGet hashmaliciousMiraiBrowse
  • 47.118.89.151
6HKlYaVUOY.elfGet hashmaliciousMiraiBrowse
  • 121.197.213.79
skyljne.x86-20240113-1800.elfGet hashmaliciousMiraiBrowse
  • 8.158.74.62
skyljne.arm7-20240113-1800.elfGet hashmaliciousMiraiBrowse
  • 8.141.130.107
yhgo_r.exeGet hashmaliciousUnknownBrowse
  • 112.74.41.150
buding.exeGet hashmaliciousUnknownBrowse
  • 47.98.224.91
skyljne.mpsl.elfGet hashmaliciousMiraiBrowse
  • 120.55.59.173
https://www.baidu.com/link?url=bgFGHjV_rjLTGwiItIK2Me1VNALidrg0XAjCgffnb9G&wd#JTNDJTZEJTY1JTc0JTYxJTIwJTY4JTc0JTc0JTcwJTJEJTY1JTcxJTc1JTY5JTc2JTNEJTIyJTcyJTY1JTY2JTcyJTY1JTczJTY4JTIyJTIwJTYzJTZGJTZFJTc0JTY1JTZFJTc0JTNEJTIyJTMwJTNCJTIwJTc1JTcyJTZDJTNEJTY4JTc0JTc0JTcwJTczJTNBJTJGJTJGJTc2JTczJTZCJTc5JTZFJTJFJTYzJTZGJTZEJTJGJTczJTY1JTZFJTY0JTY3JTcyJTY5JTYxJTcwJTcwJTJEJTY5JTZFJTc2JTZGJTY5JTYzJTY1JTJGJTIyJTIwJTJGGet hashmaliciousHTMLPhisherBrowse
  • 47.98.105.194
http://027lyty.com/d.htmlGet hashmaliciousUnknownBrowse
  • 47.101.57.20
skyljne.x86.elfGet hashmaliciousMiraiBrowse
  • 47.114.78.253
skyljne.arm7.elfGet hashmaliciousMiraiBrowse
  • 8.164.223.161
No context
No context
No created / dropped files found
File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):6.6713971608058165
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
File size:294'832 bytes
MD5:8284da11168b4dea50ee3159043ba5f9
SHA1:91fd9ccb26fed425a779a3def89a625e5616f844
SHA256:7fa5cd4c23349fc8ee7f9aae22a4cd2d60bfa2c7f70ddcb1bedea98776dc40c8
SHA512:2c159696af761072f77d5a5a7b7fd914d6310f25dc2cdc364e9ca81ea29da81d1b72d9bd3a938b206aa053eea6e53e366007b8e77abea383c4644645d4006ab2
SSDEEP:6144:rEj+CdJn5PuBjB9x8UIxew6ODSqAYrAOQYy6SOjaP:wyCdJn5PuBV9x8PjmpsaP
TLSH:88549E1175D2C432E97201334A78DBA6693DBA340F6549EF93D85E3DDE302C29732B6A
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............s...s...s.......s.......s.......s.......s.......s.......s.......s...s...s.......s..2....s..2.{..s...s...s..2....s..Rich.s.
Icon Hash:7985c9cdcdecde23
Entrypoint:0x410d9e
Entrypoint Section:.text
Digitally signed:true
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x62BEB92D [Fri Jul 1 09:06:53 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:23788615c320bd0d80817496057378a4
Signature Valid:true
Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:The operation completed successfully
Error Number:0
Not Before, Not After
  • 30/05/2022 01:00:00 31/05/2023 00:59:59
Subject Chain
  • CN="Guangxi Yunao Network Technology Co., Ltd.", O="Guangxi Yunao Network Technology Co., Ltd.", L=Beihai, S=Guangxi, C=CN, SERIALNUMBER=91450500MAA7H9NJ04, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Beihai Industrial Park, OID.1.3.6.1.4.1.311.60.2.1.2=Guangxi, OID.1.3.6.1.4.1.311.60.2.1.3=CN
Version:3
Thumbprint MD5:C10208E2AF154216E497725C2ED4260E
Thumbprint SHA-1:6A14DAC8CE4B9EA7ADA56E364F5F659FDD430A6F
Thumbprint SHA-256:492C5D36B26FB2B1931805580F0630A6807D27CC8AC53FD4E6634E62E84EBFA9
Serial:0D16167519B24B5B2410B9016D5E0782
Instruction
call 00007F1B7962F28Bh
jmp 00007F1B7962E71Fh
push 00000010h
push 0043EBC8h
call 00007F1B7962F591h
xor ebx, ebx
mov dword ptr [ebp-20h], ebx
mov byte ptr [ebp-19h], bl
mov dword ptr [ebp-04h], ebx
cmp ebx, dword ptr [ebp+10h]
je 00007F1B7962E8BDh
mov ecx, dword ptr [ebp+14h]
call dword ptr [00430178h]
mov ecx, dword ptr [ebp+08h]
call dword ptr [ebp+14h]
mov eax, dword ptr [ebp+0Ch]
add dword ptr [ebp+08h], eax
inc ebx
mov dword ptr [ebp-20h], ebx
jmp 00007F1B7962E882h
mov al, 01h
mov byte ptr [ebp-19h], al
mov dword ptr [ebp-04h], FFFFFFFEh
call 00007F1B7962E8BDh
mov ecx, dword ptr [ebp-10h]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop esi
pop ebx
leave
retn 0014h
mov ebx, dword ptr [ebp-20h]
mov al, byte ptr [ebp-19h]
test al, al
jne 00007F1B7962E8B1h
push dword ptr [ebp+18h]
push ebx
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007F1B7962E92Bh
ret
push 0000000Ch
push 0043EBE8h
call 00007F1B7962F51Dh
mov byte ptr [ebp-19h], 00000000h
mov ebx, dword ptr [ebp+0Ch]
mov eax, ebx
mov edi, dword ptr [ebp+10h]
imul eax, edi
mov esi, dword ptr [ebp+08h]
add esi, eax
mov dword ptr [ebp+08h], esi
and dword ptr [ebp-04h], 00000000h
mov eax, edi
dec edi
mov dword ptr [ebp+10h], edi
test eax, eax
je 00007F1B7962E8B7h
sub esi, ebx
mov dword ptr [ebp+08h], esi
mov ecx, dword ptr [ebp+14h]
call dword ptr [00430178h]
mov ecx, esi
call dword ptr [ebp+14h]
jmp 00007F1B7962E883h
mov al, 01h
mov byte ptr [ebp+00h], al
Programming Language:
  • [C++] VS2015 UPD2 build 23918
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x3f25c0x64.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x420000x2e70.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x450000x2fb0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x450000x22b8.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x3c6880x70.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x3c7000x18.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3c5c80x40.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x300000x178.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x2e8bc0x2ea00False0.5343865197721179data6.61480304132204IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x300000xfb0c0xfc00False0.4876922123015873data5.360637049396183IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x400000x1edc0x1200False0.177734375DOS executable (block device driver \377\377\377\377)3.1189092823959212IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x420000x2e700x3000False0.8592122395833334data7.366519720766087IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x450000x22b80x2400False0.7370876736111112data6.48910841233265IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x422500x2601PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedChineseChina0.9758454106280193
RT_MENU0x448700x50dataChineseChina0.8375
RT_DIALOG0x448d00x118dataChineseChina0.6178571428571429
RT_STRING0x44ca80x40dataChineseChina0.640625
RT_ACCELERATOR0x448c00x10dataChineseChina1.25
RT_GROUP_ICON0x448580x14dataChineseChina1.05
RT_VERSION0x449e80x2c0dataChineseChina0.5326704545454546
RT_MANIFEST0x44ce80x188XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5892857142857143
DLLImport
KERNEL32.dllGetModuleFileNameW, GetEnvironmentVariableW, WaitForSingleObject, GetACP, MultiByteToWideChar, GetLastError, CloseHandle, CreateProcessW, WideCharToMultiByte, CreateFileW, HeapSize, SetFilePointerEx, GetFileSizeEx, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, GetProcessHeap, SetStdHandle, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetStringTypeW, GetCPInfo, InitializeCriticalSectionAndSpinCount, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, GetModuleHandleW, GetProcAddress, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, RaiseException, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetOEMCP, WriteConsoleW
SHLWAPI.dllPathAddBackslashW, PathStripPathW, PathAppendW
urlmon.dllURLDownloadToFileW
WINHTTP.dllWinHttpOpenRequest, WinHttpQueryDataAvailable, WinHttpReadData, WinHttpOpen, WinHttpSendRequest, WinHttpCloseHandle, WinHttpReceiveResponse, WinHttpConnect
Language of compilation systemCountry where language is spokenMap
ChineseChina
EnglishUnited States

Download Network PCAP: filteredfull

  • Total Packets: 6
  • 80 (HTTP)
  • 53 (DNS)
TimestampSource PortDest PortSource IPDest IP
Jan 19, 2024 04:21:49.676096916 CET4973080192.168.2.4123.57.49.36
Jan 19, 2024 04:21:49.987193108 CET8049730123.57.49.36192.168.2.4
Jan 19, 2024 04:21:49.987428904 CET4973080192.168.2.4123.57.49.36
Jan 19, 2024 04:21:49.987931967 CET4973080192.168.2.4123.57.49.36
Jan 19, 2024 04:21:50.298742056 CET8049730123.57.49.36192.168.2.4
Jan 19, 2024 04:21:50.299783945 CET8049730123.57.49.36192.168.2.4
Jan 19, 2024 04:21:50.351852894 CET4973080192.168.2.4123.57.49.36
Jan 19, 2024 04:22:20.418298006 CET4973080192.168.2.4123.57.49.36
TimestampSource PortDest PortSource IPDest IP
Jan 19, 2024 04:21:49.341523886 CET5400853192.168.2.41.1.1.1
Jan 19, 2024 04:21:49.664876938 CET53540081.1.1.1192.168.2.4
TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
Jan 19, 2024 04:21:49.341523886 CET192.168.2.41.1.1.10x912bStandard query (0)api.flmgr.netA (IP address)IN (0x0001)false
TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
Jan 19, 2024 04:21:49.664876938 CET1.1.1.1192.168.2.40x912bNo error (0)api.flmgr.net123.57.49.36A (IP address)IN (0x0001)false
  • api.flmgr.net
Session IDSource IPSource PortDestination IPDestination PortPIDProcess
0192.168.2.449730123.57.49.36806540C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
TimestampBytes transferredDirectionData
Jan 19, 2024 04:21:49.987931967 CET141OUTGET /v1/client/update?CurVersion=1.0.0.0 HTTP/1.1
Connection: Keep-Alive
User-Agent: A WinHTTP Example Program/1.0
Host: api.flmgr.net
Jan 19, 2024 04:21:50.299783945 CET180INHTTP/1.1 400 Bad Request
Server: nginx/1.20.1
Date: Fri, 19 Jan 2024 03:21:50 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 9
Connection: keep-alive
Data Raw: e6 97 a0 e6 9b b4 e6 96 b0
Data Ascii:


Target ID:0
Start time:04:21:47
Start date:19/01/2024
Path:C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
Wow64 process (32bit):true
Commandline:C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
Imagebase:0xd20000
File size:294'832 bytes
MD5 hash:8284DA11168B4DEA50EE3159043BA5F9
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:0.9%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:25.8%
Total number of Nodes:190
Total number of Limit Nodes:6
Show Legend
Hide Nodes/Edges
execution_graph 21259 d30c22 21260 d30c2e __FrameHandler3::FrameUnwindToState 21259->21260 21284 d30fba 21260->21284 21262 d30c35 21263 d30d88 21262->21263 21273 d30c5f ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 21262->21273 21306 d31843 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter std::locale::_Setgloballocale 21263->21306 21265 d30d8f 21299 d3e089 21265->21299 21269 d30d9d 21270 d30c7e 21271 d30cff 21295 d3195e 21271->21295 21273->21270 21273->21271 21302 d3e063 37 API calls 3 library calls 21273->21302 21275 d30d05 21276 d30d1a 21275->21276 21303 d31994 GetModuleHandleW 21276->21303 21278 d30d21 21278->21265 21279 d30d25 21278->21279 21280 d30d2e 21279->21280 21304 d3e03e 23 API calls std::locale::_Setgloballocale 21279->21304 21305 d3112b 73 API calls ___scrt_uninitialize_crt 21280->21305 21283 d30d36 21283->21270 21285 d30fc3 21284->21285 21308 d31ae5 IsProcessorFeaturePresent 21285->21308 21287 d30fcf 21309 d346ee 10 API calls 2 library calls 21287->21309 21289 d30fd4 21290 d30fd8 21289->21290 21310 d3fccf 21289->21310 21290->21262 21293 d30fef 21293->21262 21369 d32a40 21295->21369 21298 d31984 21298->21275 21371 d3dee4 21299->21371 21302->21271 21303->21278 21304->21280 21305->21283 21306->21265 21307 d3e04d 23 API calls std::locale::_Setgloballocale 21307->21269 21308->21287 21309->21289 21314 d4996b 21310->21314 21313 d3470d 7 API calls 2 library calls 21313->21290 21315 d4997b 21314->21315 21316 d30fe1 21314->21316 21315->21316 21318 d420f2 21315->21318 21316->21293 21316->21313 21319 d420fe __FrameHandler3::FrameUnwindToState 21318->21319 21330 d3c461 EnterCriticalSection 21319->21330 21321 d42105 21331 d4742b 21321->21331 21324 d42123 21346 d42149 LeaveCriticalSection std::_Lockit::~_Lockit 21324->21346 21327 d4211e 21345 d4203e GetStdHandle GetFileType 21327->21345 21328 d42134 21328->21315 21330->21321 21332 d47437 __FrameHandler3::FrameUnwindToState 21331->21332 21333 d47440 21332->21333 21334 d47461 21332->21334 21355 d3804c 14 API calls __dosmaperr 21333->21355 21347 d3c461 EnterCriticalSection 21334->21347 21337 d47445 21356 d35c7f 25 API calls __cftoe 21337->21356 21338 d4746d 21343 d47499 21338->21343 21348 d4737b 21338->21348 21340 d42114 21340->21324 21344 d41f88 28 API calls 21340->21344 21357 d474c0 LeaveCriticalSection std::_Lockit::~_Lockit 21343->21357 21344->21327 21345->21324 21346->21328 21347->21338 21358 d41452 21348->21358 21350 d4738d 21354 d4739a 21350->21354 21365 d41a17 6 API calls __Getctype 21350->21365 21352 d473ef 21352->21338 21366 d414af 14 API calls __dosmaperr 21354->21366 21355->21337 21356->21340 21357->21340 21363 d4145f __Getctype 21358->21363 21359 d4149f 21368 d3804c 14 API calls __dosmaperr 21359->21368 21360 d4148a RtlAllocateHeap 21362 d4149d 21360->21362 21360->21363 21362->21350 21363->21359 21363->21360 21367 d3d528 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 21363->21367 21365->21350 21366->21352 21367->21363 21368->21362 21370 d31971 GetStartupInfoW 21369->21370 21370->21298 21372 d3def2 21371->21372 21373 d3df04 21371->21373 21399 d3df8a GetModuleHandleW 21372->21399 21383 d3ddaa 21373->21383 21377 d3def7 21377->21373 21400 d3dfcd GetModuleHandleExW 21377->21400 21378 d30d95 21378->21307 21381 d3df47 21384 d3ddb6 __FrameHandler3::FrameUnwindToState 21383->21384 21406 d3c461 EnterCriticalSection 21384->21406 21386 d3ddc0 21407 d3ddf7 21386->21407 21388 d3ddcd 21411 d3ddeb 21388->21411 21391 d3df48 21416 d4734a GetPEB 21391->21416 21394 d3df77 21397 d3dfcd std::locale::_Setgloballocale 3 API calls 21394->21397 21395 d3df57 GetPEB 21395->21394 21396 d3df67 GetCurrentProcess TerminateProcess 21395->21396 21396->21394 21398 d3df7f ExitProcess 21397->21398 21399->21377 21401 d3e00f 21400->21401 21402 d3dfec GetProcAddress 21400->21402 21403 d3e015 FreeLibrary 21401->21403 21404 d3df03 21401->21404 21405 d3e001 21402->21405 21403->21404 21404->21373 21405->21401 21406->21386 21408 d3de03 __FrameHandler3::FrameUnwindToState 21407->21408 21409 d3de64 std::locale::_Setgloballocale 21408->21409 21414 d3fb4b 14 API calls std::locale::_Setgloballocale 21408->21414 21409->21388 21415 d3c4a9 LeaveCriticalSection 21411->21415 21413 d3ddd9 21413->21378 21413->21391 21414->21409 21415->21413 21417 d47364 21416->21417 21418 d3df52 21416->21418 21420 d41809 5 API calls __Getctype 21417->21420 21418->21394 21418->21395 21420->21418 21421 d227e1 WinHttpConnect 21422 d22800 WinHttpOpenRequest 21421->21422 21440 d22843 std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 21421->21440 21423 d22825 WinHttpSendRequest 21422->21423 21422->21440 21424 d22838 WinHttpReceiveResponse 21423->21424 21423->21440 21424->21440 21425 d22880 WinHttpQueryDataAvailable 21426 d22896 GetLastError 21425->21426 21425->21440 21441 d22430 71 API calls 21426->21441 21428 d2296e 21429 d22991 WinHttpCloseHandle 21428->21429 21430 d22994 21428->21430 21429->21430 21431 d2299b WinHttpCloseHandle 21430->21431 21432 d2299e 21430->21432 21431->21432 21433 d229a5 WinHttpCloseHandle 21432->21433 21437 d229a8 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 21432->21437 21433->21437 21434 d228d1 WinHttpReadData 21435 d228e7 GetLastError 21434->21435 21435->21440 21443 d30ae0 5 API calls ___raise_securityfailure 21437->21443 21439 d22a42 21440->21425 21440->21428 21440->21434 21442 d22430 71 API calls 21440->21442 21441->21440 21442->21440 21443->21439 21444 d21504 21445 d21517 std::_Locinfo::_Locinfo_ctor 21444->21445 21446 d21578 21445->21446 21448 d21660 21445->21448 21447 d21613 std::_Locinfo::_Locinfo_ctor 21446->21447 21449 d21752 21446->21449 21450 d21779 21446->21450 21518 d24240 27 API calls std::_Facet_Register 21447->21518 21512 d21d90 27 API calls 2 library calls 21448->21512 21453 d21d62 21449->21453 21516 d21120 27 API calls 4 library calls 21449->21516 21450->21447 21517 d21120 27 API calls 4 library calls 21450->21517 21533 d21120 27 API calls 3 library calls 21453->21533 21455 d21673 21513 d21e90 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 21455->21513 21456 d217cb std::locale::_Setgloballocale 21519 d288e0 27 API calls std::_Facet_Register 21456->21519 21460 d21d67 21534 d35c8f 25 API calls 2 library calls 21460->21534 21461 d21763 21461->21447 21464 d21d58 21461->21464 21462 d2167d 21462->21464 21466 d216b5 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 21462->21466 21531 d35c8f 25 API calls 2 library calls 21464->21531 21514 d21d90 27 API calls 2 library calls 21466->21514 21470 d21d5d 21532 d35c8f 25 API calls 2 library calls 21470->21532 21471 d217eb 21520 d2dee0 57 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 21471->21520 21472 d216ea 21515 d21e90 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 21472->21515 21477 d21806 21521 d211d0 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 21477->21521 21478 d216f4 21478->21470 21487 d21734 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t std::locale::_Setgloballocale 21478->21487 21480 d21812 21480->21460 21482 d2183e std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 21480->21482 21522 d24f30 41 API calls 21482->21522 21484 d219d4 GetEnvironmentVariableW PathAddBackslashW PathAppendW URLDownloadToFileW 21494 d21a45 std::_Locinfo::_Locinfo_ctor 21484->21494 21498 d21c09 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 21484->21498 21487->21484 21488 d2185d 21523 d260d0 84 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 21488->21523 21492 d21864 21524 d22a50 27 API calls 3 library calls 21492->21524 21500 d21aee 21494->21500 21503 d21abf std::_Locinfo::_Locinfo_ctor 21494->21503 21495 d2186d 21525 d21e90 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 21495->21525 21530 d30ae0 5 API calls ___raise_securityfailure 21498->21530 21499 d21d52 21529 d22210 27 API calls 4 library calls 21500->21529 21502 d21b09 CreateProcessW 21504 d21baf WaitForSingleObject CloseHandle CloseHandle 21502->21504 21509 d21bcd std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 21502->21509 21503->21502 21504->21509 21505 d2187a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 21526 d21d90 27 API calls 2 library calls 21505->21526 21507 d21935 21527 d21e90 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 21507->21527 21509->21498 21511 d2193f std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 21528 d249c0 14 API calls 2 library calls 21511->21528 21512->21455 21513->21462 21514->21472 21515->21478 21516->21461 21517->21447 21518->21456 21519->21471 21520->21477 21521->21480 21522->21488 21523->21492 21524->21495 21525->21505 21526->21507 21527->21511 21528->21487 21529->21502 21530->21499 21533->21460

Executed Functions

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 0 d21504-d21550 call d32320 4 d21552-d2155b 0->4 5 d21578-d215db call d220e0 * 2 call d22770 0->5 6 d21560-d21564 4->6 19 d215e0-d2160d 5->19 6->5 8 d21566-d2156a 6->8 10 d21570-d21576 8->10 11 d21628-d2162a 8->11 10->5 10->8 11->5 13 d21630-d2163e 11->13 15 d21640-d21647 13->15 17 d216b7-d216be 15->17 18 d21649-d2164f 15->18 17->6 18->15 20 d21651-d2165a 18->20 21 d21613-d21623 19->21 22 d21739-d21750 19->22 20->5 23 d21660-d21687 call d21d90 call d21e90 20->23 26 d217a5-d21819 call d24240 call d32a40 call d288e0 call d2dee0 call d211d0 21->26 24 d21752-d21757 22->24 25 d21779-d2177b 22->25 52 d21689-d2169f 23->52 53 d216cd-d216fe call d21d90 call d21e90 23->53 29 d21d62 call d21120 24->29 30 d2175d-d21768 call d30aee 24->30 31 d2178a 25->31 32 d2177d-d21788 call d30aee 25->32 87 d2181b-d21828 26->87 88 d21848-d21881 call d24f30 call d260d0 call d22a50 call d21e90 26->88 43 d21d67-d21dd0 call d35c8f 29->43 49 d21d58 call d35c8f 30->49 50 d2176e-d21777 30->50 34 d2178c-d217a1 call d32320 31->34 32->34 34->26 63 d21dd2-d21ddd 43->63 64 d21e24-d21e39 call d220d0 43->64 57 d21d5d call d35c8f 49->57 50->34 58 d216c3-d216ca call d30b1e 52->58 59 d216a1-d216af 52->59 83 d219c0-d21a3f call d32a40 GetEnvironmentVariableW PathAddBackslashW PathAppendW URLDownloadToFileW 53->83 84 d21704-d2171a 53->84 57->29 58->53 59->49 66 d216b5 59->66 71 d21de1-d21de7 63->71 72 d21ddf 63->72 81 d21e3b-d21e4a 64->81 82 d21e68-d21e7c 64->82 66->58 77 d21e0a-d21e21 call d220e0 71->77 78 d21de9-d21e07 call d32320 71->78 72->71 90 d21e5e-d21e65 call d30b1e 81->90 91 d21e4c-d21e5a 81->91 107 d21a45-d21a5f 83->107 108 d21c09-d21c10 83->108 92 d21720-d2172e 84->92 93 d219b6-d219bd call d30b1e 84->93 96 d2182a-d21838 87->96 97 d2183e-d21845 call d30b1e 87->97 158 d21883-d21896 88->158 159 d218b6-d218cf 88->159 90->82 99 d21e5c 91->99 100 d21e7d-d21e82 call d35c8f 91->100 92->57 103 d21734 92->103 93->83 96->43 96->97 97->88 99->90 103->93 113 d21a60-d21a69 107->113 115 d21c12-d21c25 108->115 116 d21c45-d21c63 108->116 113->113 120 d21a6b-d21a79 113->120 122 d21c27-d21c35 115->122 123 d21c3b-d21c42 call d30b1e 115->123 118 d21c65-d21c78 116->118 119 d21c98-d21cb6 116->119 124 d21c7a-d21c88 118->124 125 d21c8e-d21c95 call d30b1e 118->125 126 d21ceb-d21d0c 119->126 127 d21cb8-d21ccb 119->127 128 d21a9a-d21aa9 call d220e0 120->128 129 d21a7b-d21a98 call d32320 120->129 122->123 123->116 124->125 125->119 138 d21d40-d21d55 call d30ae0 126->138 139 d21d0e-d21d24 126->139 133 d21ce1-d21ce8 call d30b1e 127->133 134 d21ccd-d21cdb 127->134 145 d21aae-d21abd 128->145 129->145 133->126 134->133 147 d21d36-d21d3d call d30b1e 139->147 148 d21d26-d21d34 139->148 152 d21aee-d21b04 call d22210 145->152 153 d21abf-d21aec call d32320 145->153 147->138 148->147 162 d21b09-d21bad CreateProcessW 152->162 153->162 160 d21898-d218a6 158->160 161 d218ac-d218b3 call d30b1e 158->161 163 d218d1-d218df 159->163 164 d2191e 159->164 160->161 161->159 167 d21baf-d21bcb WaitForSingleObject CloseHandle * 2 162->167 168 d21bcd-d21bd4 162->168 169 d218e5-d218e9 163->169 170 d21921-d21946 call d21d90 call d21e90 164->170 167->168 168->108 173 d21bd6-d21be9 168->173 174 d21912-d21914 169->174 175 d218eb-d218f0 169->175 188 d2197b-d21991 call d249c0 170->188 189 d21948-d2195b 170->189 177 d21beb-d21bf9 173->177 178 d21bff-d21c06 call d30b1e 173->178 174->164 180 d21916-d2191c 174->180 179 d218f5-d218fc 175->179 177->178 178->108 183 d2190e 179->183 184 d218fe-d21904 179->184 180->169 183->174 184->179 187 d21906-d2190c 184->187 187->170 188->83 196 d21993-d219a0 188->196 190 d21971-d21978 call d30b1e 189->190 191 d2195d-d2196b 189->191 190->188 191->190 196->93 197 d219a2-d219b0 196->197 197->93
APIs
  • GetEnvironmentVariableW.KERNEL32(TEMP,?,00000103,?,?,00000000), ref: 00D219E9
  • PathAddBackslashW.SHLWAPI(?,?,?,00000000), ref: 00D219F7
  • PathAppendW.SHLWAPI(?,?), ref: 00D21A14
  • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 00D21A37
  • CreateProcessW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 00D21BA5
  • WaitForSingleObject.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00D21BB5
  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00D21BC5
  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00D21BCB
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: CloseHandlePath$AppendBackslashCreateDownloadEnvironmentFileObjectProcessSingleVariableWait
  • String ID: /S$D$DownloadUrl$TEMP$api.flmgr.net$v1/client/update?CurVersion=1.0.0.0
  • API String ID: 1042595592-2708465439
  • Opcode ID: cb7f6dbb70165af66c668d96db48d8bbd55db1caeda2fdf0ad2229c0359d18d0
  • Instruction ID: ecc9a31517070bf04980998a17be387b6976fb81fa2a5559f334a70bcf5dc1db
  • Opcode Fuzzy Hash: cb7f6dbb70165af66c668d96db48d8bbd55db1caeda2fdf0ad2229c0359d18d0
  • Instruction Fuzzy Hash: 7C32E0355043509BC718DF24DC95BAFB7E5EFA4308F148A1CF49A872A1E770E685CBA2
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 250 d3df48-d3df55 call d4734a 253 d3df77-d3df83 call d3dfcd ExitProcess 250->253 254 d3df57-d3df65 GetPEB 250->254 254->253 255 d3df67-d3df71 GetCurrentProcess TerminateProcess 254->255 255->253
APIs
  • GetCurrentProcess.KERNEL32(00D412BC,?,00D3DF47,00000000,?,00D412BC,00000000,00D412BC), ref: 00D3DF6A
  • TerminateProcess.KERNEL32(00000000,?,00D3DF47,00000000,?,00D412BC,00000000,00D412BC), ref: 00D3DF71
  • ExitProcess.KERNEL32 ref: 00D3DF83
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: Process$CurrentExitTerminate
  • String ID:
  • API String ID: 1703294689-0
  • Opcode ID: c6320a7c3346016c756637dab37b22fc5b77ff03f880cc9653201926154ea7bb
  • Instruction ID: fedaabec6bb8d2b91df1165bf24e21678b8b5ed9d4845276054ba307b2886157
  • Opcode Fuzzy Hash: c6320a7c3346016c756637dab37b22fc5b77ff03f880cc9653201926154ea7bb
  • Instruction Fuzzy Hash: C5E09271014288AFCF156B68ED49A593F6AEF44382F440414FD46CA271DB35E951DAA0
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 198 d227e1-d227fe WinHttpConnect 199 d22843-d22877 198->199 200 d22800-d22823 WinHttpOpenRequest 198->200 204 d22880-d22894 WinHttpQueryDataAvailable 199->204 200->199 201 d22825-d22836 WinHttpSendRequest 200->201 201->199 203 d22838-d22841 WinHttpReceiveResponse 201->203 203->199 205 d22896-d228a7 GetLastError call d22430 204->205 206 d228aa-d228af 204->206 205->206 208 d22984-d2298f 206->208 209 d228b5-d22905 call d30b54 call d32a40 WinHttpReadData GetLastError call d22430 206->209 212 d22991-d22992 WinHttpCloseHandle 208->212 213 d22994-d22999 208->213 239 d22908-d2290d 209->239 212->213 215 d2299b-d2299c WinHttpCloseHandle 213->215 216 d2299e-d229a3 213->216 215->216 218 d229a5-d229a6 WinHttpCloseHandle 216->218 219 d229a8-d229ae 216->219 218->219 221 d229b0-d229c2 219->221 222 d229de-d229f8 219->222 226 d229d4-d229db call d30b1e 221->226 227 d229c4-d229d2 221->227 223 d229fa-d22a0c 222->223 224 d22a28-d22a45 call d30ae0 222->224 229 d22a1e-d22a25 call d30b1e 223->229 230 d22a0e-d22a1c 223->230 226->222 227->226 229->224 230->229 239->239 240 d2290f-d2292a 239->240 242 d2292e-d22968 call d32320 call d30b4f 240->242 243 d2292c 240->243 242->204 249 d2296e 242->249 243->242 249->208
APIs
  • WinHttpConnect.WINHTTP(?,?,00000050), ref: 00D227F1
  • WinHttpOpenRequest.WINHTTP(00000000,GET,?,?,?,?,?,?,?,?,?,00000050), ref: 00D22816
  • WinHttpSendRequest.WINHTTP(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000050), ref: 00D2282C
  • WinHttpReceiveResponse.WINHTTP(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D2283B
  • WinHttpQueryDataAvailable.WINHTTP(00000000,00000000,?,?), ref: 00D2288C
  • GetLastError.KERNEL32(?,?,?,?,00000050), ref: 00D22896
  • WinHttpReadData.WINHTTP(00000000,00000000,00000000,00000000,?,?,?,?), ref: 00D228DD
  • GetLastError.KERNEL32(?,00000000,?,?), ref: 00D228E7
  • WinHttpCloseHandle.WINHTTP(?,?,?), ref: 00D22992
  • WinHttpCloseHandle.WINHTTP(?,?,?), ref: 00D2299C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: Http$CloseDataErrorHandleLastRequest$AvailableConnectOpenQueryReadReceiveResponseSend
  • String ID: Error %u in WinHttpQueryDataAvailable.$Error %u in WinHttpReadData.$GET$wrQRC
  • API String ID: 841355920-2789575764
  • Opcode ID: 2bb521ecf3fb4232efed4c50cd80cda826de27ca2c262e47d31296209551ed8e
  • Instruction ID: c3959b7f5e9499f05dd97325344737d7a9fb717b8b7f20abdd8aac456916939d
  • Opcode Fuzzy Hash: 2bb521ecf3fb4232efed4c50cd80cda826de27ca2c262e47d31296209551ed8e
  • Instruction Fuzzy Hash: 5A618C71A00219ABDB249F68EC89BBF7BA8EF55709F180128F805E7240D734D945CBB1
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 258 d4737b-d47388 call d41452 260 d4738d-d47398 258->260 261 d4739e-d473a6 260->261 262 d4739a-d4739c 260->262 263 d473e9-d473f5 call d414af 261->263 264 d473a8-d473ac 261->264 262->263 265 d473ae-d473e3 call d41a17 264->265 270 d473e5-d473e8 265->270 270->263
APIs
    • Part of subcall function 00D41452: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00D413A2,00000001,00000364,00000006,000000FF,?,?,00D320DB,?), ref: 00D41493
  • _free.LIBCMT ref: 00D473EA
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: AllocateHeap_free
  • String ID:
  • API String ID: 614378929-0
  • Opcode ID: 86bf5ae341fda6641de73866ba37e3f528d14c7a6c5655e797d4204723481a41
  • Instruction ID: 44c50d057b6dcba601cc2bedf183eca5362a09be9d478897791f50b92924811f
  • Opcode Fuzzy Hash: 86bf5ae341fda6641de73866ba37e3f528d14c7a6c5655e797d4204723481a41
  • Instruction Fuzzy Hash: F20149726043166BC3208F68C88598EFB98FB057B0F140629E955A76C0D370AC10C7B0
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 271 d41452-d4145d 272 d4145f-d41469 271->272 273 d4146b-d41471 271->273 272->273 274 d4149f-d414aa call d3804c 272->274 275 d41473-d41474 273->275 276 d4148a-d4149b RtlAllocateHeap 273->276 282 d414ac-d414ae 274->282 275->276 278 d41476-d4147d call d3f804 276->278 279 d4149d 276->279 278->274 284 d4147f-d41488 call d3d528 278->284 279->282 284->274 284->276
APIs
  • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00D413A2,00000001,00000364,00000006,000000FF,?,?,00D320DB,?), ref: 00D41493
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: AllocateHeap
  • String ID:
  • API String ID: 1279760036-0
  • Opcode ID: f94b75171bd014729a267ba2ff5816f5083d3411a89bbcf20cbcb387907f9182
  • Instruction ID: 747e133fd670ccb8470a6b484bd3dd32cb663cf7c54e0f73276d7c821e8ccbc7
  • Opcode Fuzzy Hash: f94b75171bd014729a267ba2ff5816f5083d3411a89bbcf20cbcb387907f9182
  • Instruction Fuzzy Hash: 0EF0BE3D650324A79B216B76DC01B6A3B49EF417B0F288121FC4CDA190CA60DC808AB4
Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: __floor_pentium4
  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
  • API String ID: 4168288129-2761157908
  • Opcode ID: 1264f577fe6aaebe0ff4c706ac3084bb8f813bbcf0134dad5643e3db26270836
  • Instruction ID: ac0c7ac22f0321b3f11ab56b2700a5cff8b91e0adca8059e33bafb855049d84d
  • Opcode Fuzzy Hash: 1264f577fe6aaebe0ff4c706ac3084bb8f813bbcf0134dad5643e3db26270836
  • Instruction Fuzzy Hash: 62D26D71E092288FDB64CF28DC807EAB7B5EB54315F1855EAE44DE7240E774AE818F60
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 00D495B2
  • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 00D495DB
  • GetACP.KERNEL32 ref: 00D495F0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: InfoLocale
  • String ID: ACP$OCP
  • API String ID: 2299586839-711371036
  • Opcode ID: d707a4b9e2e09616a0887d1a36942e9b24254e67b4c4df231224c96a402b1c5b
  • Instruction ID: 77aeb9c1bb732bcb1253ad626aa32698a00ebc6edca45cf10074402921a73b98
  • Opcode Fuzzy Hash: d707a4b9e2e09616a0887d1a36942e9b24254e67b4c4df231224c96a402b1c5b
  • Instruction Fuzzy Hash: 4221C872600205A7DB32CF67C960A97F7A6EB54B61B7E8424E94AC7204E732DD41C770
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00D41200: GetLastError.KERNEL32(?,?,?,00D36508,?,00000000,?,?,00D365D3,?,00000000,00000000), ref: 00D41205
    • Part of subcall function 00D41200: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00D365D3,?,00000000,00000000), ref: 00D412A3
    • Part of subcall function 00D41200: _free.LIBCMT ref: 00D41262
    • Part of subcall function 00D41200: _free.LIBCMT ref: 00D41298
  • GetUserDefaultLCID.KERNEL32 ref: 00D497FA
  • IsValidCodePage.KERNEL32(00000000), ref: 00D49843
  • IsValidLocale.KERNEL32(?,00000001), ref: 00D49852
  • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 00D4989A
  • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 00D498B9
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
  • String ID:
  • API String ID: 949163717-0
  • Opcode ID: 05890871e82919709257118b1d55210533df92178c15750b3d63592fd813980c
  • Instruction ID: 32c68b4ec9a4de3ff612df5e6d230452b2d9be3f7a7fadbae51b3fb50120f3f6
  • Opcode Fuzzy Hash: 05890871e82919709257118b1d55210533df92178c15750b3d63592fd813980c
  • Instruction Fuzzy Hash: 15519C71A00309AFEB10DFAACC91AABB7B8FF49301F194529E901E7181EB70D9448B71
Uniqueness

Uniqueness Score: -1.00%

APIs
  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00D3184F
  • IsDebuggerPresent.KERNEL32 ref: 00D3191B
  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D3193B
  • UnhandledExceptionFilter.KERNEL32(?), ref: 00D31945
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
  • String ID:
  • API String ID: 254469556-0
  • Opcode ID: b43024a6116bcb35fe7667f8c7f2c9a1efe5a3dbf1fa13b8be95c6327845babc
  • Instruction ID: ad86ca18423c47de7857f47e370baed953ea88f16888bc247ad11043136da9f5
  • Opcode Fuzzy Hash: b43024a6116bcb35fe7667f8c7f2c9a1efe5a3dbf1fa13b8be95c6327845babc
  • Instruction Fuzzy Hash: 32312B75D0131D9BDB20DF64D989BCDBBB8EF04301F1041AAE40DA7290EB719A85DF65
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00D41200: GetLastError.KERNEL32(?,?,?,00D36508,?,00000000,?,?,00D365D3,?,00000000,00000000), ref: 00D41205
    • Part of subcall function 00D41200: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00D365D3,?,00000000,00000000), ref: 00D412A3
    • Part of subcall function 00D41200: _free.LIBCMT ref: 00D41262
    • Part of subcall function 00D41200: _free.LIBCMT ref: 00D41298
  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D491F4
  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D4923E
  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D49304
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: InfoLocale$ErrorLast_free
  • String ID:
  • API String ID: 3140898709-0
  • Opcode ID: e2a7b6fbe38aeb046410b9e78d86f3ee9118ebff97958a4e7e483fc741e2d440
  • Instruction ID: a36bedfd384706c2fd0bd51bd0a440ad15b035e187617e93d413fd4a065776e4
  • Opcode Fuzzy Hash: e2a7b6fbe38aeb046410b9e78d86f3ee9118ebff97958a4e7e483fc741e2d440
  • Instruction Fuzzy Hash: DC61BF71500207AFDB28DF26CCA6BBBB7A8EF15301F1841A9E905C6585EB74DD81CB70
Uniqueness

Uniqueness Score: -1.00%

APIs
  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00D35BCB
  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00D35BD5
  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00D35BE2
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled$DebuggerPresent
  • String ID:
  • API String ID: 3906539128-0
  • Opcode ID: 4312dd5127d731f564d17a68338b79d83128861c324a663ce804da95e6ac5731
  • Instruction ID: e6b94d14978dedd072818b36ad863d812e2d4eeba30dac6df8650be8bad6d639
  • Opcode Fuzzy Hash: 4312dd5127d731f564d17a68338b79d83128861c324a663ce804da95e6ac5731
  • Instruction Fuzzy Hash: 4031C475D013199BCB21DF28DC89B9DBBB8BF08311F5041EAE41DA7290EB709B858F64
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 8527357ddbe5ec8763181d09a701a18441d5d1c50d34d393b1065b97db7a0202
  • Instruction ID: 729792a78390e1fd5de58e8cd0d62f59f5691f388c75814ca32728ce32fa49f2
  • Opcode Fuzzy Hash: 8527357ddbe5ec8763181d09a701a18441d5d1c50d34d393b1065b97db7a0202
  • Instruction Fuzzy Hash: 43F14F71E012199FDF14CFA9C8906AEB7F1FF48324F19826AD919AB345D731AD01CBA4
Uniqueness

Uniqueness Score: -1.00%

APIs
  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00D4010B,?,?,00000008,?,?,00D4CA32,00000000), ref: 00D4033D
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ExceptionRaise
  • String ID:
  • API String ID: 3997070919-0
  • Opcode ID: 749242d8d784be33322d100f61db3bf48c4303d4b57f5866810328dd6354c1fc
  • Instruction ID: 732c3236c67b8d433df741b207aa0585ed28beb555637f7ddb0d8e575e37793b
  • Opcode Fuzzy Hash: 749242d8d784be33322d100f61db3bf48c4303d4b57f5866810328dd6354c1fc
  • Instruction Fuzzy Hash: 5CB12931210609DFDB19CF28C48AB657FA0FF45364F298658EADACF2A1C335E981CB54
Uniqueness

Uniqueness Score: -1.00%

APIs
  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00D31AFB
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: FeaturePresentProcessor
  • String ID:
  • API String ID: 2325560087-0
  • Opcode ID: 655c7c92eca5c71849bb0428983716e6ce64f916d13bccff392357828ed6d46f
  • Instruction ID: a71a2659c755c3cd894f85a644c0fb11deeade030ecc249975e190377f87ddc7
  • Opcode Fuzzy Hash: 655c7c92eca5c71849bb0428983716e6ce64f916d13bccff392357828ed6d46f
  • Instruction Fuzzy Hash: 1B513CB99053068BDB25CF98D9857AAFBF4FB58310F18856AD405EB351E3B49940CBB0
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00D41200: GetLastError.KERNEL32(?,?,?,00D36508,?,00000000,?,?,00D365D3,?,00000000,00000000), ref: 00D41205
    • Part of subcall function 00D41200: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00D365D3,?,00000000,00000000), ref: 00D412A3
    • Part of subcall function 00D41200: _free.LIBCMT ref: 00D41262
    • Part of subcall function 00D41200: _free.LIBCMT ref: 00D41298
  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D49447
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast_free$InfoLocale
  • String ID:
  • API String ID: 2003897158-0
  • Opcode ID: a7913d02d2df4dfc433b792551f4d2d1a4b6df2138f0d783532fa8cdf11c8db1
  • Instruction ID: 3a8dea2eeec45700f879bd484d5ed8b0d649b5b98a612b6428aee7e1af7beec1
  • Opcode Fuzzy Hash: a7913d02d2df4dfc433b792551f4d2d1a4b6df2138f0d783532fa8cdf11c8db1
  • Instruction Fuzzy Hash: 1521C232600206ABDF289B66DC52EBBB7A8EF54351F14407AF906C6141EB75ED428B78
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00D41200: GetLastError.KERNEL32(?,?,?,00D36508,?,00000000,?,?,00D365D3,?,00000000,00000000), ref: 00D41205
    • Part of subcall function 00D41200: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00D365D3,?,00000000,00000000), ref: 00D412A3
  • EnumSystemLocalesW.KERNEL32(00D491A0,00000001), ref: 00D490EC
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast$EnumLocalesSystem
  • String ID:
  • API String ID: 2417226690-0
  • Opcode ID: df08daea6810ef97952392679a1ded772cfa6047f957277e4e0ec3410a9c3471
  • Instruction ID: 0102c851ff4277fc974bf0d617727f64a4ba47499ec5e2a0d44413a3e8810c23
  • Opcode Fuzzy Hash: df08daea6810ef97952392679a1ded772cfa6047f957277e4e0ec3410a9c3471
  • Instruction Fuzzy Hash: 3511E93A2007055FDB189F3AC8A557BBB91FF84359B18452CE94687640D7717942C760
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00D41200: GetLastError.KERNEL32(?,?,?,00D36508,?,00000000,?,?,00D365D3,?,00000000,00000000), ref: 00D41205
    • Part of subcall function 00D41200: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00D365D3,?,00000000,00000000), ref: 00D412A3
    • Part of subcall function 00D41200: _free.LIBCMT ref: 00D41262
    • Part of subcall function 00D41200: _free.LIBCMT ref: 00D41298
  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D48FDC
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast_free$InfoLocale
  • String ID:
  • API String ID: 2003897158-0
  • Opcode ID: 9e7f7ae955e31b0de824c92e33c17433402dd414648d7b5d3dd5c4649da58dfc
  • Instruction ID: 138a2ae44fd90702f0d3fafd2e35e9d2ed198362a9512be366c5d40262e06e0a
  • Opcode Fuzzy Hash: 9e7f7ae955e31b0de824c92e33c17433402dd414648d7b5d3dd5c4649da58dfc
  • Instruction Fuzzy Hash: F2110232610206ABDB14AF29DC52EBBB7ECEF04350B14007AF606D7241EF74E9459774
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00D41200: GetLastError.KERNEL32(?,?,?,00D36508,?,00000000,?,?,00D365D3,?,00000000,00000000), ref: 00D41205
    • Part of subcall function 00D41200: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00D365D3,?,00000000,00000000), ref: 00D412A3
  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00D493BC,00000000,00000000,?), ref: 00D4964B
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast$InfoLocale
  • String ID:
  • API String ID: 3736152602-0
  • Opcode ID: 9411e6461c76bd0e744fc9a6f1066ed2308902f60be20cf4bd621ad1eb583865
  • Instruction ID: 5f7049a7bbdef9bb94494329891deeaf3b2a5f2d344ae681f26836a79631d584
  • Opcode Fuzzy Hash: 9411e6461c76bd0e744fc9a6f1066ed2308902f60be20cf4bd621ad1eb583865
  • Instruction Fuzzy Hash: 6BF0A9365002167BDB249B668865BBBB758EB80794F1F4424ED86E3180DA74FE41C5F0
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00D41200: GetLastError.KERNEL32(?,?,?,00D36508,?,00000000,?,?,00D365D3,?,00000000,00000000), ref: 00D41205
    • Part of subcall function 00D41200: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00D365D3,?,00000000,00000000), ref: 00D412A3
  • EnumSystemLocalesW.KERNEL32(00D493F3,00000001), ref: 00D4915F
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast$EnumLocalesSystem
  • String ID:
  • API String ID: 2417226690-0
  • Opcode ID: 4b5ef2907f0673ff27010321d8aac7f04cc758e71aff227d926f5c5f2bf15eb1
  • Instruction ID: 6b6a9db636f99274175969be3571e9f203965fde882bca0c1e6592744d21ce84
  • Opcode Fuzzy Hash: 4b5ef2907f0673ff27010321d8aac7f04cc758e71aff227d926f5c5f2bf15eb1
  • Instruction Fuzzy Hash: 91F0F6363003055FDB146F3ADC99A7BBB95FF81768F09442CFA468B690D6B19C41C670
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00D3C461: EnterCriticalSection.KERNEL32(?,?,00D3D56C,00000000,00D5EDC8,0000000C,00D3D533,?,?,00D41485,?,?,00D413A2,00000001,00000364,00000006), ref: 00D3C470
  • EnumSystemLocalesW.KERNEL32(00D414E9,00000001,00D5EF68,0000000C,00D41898,00000000), ref: 00D4152E
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: CriticalEnterEnumLocalesSectionSystem
  • String ID:
  • API String ID: 1272433827-0
  • Opcode ID: 1307a16aed38f73b1d6873972eafa91e52d6591ca1721677ec0ab8c1ab49c262
  • Instruction ID: ebe2cd7404280cd1ebb3d48fb0d0ff906edc0671a00aa8f7603a95ccafa9db51
  • Opcode Fuzzy Hash: 1307a16aed38f73b1d6873972eafa91e52d6591ca1721677ec0ab8c1ab49c262
  • Instruction Fuzzy Hash: 97F03776A003049FE700EFA8E942B9D7BF0EB48B21F10411AE815DB3A0DAB559448F71
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00D41200: GetLastError.KERNEL32(?,?,?,00D36508,?,00000000,?,?,00D365D3,?,00000000,00000000), ref: 00D41205
    • Part of subcall function 00D41200: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00D365D3,?,00000000,00000000), ref: 00D412A3
  • EnumSystemLocalesW.KERNEL32(Function_00028F88,00000001), ref: 00D49066
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast$EnumLocalesSystem
  • String ID:
  • API String ID: 2417226690-0
  • Opcode ID: 4be426f58b4865f4876d333e464c1a7b6c47ab53c517710f6f863c7a5aec48b3
  • Instruction ID: fdb5ee319aef1d165f01ec54490705052ca0788763cdde08a57df2abdfa47f19
  • Opcode Fuzzy Hash: 4be426f58b4865f4876d333e464c1a7b6c47ab53c517710f6f863c7a5aec48b3
  • Instruction Fuzzy Hash: FBF0E53A30030957CB04AF36D856A6BBF94EFC17A5B4A4058FE0ACB290C6759C42D7B0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00D3F3F1,?,20001004,00000000,00000002,?,?,00D3E9FE), ref: 00D419D0
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: InfoLocale
  • String ID:
  • API String ID: 2299586839-0
  • Opcode ID: 7424b7ebb1e2f7ea9cc7c85fb25b5d6b6da980f327cb32bfb1614a29cdaf6b5a
  • Instruction ID: a5b785a2238b58940bf53d5df0f137ec588392e29670da326470e7b805e134ba
  • Opcode Fuzzy Hash: 7424b7ebb1e2f7ea9cc7c85fb25b5d6b6da980f327cb32bfb1614a29cdaf6b5a
  • Instruction Fuzzy Hash: 13E04F39500718BBCF222F61DC14E9E3E1AEF457A2F054011FD55A5220DB318DA1AAF5
Uniqueness

Uniqueness Score: -1.00%

APIs
  • SetUnhandledExceptionFilter.KERNEL32(Function_000119E2,00D30C15), ref: 00D319DB
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled
  • String ID:
  • API String ID: 3192549508-0
  • Opcode ID: 25bf6e3e0b4a70b43e9206b610e7f9c858b24e53c472f950da1f91bfa5896621
  • Instruction ID: ade36b6ffab88356b4c08c0791637bec4095e5977c09f00c2585e457951bbadd
  • Opcode Fuzzy Hash: 25bf6e3e0b4a70b43e9206b610e7f9c858b24e53c472f950da1f91bfa5896621
  • Instruction Fuzzy Hash:
Uniqueness

Uniqueness Score: -1.00%

Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID: 0
  • API String ID: 0-4108050209
  • Opcode ID: 83d3d06edf10e359691f6671c63a38440a69ff17a10a88e7ed60c8391f1d97e1
  • Instruction ID: 919981a5ec354b279b8dd1b0495656de7f4497c299d2aa46aae8bc56bb740ec6
  • Opcode Fuzzy Hash: 83d3d06edf10e359691f6671c63a38440a69ff17a10a88e7ed60c8391f1d97e1
  • Instruction Fuzzy Hash: 9B514BF270CF4996EF3C8A2888A67BF67AA9B01340F1C151EE4C6DB282C651DD45C772
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: HeapProcess
  • String ID:
  • API String ID: 54951025-0
  • Opcode ID: 625aa66ad61d643d92f7318474645ebb91f76f621994d29415348e5fc17d6bcd
  • Instruction ID: 3dce2e35b9a992266a7c4cd1e32419779ecaec87acc313a2a8cb5424c084d913
  • Opcode Fuzzy Hash: 625aa66ad61d643d92f7318474645ebb91f76f621994d29415348e5fc17d6bcd
  • Instruction Fuzzy Hash: 2DA002746013018F97404F35990530A399565456917058055E805D6261D67584545F25
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 4d3e8f3338b1cb25658c99cccec74590250fee157aac2cadde7a9b81b42ace5f
  • Instruction ID: af7b5cc119899416e55649147e1d7e85a32c83f4d668fb7f4693375b7938d766
  • Opcode Fuzzy Hash: 4d3e8f3338b1cb25658c99cccec74590250fee157aac2cadde7a9b81b42ace5f
  • Instruction Fuzzy Hash: BD324562D29F414DD7239638CC22335A688AFB33D5F54D727FC1AB0AAAEB29C5C34510
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: c21ea8c53e9174149cb1803f59e60a6a6852611be683c2213b48b46b297698c3
  • Instruction ID: d68bff86d2c74e0b1bcd65076f6ac24dc449ad715417793a418e96241fe4bd4e
  • Opcode Fuzzy Hash: c21ea8c53e9174149cb1803f59e60a6a6852611be683c2213b48b46b297698c3
  • Instruction Fuzzy Hash: 65321521D29F014ED7239634D862339A288AFB73D5F19D727EC1AB5EA9EF29C4C35110
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 3c5263d856c22f9c0e96058f8e9d013bb5a4b3c6a30eb66fabc02ac0ece8832e
  • Instruction ID: e68931df596e857b31d4ce42e49599c0409ed8d6d61f21c62bd0618d4865cdcf
  • Opcode Fuzzy Hash: 3c5263d856c22f9c0e96058f8e9d013bb5a4b3c6a30eb66fabc02ac0ece8832e
  • Instruction Fuzzy Hash: 0A5147F460CE486ADF388A6889967BF6799BB02300F1C051EFC92D7382D651DD44E77A
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: fe115be8943e7c3a3fe6e76e196209d89acd822052721a477a61646ab8745d3f
  • Instruction ID: fb09f815cc488d0fffd75224a2389c32890177fb2fc2f82bc48d0ecf46d33b37
  • Opcode Fuzzy Hash: fe115be8943e7c3a3fe6e76e196209d89acd822052721a477a61646ab8745d3f
  • Instruction Fuzzy Hash: 75517171E00219EFDF09CF99C991AEEBBB2FF88300F198059E415AB241C7759E51DBA0
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 9261f581081c479ed6370947010ddeca290b179dbb1df7b328ad52bfbf3bc6e6
  • Instruction ID: 79bff983339cbf292814c2d559f175bea7442ee8d9deb5c1a990fd70af7122ac
  • Opcode Fuzzy Hash: 9261f581081c479ed6370947010ddeca290b179dbb1df7b328ad52bfbf3bc6e6
  • Instruction Fuzzy Hash: 1521B373F205394B7B0CC57ECC522BDB6E1C68C601745823AE8A6EA3C1D968D917E2E4
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 503c006e9ac5c7dbc22f21741ef8de02eec0f0dffd36f29c9c39ff2d24241f0b
  • Instruction ID: d64494bc73faefb69b7deba3512badbac0582dffbab7255d98c6bd11c61807b8
  • Opcode Fuzzy Hash: 503c006e9ac5c7dbc22f21741ef8de02eec0f0dffd36f29c9c39ff2d24241f0b
  • Instruction Fuzzy Hash: 05118633F30D255B675C81BD8C172BAA5D2EBD825070F533AD826E7384E9A4DE13D2A0
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
  • Instruction ID: dcaa618e32edd5b4395c20669789d39fa1fea76985bfc70b7ca28d71a8e69db9
  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
  • Instruction Fuzzy Hash: 88113DB7A0018143D654863DD8B66B7E395EBD6320F3C437AF0426B758D132D9459620
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: b542cddca586a29fa896eb7afdca698c95055719b7213d0a5dda0eea0d19a6cc
  • Instruction ID: b59c79ae61c910ab027ba7add1f0b8b554f9f71557cd5154bc610542433c3fab
  • Opcode Fuzzy Hash: b542cddca586a29fa896eb7afdca698c95055719b7213d0a5dda0eea0d19a6cc
  • Instruction Fuzzy Hash: 8FE08C32915228EBCB14DF88C908D8AF3ECEB44B00B1584AAB911D3110C370DE00D7E0
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 454 d3ca2a-d3ca60 455 d3ca66-d3ca6e 454->455 456 d3ce3d-d3ce45 454->456 459 d3ca70-d3ca86 call d4596e 455->459 460 d3ca8c-d3caf7 call d41452 call d414af call d41452 call d414af call d41452 call d414af call d41452 call d414af call d41452 call d414af 455->460 457 d3ce47 456->457 458 d3ce4a-d3ce72 456->458 457->458 462 d3ce79-d3ce87 call d30ae0 458->462 459->460 467 d3ce0c-d3ce2f call d414af * 4 459->467 460->467 498 d3cafd-d3cb00 460->498 486 d3ce30-d3ce3b call d414af 467->486 486->462 498->467 499 d3cb06-d3cb0b 498->499 499->467 500 d3cb11-d3cb13 499->500 500->467 501 d3cb19-d3cb1c 500->501 501->467 502 d3cb22 501->502 503 d3cb24-d3cb2d 502->503 503->503 504 d3cb2f-d3cb3e GetCPInfo 503->504 504->467 505 d3cb44-d3cb4a 504->505 505->467 506 d3cb50-d3cb59 505->506 507 d3cb5b-d3cb62 506->507 508 d3cbaf-d3cbdf call d45e0b 506->508 509 d3cb64-d3cb7a call d32a40 507->509 510 d3cb7c-d3cb82 507->510 508->467 517 d3cbe5-d3cc12 call d45e0b 508->517 509->508 510->508 513 d3cb84 510->513 516 d3cb87-d3cb8c 513->516 518 d3cb8e-d3cb96 516->518 519 d3cbac 516->519 517->467 524 d3cc18-d3cc3d call d45b1e 517->524 521 d3cba5-d3cbaa 518->521 522 d3cb98-d3cba3 518->522 519->508 521->516 521->519 522->521 522->522 524->467 527 d3cc43-d3cc7a 524->527 528 d3cc80-d3cc87 527->528 529 d3cd4a-d3cd8a 527->529 532 d3cce0-d3cce6 528->532 533 d3cc89-d3cca7 528->533 530 d3cdd5-d3ce0a 529->530 531 d3cd8c-d3cd93 529->531 530->486 531->530 534 d3cd95-d3cdd2 call d414af * 4 531->534 532->529 536 d3cce8 532->536 535 d3ccaa-d3ccdc 533->535 534->530 535->535 538 d3ccde 535->538 539 d3cceb-d3ccf0 536->539 541 d3cd48 538->541 539->541 542 d3ccf2-d3ccfd 539->542 541->529 544 d3cd40-d3cd46 542->544 545 d3ccff-d3cd1b 542->545 544->539 544->541 547 d3cd1d-d3cd35 545->547 547->547 549 d3cd37-d3cd3d 547->549 549->544
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: _free$Info
  • String ID:
  • API String ID: 2509303402-0
  • Opcode ID: 502460b21ae3427f1d682ad1eaa24fe2df5e7dcb99f2d538d8bddd126d10eed8
  • Instruction ID: 534ef70020d5b3ce76a994fa68922265f87dc6c5d7c197af6c44eb064acae88d
  • Opcode Fuzzy Hash: 502460b21ae3427f1d682ad1eaa24fe2df5e7dcb99f2d538d8bddd126d10eed8
  • Instruction Fuzzy Hash: 55D18A75D102159FDB11DFA8C881BEEBBB5FF08310F184129E999BB282D670A9458B70
Uniqueness

Uniqueness Score: -1.00%

APIs
  • InitializeCriticalSectionAndSpinCount.KERNEL32(00D612D0,00000FA0,?,?,00D3119A), ref: 00D311C8
  • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00D3119A), ref: 00D311D3
  • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00D3119A), ref: 00D311E4
  • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00D311F6
  • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00D31204
  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00D3119A), ref: 00D31227
  • DeleteCriticalSection.KERNEL32(00D612D0,00000007,?,?,00D3119A), ref: 00D31243
  • CloseHandle.KERNEL32(00000000,?,?,00D3119A), ref: 00D31253
Strings
  • WakeAllConditionVariable, xrefs: 00D311FC
  • kernel32.dll, xrefs: 00D311DF
  • SleepConditionVariableCS, xrefs: 00D311F0
  • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00D311CE
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
  • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
  • API String ID: 2565136772-3242537097
  • Opcode ID: b0db2b214b5f620be0389cfa707ac008df57f8a4414f86be5bd374f54163daa0
  • Instruction ID: 2588f77414a36651a00cb4336e9b3b5936035ad1c820add8d4c95db9e056bead
  • Opcode Fuzzy Hash: b0db2b214b5f620be0389cfa707ac008df57f8a4414f86be5bd374f54163daa0
  • Instruction Fuzzy Hash: 0D01123DA417126FDB605B79AC1EF5B2E58AB45B92B080510FD05D2390DA7088048A78
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ___free_lconv_mon.LIBCMT ref: 00D483B8
    • Part of subcall function 00D47620: _free.LIBCMT ref: 00D4763D
    • Part of subcall function 00D47620: _free.LIBCMT ref: 00D4764F
    • Part of subcall function 00D47620: _free.LIBCMT ref: 00D47661
    • Part of subcall function 00D47620: _free.LIBCMT ref: 00D47673
    • Part of subcall function 00D47620: _free.LIBCMT ref: 00D47685
    • Part of subcall function 00D47620: _free.LIBCMT ref: 00D47697
    • Part of subcall function 00D47620: _free.LIBCMT ref: 00D476A9
    • Part of subcall function 00D47620: _free.LIBCMT ref: 00D476BB
    • Part of subcall function 00D47620: _free.LIBCMT ref: 00D476CD
    • Part of subcall function 00D47620: _free.LIBCMT ref: 00D476DF
    • Part of subcall function 00D47620: _free.LIBCMT ref: 00D476F1
    • Part of subcall function 00D47620: _free.LIBCMT ref: 00D47703
    • Part of subcall function 00D47620: _free.LIBCMT ref: 00D47715
  • _free.LIBCMT ref: 00D483AD
    • Part of subcall function 00D414AF: HeapFree.KERNEL32(00000000,00000000,?,00D47D75,?,00000000,?,?,?,00D48018,?,00000007,?,?,00D4850B,?), ref: 00D414C5
    • Part of subcall function 00D414AF: GetLastError.KERNEL32(?,?,00D47D75,?,00000000,?,?,?,00D48018,?,00000007,?,?,00D4850B,?,?), ref: 00D414D7
  • _free.LIBCMT ref: 00D483CF
  • _free.LIBCMT ref: 00D483E4
  • _free.LIBCMT ref: 00D483EF
  • _free.LIBCMT ref: 00D48411
  • _free.LIBCMT ref: 00D48424
  • _free.LIBCMT ref: 00D48432
  • _free.LIBCMT ref: 00D4843D
  • _free.LIBCMT ref: 00D48475
  • _free.LIBCMT ref: 00D4847C
  • _free.LIBCMT ref: 00D48499
  • _free.LIBCMT ref: 00D484B1
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
  • String ID:
  • API String ID: 161543041-0
  • Opcode ID: 96c9e36093b4800bbdee347d23819afbae8c1acc301524fab07e0cae43ce9bb1
  • Instruction ID: b9f1d0a51eccdf21c563e306f5b07f2b8fa456463b8f4af0613820687ad54e78
  • Opcode Fuzzy Hash: 96c9e36093b4800bbdee347d23819afbae8c1acc301524fab07e0cae43ce9bb1
  • Instruction Fuzzy Hash: 6D313931A003019FEB21AE39D849B5E73EAEF407A0F198429E55DE7191DF30EC84AB34
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: _free
  • String ID:
  • API String ID: 269201875-0
  • Opcode ID: a633810c5f2a089fde4d31f89ce1a2c875a569c385219b65930b49df89d49a4c
  • Instruction ID: f2fba657e0d8f575f34182d12bd254b44dc1a7da72706912e34bf894ee037233
  • Opcode Fuzzy Hash: a633810c5f2a089fde4d31f89ce1a2c875a569c385219b65930b49df89d49a4c
  • Instruction Fuzzy Hash: FAC13476D40205ABDB20DBA8DC43FEE77F8EB08750F194165FA49FB286D67099448BB0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _free.LIBCMT ref: 00D410FE
    • Part of subcall function 00D414AF: HeapFree.KERNEL32(00000000,00000000,?,00D47D75,?,00000000,?,?,?,00D48018,?,00000007,?,?,00D4850B,?), ref: 00D414C5
    • Part of subcall function 00D414AF: GetLastError.KERNEL32(?,?,00D47D75,?,00000000,?,?,?,00D48018,?,00000007,?,?,00D4850B,?,?), ref: 00D414D7
  • _free.LIBCMT ref: 00D4110A
  • _free.LIBCMT ref: 00D41115
  • _free.LIBCMT ref: 00D41120
  • _free.LIBCMT ref: 00D4112B
  • _free.LIBCMT ref: 00D41136
  • _free.LIBCMT ref: 00D41141
  • _free.LIBCMT ref: 00D4114C
  • _free.LIBCMT ref: 00D41157
  • _free.LIBCMT ref: 00D41165
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: _free$ErrorFreeHeapLast
  • String ID:
  • API String ID: 776569668-0
  • Opcode ID: 3590ce3b85bc5a1c44c4044485bd3cac36652da4324e4b1fba36030d44f00e00
  • Instruction ID: 3612829b02833c9168963c42410d2822ce5d3fad3a61864eec37d799e1af3fc5
  • Opcode Fuzzy Hash: 3590ce3b85bc5a1c44c4044485bd3cac36652da4324e4b1fba36030d44f00e00
  • Instruction Fuzzy Hash: 07215B7A910118AFCB41EF94C881DDD7BBAFF48350F014565F6199B121DB31EA98DBB0
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: _free
  • String ID:
  • API String ID: 269201875-0
  • Opcode ID: 8151b915dea356e1c684f30283aaa6d4f850f91243d848199087d95c2b1904c6
  • Instruction ID: 8303f5fb77efd29f8e949872b6484c1feeda7a2e6f8e21e6496a3bb5c0e2e651
  • Opcode Fuzzy Hash: 8151b915dea356e1c684f30283aaa6d4f850f91243d848199087d95c2b1904c6
  • Instruction Fuzzy Hash: D561D1719043059FDB20DF64C881BAAB7E9EF44320F294459E949EB281EB709D408B70
Uniqueness

Uniqueness Score: -1.00%

APIs
  • type_info::operator==.LIBVCRUNTIME ref: 00D34C17
  • ___TypeMatch.LIBVCRUNTIME ref: 00D34D25
  • _UnwindNestedFrames.LIBCMT ref: 00D34E77
  • CallUnexpected.LIBVCRUNTIME ref: 00D34E92
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
  • String ID: csm$csm$csm
  • API String ID: 2751267872-393685449
  • Opcode ID: db8636b889f88c98469fb3c1fce2a3efe378218483990acd49956c409540d28b
  • Instruction ID: f337343aaed24f2421f0fae22c50c19f625199b687279f61d45dac15b8b908a2
  • Opcode Fuzzy Hash: db8636b889f88c98469fb3c1fce2a3efe378218483990acd49956c409540d28b
  • Instruction Fuzzy Hash: 30B14871800209EFCF29DFA4D9819AEBBB5FF18310F18415AF8116B216D779EA51CBB1
Uniqueness

Uniqueness Score: -1.00%

APIs
  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00D3093F
  • __alloca_probe_16.LIBCMT ref: 00D3096B
  • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00D309AA
  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D309C7
  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00D30A06
  • __alloca_probe_16.LIBCMT ref: 00D30A23
  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D30A65
  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00D30A88
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ByteCharMultiStringWide$__alloca_probe_16
  • String ID:
  • API String ID: 2040435927-0
  • Opcode ID: 1b7d557bc2cfbdcc7df09ba537434b09356ecd8e5a874eeaa5796180dfd594df
  • Instruction ID: 14bf6b032912bf0edd0abdbd13c4a292283db4f5939dde20e6ba767f10149938
  • Opcode Fuzzy Hash: 1b7d557bc2cfbdcc7df09ba537434b09356ecd8e5a874eeaa5796180dfd594df
  • Instruction Fuzzy Hash: 40517A72A0030AABEB209FA4EC55FAB7FA9EF44750F184529F915E6290D774CC10DBB0
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: _free
  • String ID: C
  • API String ID: 269201875-1037565863
  • Opcode ID: de4e08db89b4fe4846dc67081629065a6ac452599b25c0286db4a7f47ecb82dc
  • Instruction ID: 51bd066f33d4590f437922f52bcd136e3ec422764ab9d6fa3085a685330177da
  • Opcode Fuzzy Hash: de4e08db89b4fe4846dc67081629065a6ac452599b25c0286db4a7f47ecb82dc
  • Instruction Fuzzy Hash: 45028E75D0121A9BDB24DF18CC84BAEB3B5FF58304F1445A9E949E7291E771AE80CFA0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • Concurrency::cancel_current_task.LIBCPMT ref: 00D2B24E
  • Concurrency::cancel_current_task.LIBCPMT ref: 00D2B28C
  • Concurrency::cancel_current_task.LIBCPMT ref: 00D2B2CC
  • numpunct.LIBCPMT ref: 00D2B2D4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: Concurrency::cancel_current_task$numpunct
  • String ID: false$true
  • API String ID: 1093644881-2658103896
  • Opcode ID: 392ff2376acab3f45f5a4584ed3bb357de960a9283e01017139eff383436bacf
  • Instruction ID: 81cc63da16b9eecdcdcbd9e1befd82d9c0c53296d14d43b89137cbb9a77d905f
  • Opcode Fuzzy Hash: 392ff2376acab3f45f5a4584ed3bb357de960a9283e01017139eff383436bacf
  • Instruction Fuzzy Hash: A2410631A042558FCF10DF64D44176ABBA1EFA2318F1881AEEC455B346D7B6A9058BB1
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _ValidateLocalCookies.LIBCMT ref: 00D345C7
  • ___except_validate_context_record.LIBVCRUNTIME ref: 00D345CF
  • _ValidateLocalCookies.LIBCMT ref: 00D34658
  • __IsNonwritableInCurrentImage.LIBCMT ref: 00D34683
  • _ValidateLocalCookies.LIBCMT ref: 00D346D8
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
  • String ID: csm
  • API String ID: 1170836740-1018135373
  • Opcode ID: 8e1dea4e4688246c2ae57d593d274996ea7e71c7722bda09696ee456b74da53b
  • Instruction ID: 64baf0e0e6a28b99a0a4255e5a0a94ace4435387b7ca820d380d7304e8b82e73
  • Opcode Fuzzy Hash: 8e1dea4e4688246c2ae57d593d274996ea7e71c7722bda09696ee456b74da53b
  • Instruction Fuzzy Hash: D741A174A00208AFCF10DF68D885ADEBBB5EF46324F148195E8149B392D779EE15CBB0
Uniqueness

Uniqueness Score: -1.00%

Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID: api-ms-$ext-ms-
  • API String ID: 0-537541572
  • Opcode ID: 0f61e3de3bc0259b304000fc9dd7b5674363d10c7e06d8057cd538e53f97d1dc
  • Instruction ID: 91c24ada124e31c1d79ca388f3d44f3822f3776cdb806a550b2c9b999e2440ea
  • Opcode Fuzzy Hash: 0f61e3de3bc0259b304000fc9dd7b5674363d10c7e06d8057cd538e53f97d1dc
  • Instruction Fuzzy Hash: 9421063AA01320EBCF218B249D84B5A3B689F057B5F2D0521EE5AF72D1D670ED85C6F0
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00D47D4B: _free.LIBCMT ref: 00D47D70
  • _free.LIBCMT ref: 00D4804D
    • Part of subcall function 00D414AF: HeapFree.KERNEL32(00000000,00000000,?,00D47D75,?,00000000,?,?,?,00D48018,?,00000007,?,?,00D4850B,?), ref: 00D414C5
    • Part of subcall function 00D414AF: GetLastError.KERNEL32(?,?,00D47D75,?,00000000,?,?,?,00D48018,?,00000007,?,?,00D4850B,?,?), ref: 00D414D7
  • _free.LIBCMT ref: 00D48058
  • _free.LIBCMT ref: 00D48063
  • _free.LIBCMT ref: 00D480B7
  • _free.LIBCMT ref: 00D480C2
  • _free.LIBCMT ref: 00D480CD
  • _free.LIBCMT ref: 00D480D8
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: _free$ErrorFreeHeapLast
  • String ID:
  • API String ID: 776569668-0
  • Opcode ID: 4a8869edad0f3ea0554eb826f290d9dd0ed42b9de57dd8504d39edcb0376f475
  • Instruction ID: a7459ab3ae2c10e5efbf32b1bc83fa456c3afe13792a1d7c809ff01c816a287b
  • Opcode Fuzzy Hash: 4a8869edad0f3ea0554eb826f290d9dd0ed42b9de57dd8504d39edcb0376f475
  • Instruction Fuzzy Hash: 1B115E71E54B04EBD620BBB0CC07FDB779DEF04750F804819B29DBA0A2DB65B5488670
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetConsoleOutputCP.KERNEL32(00000000,00000000,?), ref: 00D4A2B0
  • __fassign.LIBCMT ref: 00D4A495
  • __fassign.LIBCMT ref: 00D4A4B2
  • WriteFile.KERNEL32(?,00D4C61B,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D4A4FA
  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00D4A53A
  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D4A5E2
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: FileWrite__fassign$ConsoleErrorLastOutput
  • String ID:
  • API String ID: 1735259414-0
  • Opcode ID: 2ab0099ac83ae2fc1117c55803b8c71a1e1dda5aaf22a7a376a068a1b98ba6de
  • Instruction ID: 1249ca5008b848088520364ffe28fdfa1907a2b48e03ac4f44f1e516a9518937
  • Opcode Fuzzy Hash: 2ab0099ac83ae2fc1117c55803b8c71a1e1dda5aaf22a7a376a068a1b98ba6de
  • Instruction Fuzzy Hash: 71C16975D002589FCB15CFACC9809EDBBB9EF08314F28816AE855FB241E6319E46CB71
Uniqueness

Uniqueness Score: -1.00%

APIs
  • Concurrency::cancel_current_task.LIBCPMT ref: 00D22D98
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: Concurrency::cancel_current_task
  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
  • API String ID: 118556049-1866435925
  • Opcode ID: 2192b27eac2b54e3ec56212d80cb641574253408e94389571050966239ce26dc
  • Instruction ID: d62847373519f0c3449b1d7cc132c519e4a98e2791884ca4c0f50be9b5386f0c
  • Opcode Fuzzy Hash: 2192b27eac2b54e3ec56212d80cb641574253408e94389571050966239ce26dc
  • Instruction Fuzzy Hash: 2BD1C331A00224AFDB14DF68E881BBEB7B5EF68318F184269F9159B351D770DD448BB1
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetLastError.KERNEL32(?,?,00D34781,00D322DF,00D31A26), ref: 00D34798
  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D347A6
  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D347BF
  • SetLastError.KERNEL32(00000000,00D34781,00D322DF,00D31A26), ref: 00D34811
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLastValue___vcrt_
  • String ID:
  • API String ID: 3852720340-0
  • Opcode ID: cec63822533e91836cf686bc55da188773bbcdd9603f1f7e67b3d4c448e7dbb3
  • Instruction ID: 66b968137fb3e3f9ced5106ee1063dd1f76576181cd4c57e8abbca163e918f5a
  • Opcode Fuzzy Hash: cec63822533e91836cf686bc55da188773bbcdd9603f1f7e67b3d4c448e7dbb3
  • Instruction Fuzzy Hash: 3C017C7221D722AEE72527757D8572B2F88EB02B79F24022AF510D52E1EF566C00A6B0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • FreeLibrary.KERNEL32(00000000,?,?,?,00D358F5,?,?,00D6165C,00000000,?,00D35A20,00000004,InitializeCriticalSectionEx,00D523B0,InitializeCriticalSectionEx,00000000), ref: 00D358C3
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: FreeLibrary
  • String ID: api-ms-
  • API String ID: 3664257935-2084034818
  • Opcode ID: 9e717962e0f685b8af3b7903109372b50734904c0778f850da038b7e331da79c
  • Instruction ID: f3e2c2e6e0873511a8751e33b0b7ea26293623e6ba6e12ae202eb140146c57e7
  • Opcode Fuzzy Hash: 9e717962e0f685b8af3b7903109372b50734904c0778f850da038b7e331da79c
  • Instruction Fuzzy Hash: 3711A032E01B25ABDF624B68EC40B9937A89F017B1F290121EE55F72C8D7B0ED0486F1
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00D3DF7F,00D412BC,?,00D3DF47,00000000,?,00D412BC), ref: 00D3DFE2
  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D3DFF5
  • FreeLibrary.KERNEL32(00000000,?,?,00D3DF7F,00D412BC,?,00D3DF47,00000000,?,00D412BC), ref: 00D3E018
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: AddressFreeHandleLibraryModuleProc
  • String ID: CorExitProcess$mscoree.dll
  • API String ID: 4061214504-1276376045
  • Opcode ID: 746e6a4fdbe36fb7f4a579700191d96cd789ddd5d33b04b2a5bccad03114d4db
  • Instruction ID: b210d70c744c090180cac736f9245083cd95c8a67529e8e1edc68c3c9a55ba75
  • Opcode Fuzzy Hash: 746e6a4fdbe36fb7f4a579700191d96cd789ddd5d33b04b2a5bccad03114d4db
  • Instruction Fuzzy Hash: 26F05830600318BBDB219BA4DD09B9D7F69AB0475AF040060BD05E22E0CBB08E45EAA5
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __alloca_probe_16.LIBCMT ref: 00D45CA5
  • __alloca_probe_16.LIBCMT ref: 00D45D6B
  • __freea.LIBCMT ref: 00D45DD7
    • Part of subcall function 00D4217E: HeapAlloc.KERNEL32(00000000,?,?,?,00D320DB,?,?,?,?,?,00D21093,?,?), ref: 00D421B0
  • __freea.LIBCMT ref: 00D45DE0
  • __freea.LIBCMT ref: 00D45E03
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: __freea$__alloca_probe_16$AllocHeap
  • String ID:
  • API String ID: 1096550386-0
  • Opcode ID: a27a85d1dd3998572ee3715d058a4811bb434c2d7e0c163e8d21c6026664b2a0
  • Instruction ID: ef51ef4d3de72923fe8da9cb61c216623f1096a18520b8220dc0f322ebfc9a24
  • Opcode Fuzzy Hash: a27a85d1dd3998572ee3715d058a4811bb434c2d7e0c163e8d21c6026664b2a0
  • Instruction Fuzzy Hash: CC51D472900A56ABDF219F94AC85EBB37A9EF84750F294129FD05E7146E730DC10C7B0
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: _free
  • String ID:
  • API String ID: 269201875-0
  • Opcode ID: cad6268b064efe177ba032f4c6f61aae3193b2618135fbc868eab37d30aa1b04
  • Instruction ID: 5e8790cfaba1cf7c5fddb80693a14f9626248609fd53c468fa63fe90c30a3e96
  • Opcode Fuzzy Hash: cad6268b064efe177ba032f4c6f61aae3193b2618135fbc868eab37d30aa1b04
  • Instruction Fuzzy Hash: 0641AD31A007019FDB25DF2AD84176AB3F1FF58325F185A69E44ADA2E0E731E940CB70
Uniqueness

Uniqueness Score: -1.00%

APIs
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D2858D
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D285B0
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00D285D0
  • std::_Facet_Register.LIBCPMT ref: 00D2865F
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00D2866A
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
  • String ID:
  • API String ID: 459529453-0
  • Opcode ID: 92726c268e08d4f5264ba23c33b8f71da66d3e5d0ca7ce027f22f0c25cdcafa2
  • Instruction ID: e79c7cedd0c8fc7002a40f90762b5c6191a42f8d0f32f5f71c4ae4609379bb82
  • Opcode Fuzzy Hash: 92726c268e08d4f5264ba23c33b8f71da66d3e5d0ca7ce027f22f0c25cdcafa2
  • Instruction Fuzzy Hash: AE31D0359002689FCB10DF64E891BAEB7B4FB34328F180669E805A7391DB71AD44CBB0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D286BD
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D286E0
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00D28700
  • std::_Facet_Register.LIBCPMT ref: 00D2878F
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00D2879A
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
  • String ID:
  • API String ID: 459529453-0
  • Opcode ID: 803228eb20a8527ff8170923bbd8ed0b648b2e5ba41f91e02875a0d67119aeaf
  • Instruction ID: 2eb5ced162f2712591e2fa94e947e87b1792c49210ab48383b62063ed00a44e1
  • Opcode Fuzzy Hash: 803228eb20a8527ff8170923bbd8ed0b648b2e5ba41f91e02875a0d67119aeaf
  • Instruction Fuzzy Hash: 0631E236D002249FCB11DF64E991AAEB7B4FF34318F280669E915A7391DB70AD44CBB0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _free.LIBCMT ref: 00D47AEC
    • Part of subcall function 00D414AF: HeapFree.KERNEL32(00000000,00000000,?,00D47D75,?,00000000,?,?,?,00D48018,?,00000007,?,?,00D4850B,?), ref: 00D414C5
    • Part of subcall function 00D414AF: GetLastError.KERNEL32(?,?,00D47D75,?,00000000,?,?,?,00D48018,?,00000007,?,?,00D4850B,?,?), ref: 00D414D7
  • _free.LIBCMT ref: 00D47AFE
  • _free.LIBCMT ref: 00D47B10
  • _free.LIBCMT ref: 00D47B22
  • _free.LIBCMT ref: 00D47B34
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: _free$ErrorFreeHeapLast
  • String ID:
  • API String ID: 776569668-0
  • Opcode ID: f41aea00dd6f6109fbe053cdb5feb0c592eb7c68881e4e8f6524bc693e6b322f
  • Instruction ID: 613337b9d3e839c763d73db8e9922f26ea5dd980ad35a1b98ecc21fc9646017b
  • Opcode Fuzzy Hash: f41aea00dd6f6109fbe053cdb5feb0c592eb7c68881e4e8f6524bc693e6b322f
  • Instruction Fuzzy Hash: 61F03072908300ABC625EB68E886C1F77DEEB557607699C05F14CD7641CB74FCC08A70
Uniqueness

Uniqueness Score: -1.00%

APIs
  • EnterCriticalSection.KERNEL32(00D612D0,?,?,00D234B0,00D61080,00D4F870,00D25CAC), ref: 00D31288
  • LeaveCriticalSection.KERNEL32(00D612D0,?,00D234B0,00D61080,00D4F870,00D25CAC), ref: 00D312BB
  • RtlWakeAllConditionVariable.NTDLL ref: 00D31332
  • SetEvent.KERNEL32(?,00D61080,00D4F870,00D25CAC,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D3133C
  • ResetEvent.KERNEL32(?,00D61080,00D4F870,00D25CAC,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D31348
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
  • String ID:
  • API String ID: 3916383385-0
  • Opcode ID: 3cab78ce977afa76ad5370a759641771b60a88fdb5e222dcd31230036e4d6588
  • Instruction ID: 84fc339f2c1aea005c9b261d8c4f136ec3c0bcf0a037227922b0580c6f9f2edb
  • Opcode Fuzzy Hash: 3cab78ce977afa76ad5370a759641771b60a88fdb5e222dcd31230036e4d6588
  • Instruction Fuzzy Hash: B0016939905320DFC750AF58FC19A993FA4FB09712B084069F902D3360CBB02C10DBB8
Uniqueness

Uniqueness Score: -1.00%

APIs
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D225AB
  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00D225FA
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00D226EA
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
  • String ID: bad locale name
  • API String ID: 2775327233-1405518554
  • Opcode ID: 766c192088f3658ebe63c39a39198210305af931855d9bf4449f45172a1e9e7f
  • Instruction ID: 83717c82a56349829d806df07adc01aa5835fa78183e64cc3f3f614babc5b4de
  • Opcode Fuzzy Hash: 766c192088f3658ebe63c39a39198210305af931855d9bf4449f45172a1e9e7f
  • Instruction Fuzzy Hash: 8841BEB1A04B54AFD720DF65D805B17B7E8EB14704F044A2DF84AD7B80E779E9088BB1
Uniqueness

Uniqueness Score: -1.00%

Strings
  • C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe, xrefs: 00D3D7E9, 00D3D7F0, 00D3D824
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID: C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
  • API String ID: 0-3900824770
  • Opcode ID: 67dbb6da7eb5af044f81bc27b2c8d6f0332420162ce449985e36274bcdf8a302
  • Instruction ID: f64a2b8c01036c0d9f9a751c4e0dc2531b3194d21ae7997c82c819ae26dcbf1f
  • Opcode Fuzzy Hash: 67dbb6da7eb5af044f81bc27b2c8d6f0332420162ce449985e36274bcdf8a302
  • Instruction Fuzzy Hash: 18317E75E00214AFDB21EF99EC819AEBBBAEF94710F184066F805D7251E6B19E40DF70
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00D41452: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00D413A2,00000001,00000364,00000006,000000FF,?,?,00D320DB,?), ref: 00D41493
  • __cftoe.LIBCMT ref: 00D3C6EF
  • _free.LIBCMT ref: 00D3C715
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: AllocateHeap__cftoe_free
  • String ID: 9T$uM
  • API String ID: 515067478-2962161726
  • Opcode ID: b267f54e04b8970090d7bafa72f37fccb085bbc0f635550dfc2181bcd84505e5
  • Instruction ID: 5e14a1476d40ee5ab5128bb04171a8f94cec32488d3db22abc3030034611534c
  • Opcode Fuzzy Hash: b267f54e04b8970090d7bafa72f37fccb085bbc0f635550dfc2181bcd84505e5
  • Instruction Fuzzy Hash: 7B01C4B6C04208ABCF10EBD88882ADE77B8EF44360F244163F915F2181EB30CA448BB1
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: _strrchr
  • String ID:
  • API String ID: 3213747228-0
  • Opcode ID: 13c8360cca9c2aa013191ce7bae6e7f5dc814a039b7c627f9b3652ef6651bfd2
  • Instruction ID: db300acd4831316658dafa001b671a93c318e2c4e5e61e4e7f8e3fa8e87b8a99
  • Opcode Fuzzy Hash: 13c8360cca9c2aa013191ce7bae6e7f5dc814a039b7c627f9b3652ef6651bfd2
  • Instruction Fuzzy Hash: 8EB134329002859FDB15CF28C881BBEBBF5EF55350F6941AAF845EB242D6349D42CBB0
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: AdjustPointer
  • String ID:
  • API String ID: 1740715915-0
  • Opcode ID: abb6601425a07282a0b31ff5abff375fbe87b4e2bd5e65a5b99b93f2fd0b6646
  • Instruction ID: b834a55c75c8049349cec08074fce555287d26e68795bda81c8b8fa7a59a3a2f
  • Opcode Fuzzy Hash: abb6601425a07282a0b31ff5abff375fbe87b4e2bd5e65a5b99b93f2fd0b6646
  • Instruction Fuzzy Hash: 6551F176A01202AFDB299F10D941BBBB7A4EF54310F28452EE84697291E779FC50CFB0
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00D329CB: RaiseException.KERNEL32(E06D7363,00000001,00000003,00D2113C,?,?,?,?,00D2113C,?,00D5F214), ref: 00D32A2B
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D2399D
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D239C0
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00D239E0
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00D23A7A
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: Lockitstd::_$Lockit::_Lockit::~_$ExceptionRaise
  • String ID:
  • API String ID: 86595078-0
  • Opcode ID: 561f32ef60b83ff816775346c884d45e8bc0e66ed64c304011097d893a0769ec
  • Instruction ID: 14335c3344633b517f1e6b9927bf83d33b3be22ca8c0e065104276dcae9cbff8
  • Opcode Fuzzy Hash: 561f32ef60b83ff816775346c884d45e8bc0e66ed64c304011097d893a0769ec
  • Instruction Fuzzy Hash: 2F21B5359003249FCB11DF54E881BAEB7B4EB65718F18427AE945A7391DB75AD00CBB0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetLastError.KERNEL32(?,?,?,00D36508,?,00000000,?,?,00D365D3,?,00000000,00000000), ref: 00D41205
  • _free.LIBCMT ref: 00D41262
  • _free.LIBCMT ref: 00D41298
  • SetLastError.KERNEL32(00000000,00000006,000000FF,?,00D365D3,?,00000000,00000000), ref: 00D412A3
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast_free
  • String ID:
  • API String ID: 2283115069-0
  • Opcode ID: b891b7ea86ea19d833751cf16d0cb25f50212bd841e7973b25ada106fd83ac6b
  • Instruction ID: d8a8ba7c66df8271ad9340ce9847bf930ed8c42b39707c16a0b8471500ad6ace
  • Opcode Fuzzy Hash: b891b7ea86ea19d833751cf16d0cb25f50212bd841e7973b25ada106fd83ac6b
  • Instruction Fuzzy Hash: 5111E93F7013012FE6112674ACC3E2F265AEBD1771F680224F66DD62D1DDA48C849538
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetLastError.KERNEL32(?,?,?,00D38051,00D421C1,?,?,00D320DB,?,?,?,?,?,00D21093,?,?), ref: 00D4135C
  • _free.LIBCMT ref: 00D413B9
  • _free.LIBCMT ref: 00D413EF
  • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00D320DB,?,?,?,?,?,00D21093,?,?), ref: 00D413FA
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast_free
  • String ID:
  • API String ID: 2283115069-0
  • Opcode ID: c6055e04ff0588fcc1d9b27d3a240a552b68af813dae53cdefa27d0b6d0439e5
  • Instruction ID: 1e94dbdca58adeda9b4a01f8c80d03b77e4acf300fd0f92868e3f0a5dca3b938
  • Opcode Fuzzy Hash: c6055e04ff0588fcc1d9b27d3a240a552b68af813dae53cdefa27d0b6d0439e5
  • Instruction Fuzzy Hash: B8112B3F2013016FE7112BB95C89E2B2A5AFBD1375B280224F67DD32E1DE618C849530
Uniqueness

Uniqueness Score: -1.00%

APIs
  • WriteConsoleW.KERNEL32(00000000,00000020,00000000,00000000,00000000,?,00D4D7A2,00000000,00000001,00000000,00000000,?,00D4A63F,?,00000000,00000000), ref: 00D4DD91
  • GetLastError.KERNEL32(?,00D4D7A2,00000000,00000001,00000000,00000000,?,00D4A63F,?,00000000,00000000,?,00000000,?,00D4AB8B,00D4C61B), ref: 00D4DD9D
    • Part of subcall function 00D4DD63: CloseHandle.KERNEL32(FFFFFFFE,00D4DDAD,?,00D4D7A2,00000000,00000001,00000000,00000000,?,00D4A63F,?,00000000,00000000,?,00000000), ref: 00D4DD73
  • ___initconout.LIBCMT ref: 00D4DDAD
    • Part of subcall function 00D4DD25: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00D4DD54,00D4D78F,00000000,?,00D4A63F,?,00000000,00000000,?), ref: 00D4DD38
  • WriteConsoleW.KERNEL32(00000000,00000020,00000000,00000000,?,00D4D7A2,00000000,00000001,00000000,00000000,?,00D4A63F,?,00000000,00000000,?), ref: 00D4DDC2
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
  • String ID:
  • API String ID: 2744216297-0
  • Opcode ID: 1730a97116d49a58a4e844348820dc2e923b80aba211154719c11d4e511257c6
  • Instruction ID: a4fa034f38039bf92302741b5b01a341ad6903bb37a63b3969523d78313c9ab1
  • Opcode Fuzzy Hash: 1730a97116d49a58a4e844348820dc2e923b80aba211154719c11d4e511257c6
  • Instruction Fuzzy Hash: 42F0AC36901719BBCF222FD5DC08D9A3F66EB087A2F044410FE19D5274D7329821DBB1
Uniqueness

Uniqueness Score: -1.00%

APIs
  • SleepConditionVariableCS.KERNELBASE(?,00D312ED,00000064), ref: 00D31373
  • LeaveCriticalSection.KERNEL32(00D612D0,00D61080,?,00D312ED,00000064,?,00D2347C,00D61080,00D25CAC), ref: 00D3137D
  • WaitForSingleObjectEx.KERNEL32(00D61080,00000000,?,00D312ED,00000064,?,00D2347C,00D61080,00D25CAC), ref: 00D3138E
  • EnterCriticalSection.KERNEL32(00D612D0,?,00D312ED,00000064,?,00D2347C,00D61080,00D25CAC), ref: 00D31395
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
  • String ID:
  • API String ID: 3269011525-0
  • Opcode ID: ecf3a16d8bd9b1c03da8fd0fdf468e7cb28a34d5f9c6cfc3a2c881a62cacbe0e
  • Instruction ID: 70b6bf7ed98cc1e445427e058c5144608da8b56974c22373dee55cd6699c140c
  • Opcode Fuzzy Hash: ecf3a16d8bd9b1c03da8fd0fdf468e7cb28a34d5f9c6cfc3a2c881a62cacbe0e
  • Instruction Fuzzy Hash: F5E09239542724ABCB011B94EC1AF9D3F24AB09B62F080010FD09E2370CB605844ABFC
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _free.LIBCMT ref: 00D3FC5A
    • Part of subcall function 00D414AF: HeapFree.KERNEL32(00000000,00000000,?,00D47D75,?,00000000,?,?,?,00D48018,?,00000007,?,?,00D4850B,?), ref: 00D414C5
    • Part of subcall function 00D414AF: GetLastError.KERNEL32(?,?,00D47D75,?,00000000,?,?,?,00D48018,?,00000007,?,?,00D4850B,?,?), ref: 00D414D7
  • _free.LIBCMT ref: 00D3FC6D
  • _free.LIBCMT ref: 00D3FC7E
  • _free.LIBCMT ref: 00D3FC8F
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: _free$ErrorFreeHeapLast
  • String ID:
  • API String ID: 776569668-0
  • Opcode ID: 5baa4b0c6da5283f6e6f5c0280ac1e8631d34142bac231f82385adbe93c934d9
  • Instruction ID: cc5e259461ff20497b9a2cbaf2f99765d9f2ee1f3c49d84b40908912b4f38dd9
  • Opcode Fuzzy Hash: 5baa4b0c6da5283f6e6f5c0280ac1e8631d34142bac231f82385adbe93c934d9
  • Instruction Fuzzy Hash: 67E0B67D8103209B97027F14FD02B693A26E7647A030E4806F91CD6336C7F24996AFB1
Uniqueness

Uniqueness Score: -1.00%

APIs
  • __startOneArgErrorHandling.LIBCMT ref: 00D3C85D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorHandling__start
  • String ID: pow
  • API String ID: 3213639722-2276729525
  • Opcode ID: e3f4ae36888a6668ce937d203fba19c703e9c27b398ede601d5965660ddcf6db
  • Instruction ID: 8ff55b65c72f7444d951577eb239b6251bd2ebbe3e65faf7057329ab2026c0af
  • Opcode Fuzzy Hash: e3f4ae36888a6668ce937d203fba19c703e9c27b398ede601d5965660ddcf6db
  • Instruction Fuzzy Hash: 3D51AFA1A2870187CB15BB14ED0137E2B94DB40B51F685D68E4C1A23EEEF31CD949F72
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: __aulldiv
  • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
  • API String ID: 3732870572-1956417402
  • Opcode ID: a9ddf0b7fceb6c13c2c12dc1bb09c6494cbd01a1740990f15fc13c7efeff9d6e
  • Instruction ID: ee2ce989b47e6393bf436e16055f2760de885fe7d5fdc90ae0783c75b3f6f67f
  • Opcode Fuzzy Hash: a9ddf0b7fceb6c13c2c12dc1bb09c6494cbd01a1740990f15fc13c7efeff9d6e
  • Instruction Fuzzy Hash: 735105B5A043495BCF258F6D88617BEBFBAAF85310F1C405AE89197345C2B4AD42CFB0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00D34EC2
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2054487131.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
  • Associated: 00000000.00000002.2054474522.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054512208.0000000000D50000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054531714.0000000000D60000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2054553628.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d20000_SecuriteInfo.jbxd
Similarity
  • API ID: EncodePointer
  • String ID: MOC$RCC
  • API String ID: 2118026453-2084237596
  • Opcode ID: ea2df7283c7b54a1441ac5843f95c807f20f4bb3e6e0f7477b8020871357d9f8
  • Instruction ID: 6f0c9c3cf8ee6f09e91f09be8bb5732502a8f0b1c8b289e81a5dd40ced1fed28
  • Opcode Fuzzy Hash: ea2df7283c7b54a1441ac5843f95c807f20f4bb3e6e0f7477b8020871357d9f8
  • Instruction Fuzzy Hash: CE416B72900209AFCF15DF98CD81AEEBBB5FF48304F1D8199F905A7261D379A950DB60
Uniqueness

Uniqueness Score: -1.00%