Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe

Overview

General Information

Sample name:SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe
Analysis ID:1441789
MD5:a168840844abc99e5e75d57e4de94ac2
SHA1:e41d42e992d44fec93456ce66037f42fa2ec42e8
SHA256:e0a62be50d2ce4d50cb324126003c5a0bbe409eff46fca20e2f19f3f75d2b4e6
Tags:exe
Infos:

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary
  • Data Obfuscation
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Binary string: c:\LockOnSetup\SetupFix1.12\ReleaseEng\SetupFix1.12.pdb source: SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe
Source: Binary string: c:\LockOnSetup\SetupFix1.12\ReleaseEng\SetupFix1.12.pdb\ source: SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe
Source: SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeString found in binary or memory: http://www.winimage.com/zLibDll
Source: SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeString found in binary or memory: http://www.winimage.com/zLibDll1.2.2r
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_004131400_2_00413140
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_0040A15B0_2_0040A15B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_0040964C0_2_0040964C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_00413E500_2_00413E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_004072D00_2_004072D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_004136800_2_00413680
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_00414B700_2_00414B70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: String function: 00409600 appears 53 times
Source: SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: clean3.winEXE@1/0@0/0
Source: SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeWindow found: window name: SysTabControl32Jump to behavior
Source: SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeStatic file information: File size 45580422 > 1048576
Source: SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: c:\LockOnSetup\SetupFix1.12\ReleaseEng\SetupFix1.12.pdb source: SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe
Source: Binary string: c:\LockOnSetup\SetupFix1.12\ReleaseEng\SetupFix1.12.pdb\ source: SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_0040FA3A LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0040FA3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_004090C0 push eax; ret 0_2_004090DE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_0040963B push ecx; ret 0_2_0040964B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_0040E7B0 push eax; ret 0_2_0040E7C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_0040E7B0 push eax; ret 0_2_0040E7EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-11426
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_004112E4 VirtualQuery,GetSystemInfo,VirtualQuery,VirtualAlloc,VirtualProtect,0_2_004112E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeAPI call chain: ExitProcess graph end nodegraph_0-11428
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_0040FA3A LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0040FA3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_0040BA8A SetUnhandledExceptionFilter,0_2_0040BA8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_0040BA9E SetUnhandledExceptionFilter,0_2_0040BA9E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: GetLocaleInfoA,0_2_004119BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_00407D21 GetSystemTimeAsFileTime,__aulldiv,0_2_00407D21
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exeCode function: 0_2_00408884 EntryPoint,GetVersionExA,GetModuleHandleA,GetModuleHandleA,_fast_error_exit,_fast_error_exit,GetCommandLineA,GetStartupInfoA,__wincmdln,GetModuleHandleA,0_2_00408884

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
DLL Side-Loading		LSASS Memory14
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1441789 Sample: SecuriteInfo.com.Malware-Cr... Startdate: 15/05/2024 Architecture: WINDOWS Score: 3 4 SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe 2->4         started       

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe5%ReversingLabs
SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe1%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.winimage.com/zLibDll0%URL Reputationsafe
http://www.winimage.com/zLibDll1.2.2r0%Avira URL Cloudsafe
http://www.winimage.com/zLibDll1.2.2r1%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://www.winimage.com/zLibDllSecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exefalse
  • URL Reputation: safe
unknown
http://www.winimage.com/zLibDll1.2.2rSecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exefalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1441789
Start date and time:2024-05-15 09:22:10 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 6s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:6
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe
Detection:CLEAN
Classification:clean3.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 6
  • Number of non-executed functions: 62
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):7.988659674760595
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe
File size:45'580'422 bytes
MD5:a168840844abc99e5e75d57e4de94ac2
SHA1:e41d42e992d44fec93456ce66037f42fa2ec42e8
SHA256:e0a62be50d2ce4d50cb324126003c5a0bbe409eff46fca20e2f19f3f75d2b4e6
SHA512:0f80ee6fafecda00e1739bdb90383ce1ea82cced77a02e1622c142daca878f43ef397f9f07a2fea25e0dbbd812ae5f54650986ee1d0f4a5850f4a7648ff72282
SSDEEP:786432:QmRWC5RcvGKG6XgAWjoskbzeXyv4gHS7kM/Kp2uLWVv7ucfqxuKbG8psB/3N6ODC:/RWCoeOOkbzeXyv4cvAvKcfqVbG8paQ3
TLSH:1EA733A3E84C8ACFCB467C320C279EBC5107048579B9879622DD36B45BE19D16AE13F7
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'...IY..IY..IY.. Y..IY..FY..IYP..Y..IY..UY..IY...Y..IYP..Y..IY).PY..IY..HYE.IY...Y^.IY..)Y..IY?..Y..IY...Y..IYRich..IY.......

File Icon

Icon Hash:2d2e3797b32b2b99

Static PE Info

General

Entrypoint:0x408884
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:0x43F5B48D [Fri Feb 17 11:33:33 2006 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:d198a7d79b612d6bfc15148eee852b0f
Instruction
push 00000060h
push 00416B70h
call 00007F9334C1D025h
mov edi, 00000094h
mov eax, edi
call 00007F9334C221C9h
mov dword ptr [ebp-18h], esp
mov esi, esp
mov dword ptr [esi], edi
push esi
call dword ptr [00416130h]
mov ecx, dword ptr [esi+10h]
mov dword ptr [0041D3A8h], ecx
mov eax, dword ptr [esi+04h]
mov dword ptr [0041D3B4h], eax
mov edx, dword ptr [esi+08h]
mov dword ptr [0041D3B8h], edx
mov esi, dword ptr [esi+0Ch]
and esi, 00007FFFh
mov dword ptr [0041D3ACh], esi
cmp ecx, 02h
je 00007F9334C1C2BEh
or esi, 00008000h
mov dword ptr [0041D3ACh], esi
shl eax, 08h
add eax, edx
mov dword ptr [0041D3B0h], eax
xor esi, esi
push esi
mov edi, dword ptr [004160B4h]
call edi
cmp word ptr [eax], 5A4Dh
jne 00007F9334C1C2D1h
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 00004550h
jne 00007F9334C1C2C4h
movzx eax, word ptr [ecx+18h]
cmp eax, 0000010Bh
je 00007F9334C1C2D1h
cmp eax, 0000020Bh
je 00007F9334C1C2B7h
mov dword ptr [ebp-1Ch], esi
jmp 00007F9334C1C2D9h
cmp dword ptr [ecx+00000084h], 0Eh
jbe 00007F9334C1C2A4h
xor eax, eax
cmp dword ptr [ecx+000000F8h], esi
jmp 00007F9334C1C2C0h
cmp dword ptr [ecx+74h], 0Eh
jbe 00007F9334C1C294h
xor eax, eax
cmp dword ptr [ecx+000000E8h], esi
setne al
mov dword ptr [ebp-1Ch], eax
Programming Language:
  • [ASM] VS2003 (.NET) build 3077
  • [ C ] VS2003 (.NET) build 3077
  • [C++] VS2003 (.NET) build 3077
  • [RES] VS2003 (.NET) build 3077
  • [LNK] VS2003 (.NET) build 3077
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x1b0ac0x8c.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x1f0000x76a08.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
IMAGE_DIRECTORY_ENTRY_DEBUG0x162200x1c.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1aa080x48.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x160000x21c.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x1484e0x150006bff694a7534888c24ac855de213e6c7False0.5892275855654762data6.5704933850345455IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x160000x5c7c0x600003550fea48e89f509111530cc1b05e52False0.611328125data6.46317050608034IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x1c0000x2adc0x1000b69d53c11007498923f360eb745bc6a8False0.395751953125Matlab v4 mat-file (little endian) 1\254@, numeric, rows 4233722, columns 03.597169738218804IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x1f0000x76a080x770009ab3056d8b4262e1444c0d8fbba87527False0.4216698398109244data7.207776005030805IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_BITMAP0x45dc80xe50Device independent bitmap graphic, 50 x 50 x 8, image size 2600, 256 important colorsEnglishUnited States0.4181222707423581
RT_BITMAP0x1f6600x26764Device independent bitmap graphic, 166 x 315 x 24, image size 157500EnglishUnited States0.17047099149422368
RT_BITMAP0x46c180x4cea0Device independent bitmap graphic, 333 x 315 x 24, image size 315000, resolution 2835 x 2835 px/mEnglishUnited States0.5499079481970544
RT_ICON0x93ab80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5675675675675675
RT_ICON0x93be00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4486994219653179
RT_ICON0x941480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4637096774193548
RT_ICON0x944300x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.3953068592057762
RT_DIALOG0x1f5680xf2dataEnglishUnited States0.5785123966942148
RT_DIALOG0x1f4400x124dataEnglishUnited States0.5068493150684932
RT_DIALOG0x1f3c00x40dataEnglishUnited States0.8125
RT_DIALOG0x1f4000x40dataEnglishUnited States0.8125
RT_STRING0x94d180x496dataEnglishUnited States0.3526405451448041
RT_STRING0x957200x27edataEnglishUnited States0.44200626959247646
RT_STRING0x951b00xeedataEnglishUnited States0.5840336134453782
RT_STRING0x952a00x47adataEnglishUnited States0.3900523560209424
RT_STRING0x959a00x62dataEnglishUnited States0.47959183673469385
RT_GROUP_ICON0x94cd80x3edataEnglishUnited States0.8387096774193549
DLLImport
COMCTL32.dllPropertySheetA, CreatePropertySheetPageA
KERNEL32.dllLocalFileTimeToFileTime, DosDateTimeToFileTime, GetFileTime, CreateFileA, SetEndOfFile, MultiByteToWideChar, SetFileTime, GetStringTypeA, LCMapStringW, LCMapStringA, GetSystemInfo, VirtualProtect, IsBadCodePtr, IsBadReadPtr, FlushFileBuffers, SetStdHandle, LoadLibraryA, SetEnvironmentVariableA, CompareStringW, CompareStringA, VirtualQuery, InterlockedExchange, GetCPInfo, SetCurrentDirectoryA, GetModuleFileNameA, MoveFileA, GetModuleHandleA, MoveFileExA, GetFileAttributesA, RemoveDirectoryA, GetStringTypeW, DeleteFileA, CreateDirectoryA, GetLastError, CloseHandle, GetLocaleInfoA, GetOEMCP, GetACP, InitializeCriticalSection, HeapSize, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, ReadFile, WriteFile, SetFilePointer, ExitProcess, HeapAlloc, HeapFree, GetSystemTimeAsFileTime, RtlUnwind, RaiseException, SetFileAttributesA, GetStartupInfoA, GetCommandLineA, GetVersionExA, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, WideCharToMultiByte, GetProcAddress, TerminateProcess, GetCurrentProcess, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, SetUnhandledExceptionFilter, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA
USER32.dllTranslateMessage, DrawTextA, PeekMessageA, LoadBitmapA, SetWindowTextA, GetWindowLongA, SetWindowLongA, GetDlgItem, EnableWindow, PostMessageA, BeginPaint, DispatchMessageA, EndPaint, SetDlgItemTextA, MessageBoxA, LoadStringA, SystemParametersInfoA, GetDC, ReleaseDC, GetDesktopWindow, GetWindowRect, CopyRect, OffsetRect, SetWindowPos, SendMessageA, GetParent
GDI32.dllCreateCompatibleDC, SelectObject, BitBlt, SetBkMode, SetTextColor, DeleteObject, GetDeviceCaps, CreateFontIndirectA, GetObjectA
ADVAPI32.dllRegSetValueExA, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey
SHELL32.dllShellExecuteA, SHFileOperationA, SHGetSpecialFolderPathA

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:09:22:57
Start date:15/05/2024
Path:C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe"
Imagebase:0x400000
File size:45'580'422 bytes
MD5 hash:A168840844ABC99E5E75D57E4DE94AC2
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Section Activities

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:2%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:6.5%
Total number of Nodes:800
Total number of Limit Nodes:16
Show Legend
Hide Nodes/Edges
execution_graph 11431 408884 11432 408890 _fast_error_exit ctype 11431->11432 11433 40889c GetVersionExA 11432->11433 11434 4088e4 GetModuleHandleA 11433->11434 11435 4088d8 11433->11435 11437 408900 11434->11437 11435->11434 11483 409bc2 HeapCreate 11437->11483 11438 408952 11439 40895e 11438->11439 11560 408860 11438->11560 11568 40b890 11439->11568 11442 408964 11443 408970 11442->11443 11444 408968 11442->11444 11491 40e520 11443->11491 11445 408860 _fast_error_exit 36 API calls 11444->11445 11446 40896f 11445->11446 11446->11443 11449 408981 11451 40883b __lock 36 API calls 11449->11451 11450 408989 GetCommandLineA 11506 40e3fe 11450->11506 11453 408988 11451->11453 11453->11450 11456 4089a3 11457 4089a7 11456->11457 11458 4089af 11456->11458 11460 40883b __lock 36 API calls 11457->11460 11529 40e129 11458->11529 11462 4089ae 11460->11462 11462->11458 11463 4089c0 11541 40988d 11463->11541 11464 4089b8 11465 40883b __lock 36 API calls 11464->11465 11467 4089bf 11465->11467 11467->11463 11469 4089d6 GetStartupInfoA 11545 40e0cc 11469->11545 11470 4089cf 11471 40883b __lock 36 API calls 11470->11471 11473 4089d5 11471->11473 11473->11469 11474 4089e8 11475 4089f1 11474->11475 11476 4089fa GetModuleHandleA 11475->11476 11549 4036a0 11476->11549 11479 408a18 11596 4099dc 11479->11596 11482 408a1d ctype 11484 409be2 11483->11484 11485 409c0c 11483->11485 11486 409bf1 11484->11486 11487 409c0f 11484->11487 11485->11438 11599 409c13 HeapAlloc 11486->11599 11487->11438 11490 409c00 HeapDestroy 11490->11485 11492 407a7c __getbuf 36 API calls 11491->11492 11493 40e52f 11492->11493 11494 40e575 GetStartupInfoA 11493->11494 11498 40897d 11493->11498 11500 40e678 11494->11500 11505 40e58f 11494->11505 11495 40e708 SetHandleCount 11495->11498 11496 40e6a7 GetStdHandle 11499 40e6b5 GetFileType 11496->11499 11496->11500 11497 407a7c __getbuf 36 API calls 11497->11505 11498->11449 11498->11450 11499->11500 11500->11495 11500->11496 11500->11498 11503 40eb3f __lock 2 API calls 11500->11503 11501 40e626 GetFileType 11504 40e600 11501->11504 11502 40eb3f __lock 2 API calls 11502->11504 11503->11500 11504->11498 11504->11500 11504->11501 11504->11502 11505->11497 11505->11500 11505->11504 11507 40e439 11506->11507 11508 40e41a GetEnvironmentStringsW 11506->11508 11509 40e422 11507->11509 11511 40e4c9 11507->11511 11508->11509 11510 40e42e GetLastError 11508->11510 11513 40e450 GetEnvironmentStringsW 11509->11513 11516 40e458 WideCharToMultiByte 11509->11516 11510->11507 11512 40e4d5 GetEnvironmentStrings 11511->11512 11514 408999 11511->11514 11512->11514 11519 40e4e1 11512->11519 11513->11514 11513->11516 11586 40e35c 11514->11586 11517 40e48c 11516->11517 11518 40e4be FreeEnvironmentStringsW 11516->11518 11521 407a7c __getbuf 36 API calls 11517->11521 11518->11514 11520 407a7c __getbuf 36 API calls 11519->11520 11528 40e4fa 11520->11528 11522 40e492 11521->11522 11522->11518 11523 40e49b WideCharToMultiByte 11522->11523 11525 40e4b5 11523->11525 11526 40e4ac 11523->11526 11524 40e510 FreeEnvironmentStringsA 11524->11514 11525->11518 11527 407a8e __mtdeletelocks 36 API calls 11526->11527 11527->11525 11528->11524 11530 40e136 11529->11530 11533 40e13b _strlen 11529->11533 11601 40f1d0 11530->11601 11532 4089b4 11532->11463 11532->11464 11533->11532 11534 407a7c __getbuf 36 API calls 11533->11534 11535 40e16c _strcat _strlen 11534->11535 11535->11532 11536 40e1b5 11535->11536 11538 407a7c __getbuf 36 API calls 11535->11538 11539 40e1da 11535->11539 11537 407a8e __mtdeletelocks 36 API calls 11536->11537 11537->11532 11538->11535 11540 407a8e __mtdeletelocks 36 API calls 11539->11540 11540->11532 11542 409896 11541->11542 11543 4091bf 40 API calls 11542->11543 11544 4089c7 11542->11544 11543->11544 11544->11469 11544->11470 11546 40e0d8 11545->11546 11548 40e0dd __wincmdln 11545->11548 11547 40f1d0 ___initmbctable 65 API calls 11546->11547 11547->11548 11548->11474 11769 4015f0 KiUserCallbackDispatcher GetDC GetDeviceCaps CreateFontIndirectA ReleaseDC 11549->11769 11553 40374f 11779 405a60 11553->11779 11555 403768 DeleteObject DeleteObject 11556 403788 ShellExecuteA 11555->11556 11557 40379d 11555->11557 11556->11557 11558 4079c7 _fast_error_exit 36 API calls 11557->11558 11559 4037ad 11558->11559 11559->11479 11593 4099ba 11559->11593 11561 408869 11560->11561 11562 40886e 11560->11562 11563 40df2f _fast_error_exit 36 API calls 11561->11563 11564 40ddb8 _fast_error_exit 36 API calls 11562->11564 11563->11562 11565 408877 11564->11565 11566 409833 _fast_error_exit 3 API calls 11565->11566 11567 408881 11566->11567 11567->11439 11800 4091d1 11568->11800 11571 40b8a1 GetModuleHandleA 11574 40b8b4 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 11571->11574 11575 40b91f FlsAlloc 11571->11575 11572 40b899 11804 40b6bb 11572->11804 11574->11575 11577 40b8f7 11574->11577 11578 40b934 11575->11578 11579 40b975 11575->11579 11577->11575 11581 41018b __lock 36 API calls 11578->11581 11580 40b6bb FlsFree 11579->11580 11582 40b97a 11580->11582 11583 40b942 11581->11583 11582->11442 11583->11579 11584 40b94a FlsSetValue 11583->11584 11584->11579 11585 40b95b GetCurrentThreadId 11584->11585 11585->11582 11587 40e373 GetModuleFileNameA 11586->11587 11588 40e36e 11586->11588 11590 40e39b 11587->11590 11589 40f1d0 ___initmbctable 65 API calls 11588->11589 11589->11587 11591 407a7c __getbuf 36 API calls 11590->11591 11592 40e3c6 11591->11592 11592->11456 11594 4098f7 _fast_error_exit 36 API calls 11593->11594 11595 4099c7 11594->11595 11595->11479 11597 4098f7 _fast_error_exit 36 API calls 11596->11597 11598 4099e7 11597->11598 11598->11482 11600 409bfb 11599->11600 11600->11487 11600->11490 11602 40f1d9 11601->11602 11603 40f1e0 11601->11603 11605 40f080 11602->11605 11603->11533 11606 40f08c ctype 11605->11606 11607 409324 __lock 36 API calls 11606->11607 11608 40f097 11607->11608 11609 40f0ab GetOEMCP 11608->11609 11610 40f0bd 11608->11610 11611 40f0d4 11609->11611 11610->11611 11612 40f0c2 GetACP 11610->11612 11613 40f1af 11611->11613 11614 40f112 11611->11614 11615 407a7c __getbuf 36 API calls 11611->11615 11612->11611 11629 40f1c7 11613->11629 11620 40f124 11614->11620 11621 40eef0 11614->11621 11615->11614 11617 40f1be ctype 11617->11603 11619 407a8e __mtdeletelocks 36 API calls 11619->11613 11620->11613 11620->11619 11622 40ef0e 11621->11622 11628 40ef39 ___initmbctable 11621->11628 11624 40ef25 GetCPInfo 11622->11624 11622->11628 11624->11628 11625 40f06c 11626 4079c7 _fast_error_exit 36 API calls 11625->11626 11627 40f07e 11626->11627 11627->11620 11628->11625 11632 40ecf5 GetCPInfo 11628->11632 11768 40926f LeaveCriticalSection 11629->11768 11631 40f1ce 11631->11617 11637 40ed25 11632->11637 11641 40ede7 11632->11641 11634 40ed9b 11665 411448 11634->11665 11636 4079c7 _fast_error_exit 36 API calls 11639 40ee7f 11636->11639 11642 411804 11637->11642 11638 40edbf 11640 411448 ___initmbctable 61 API calls 11638->11640 11639->11625 11640->11641 11641->11636 11643 411810 ctype 11642->11643 11644 41181a GetStringTypeW 11643->11644 11645 411832 11643->11645 11644->11645 11646 41183a GetLastError 11644->11646 11647 411865 11645->11647 11648 411947 11645->11648 11646->11645 11650 411941 ctype 11647->11650 11651 411881 MultiByteToWideChar 11647->11651 11709 4119be GetLocaleInfoA 11648->11709 11650->11634 11651->11650 11658 4118af ___initmbctable _fast_error_exit 11651->11658 11653 411993 GetStringTypeA 11653->11650 11655 4119ac 11653->11655 11657 407a8e __mtdeletelocks 36 API calls 11655->11657 11656 411987 11656->11650 11656->11653 11657->11650 11659 41190d MultiByteToWideChar 11658->11659 11660 41018b __lock 36 API calls 11658->11660 11661 411935 11659->11661 11662 411924 GetStringTypeW 11659->11662 11663 4118fe 11660->11663 11661->11650 11664 407a8e __mtdeletelocks 36 API calls 11661->11664 11662->11661 11663->11650 11663->11659 11664->11650 11666 411454 ctype 11665->11666 11667 41145e LCMapStringW 11666->11667 11670 411479 11666->11670 11668 411481 GetLastError 11667->11668 11667->11670 11668->11670 11669 4116a0 11672 4119be ___initmbctable 50 API calls 11669->11672 11670->11669 11671 4114cc 11670->11671 11673 4114ed MultiByteToWideChar 11671->11673 11675 411698 ctype 11671->11675 11674 4116ca 11672->11674 11673->11675 11680 41151b _fast_error_exit 11673->11680 11674->11675 11676 4117d1 LCMapStringA 11674->11676 11677 4116e3 11674->11677 11675->11638 11678 4117ce 11676->11678 11679 411a01 ___initmbctable 43 API calls 11677->11679 11678->11675 11685 407a8e __mtdeletelocks 36 API calls 11678->11685 11681 4116f5 11679->11681 11682 41157a MultiByteToWideChar 11680->11682 11687 407a7c __getbuf 36 API calls 11680->11687 11681->11675 11686 4116ff LCMapStringA 11681->11686 11683 411597 LCMapStringW 11682->11683 11684 41167d 11682->11684 11683->11684 11689 4115b6 11683->11689 11690 41168a 11684->11690 11692 407a8e __mtdeletelocks 36 API calls 11684->11692 11685->11675 11698 41171e ___initmbctable _fast_error_exit 11686->11698 11707 411799 11686->11707 11688 411567 11687->11688 11688->11675 11688->11682 11691 4115bc 11689->11691 11696 4115e9 _fast_error_exit 11689->11696 11690->11675 11693 407a8e __mtdeletelocks 36 API calls 11690->11693 11691->11684 11694 4115ce LCMapStringW 11691->11694 11692->11690 11693->11675 11694->11684 11695 407a8e __mtdeletelocks 36 API calls 11695->11678 11697 411644 LCMapStringW 11696->11697 11701 407a7c __getbuf 36 API calls 11696->11701 11697->11684 11700 41165c WideCharToMultiByte 11697->11700 11699 41177c LCMapStringA 11698->11699 11702 407a7c __getbuf 36 API calls 11698->11702 11703 41179d 11699->11703 11699->11707 11700->11684 11704 411635 11701->11704 11708 411761 ___initmbctable 11702->11708 11706 411a01 ___initmbctable 43 API calls 11703->11706 11704->11684 11704->11697 11706->11707 11707->11678 11707->11695 11708->11699 11708->11707 11710 4119ed 11709->11710 11712 4119e8 11709->11712 11741 412ca9 11710->11741 11713 4079c7 _fast_error_exit 36 API calls 11712->11713 11714 411967 11713->11714 11714->11650 11714->11653 11715 411a01 11714->11715 11716 411a0d ctype 11715->11716 11717 411a34 GetCPInfo 11716->11717 11733 411b44 11716->11733 11718 411a45 11717->11718 11723 411a58 _strlen 11717->11723 11719 411a4b GetCPInfo 11718->11719 11718->11723 11719->11723 11720 407a8e __mtdeletelocks 36 API calls 11724 411afe 11720->11724 11721 411a8c MultiByteToWideChar 11721->11724 11727 411aa6 ___initmbctable _fast_error_exit 11721->11727 11722 4079c7 _fast_error_exit 36 API calls 11725 411bc4 ctype 11722->11725 11723->11721 11723->11727 11724->11722 11725->11656 11726 411b0c MultiByteToWideChar 11729 411b27 11726->11729 11726->11733 11727->11726 11728 41018b __lock 36 API calls 11727->11728 11730 411af6 11728->11730 11731 411b4c 11729->11731 11732 411b2c WideCharToMultiByte 11729->11732 11730->11724 11730->11726 11734 411b51 WideCharToMultiByte 11731->11734 11735 411b67 11731->11735 11732->11733 11733->11720 11733->11724 11734->11733 11734->11735 11736 41018b __lock 36 API calls 11735->11736 11737 411b6f 11736->11737 11737->11733 11738 411b78 WideCharToMultiByte 11737->11738 11738->11733 11739 411b8c 11738->11739 11740 407a8e __mtdeletelocks 36 API calls 11739->11740 11740->11733 11742 40b6d8 __lock 36 API calls 11741->11742 11743 412cb0 11742->11743 11746 412cc0 11743->11746 11748 4104c2 11743->11748 11747 412cee 11746->11747 11756 412277 11746->11756 11747->11712 11749 4104ce ctype 11748->11749 11750 409324 __lock 36 API calls 11749->11750 11751 4104d5 11750->11751 11760 410401 11751->11760 11755 4104eb ctype 11755->11746 11757 412295 11756->11757 11759 41228c 11756->11759 11758 411804 ___initmbctable 50 API calls 11757->11758 11758->11759 11759->11746 11761 40b6d8 __lock 36 API calls 11760->11761 11762 410407 11761->11762 11763 410331 ___initmbctable 36 API calls 11762->11763 11764 4104bc 11762->11764 11763->11764 11765 4104f4 11764->11765 11766 40926f __mtdeletelocks LeaveCriticalSection 11765->11766 11767 4104fb 11766->11767 11767->11755 11768->11631 11770 4079c7 _fast_error_exit 36 API calls 11769->11770 11771 4016c5 GetModuleHandleA LoadBitmapA 11770->11771 11772 4034e0 RegOpenKeyExA 11771->11772 11773 403510 RegQueryValueExA 11772->11773 11774 40368f 11772->11774 11775 403540 RegCloseKey 11773->11775 11776 403553 RegQueryValueExA 11773->11776 11774->11553 11775->11553 11778 403581 RegCloseKey 11776->11778 11778->11553 11788 405970 CreatePropertySheetPageA 11779->11788 11781 405a74 11789 402d50 11781->11789 11783 405a7f 11794 403020 11783->11794 11785 405a8a 11799 402b90 CreatePropertySheetPageA 11785->11799 11787 405a95 PropertySheetA 11787->11555 11788->11781 11790 4024f0 56 API calls 11789->11790 11791 402d88 11790->11791 11792 4024f0 56 API calls 11791->11792 11793 402d93 CreatePropertySheetPageA 11792->11793 11793->11783 11795 4024f0 56 API calls 11794->11795 11796 40305b 11795->11796 11797 4024f0 56 API calls 11796->11797 11798 403069 CreatePropertySheetPageA 11797->11798 11798->11785 11799->11787 11801 4091da 11800->11801 11802 40eb3f __lock 2 API calls 11801->11802 11803 409208 11801->11803 11802->11801 11803->11571 11803->11572 11805 40b6d3 11804->11805 11806 40b6c5 FlsFree 11804->11806 11805->11805 11806->11805 10852 4056a0 GetWindowLongA 10853 4056d7 10852->10853 10854 4057ec 8 API calls 10852->10854 10856 405733 10853->10856 10857 4056dc 10853->10857 10855 4058a0 10854->10855 10855->10855 10860 4058a7 DrawTextA SendMessageA SelectObject SetTextColor 10855->10860 10858 4057b2 10856->10858 10859 405744 10856->10859 10861 4056e7 SetWindowLongA 10857->10861 10880 405726 10857->10880 10864 4057cf 10858->10864 10908 402760 10858->10908 10867 405784 GetParent PostMessageA 10859->10867 10868 405759 GetParent PostMessageA 10859->10868 10859->10880 10862 405904 10860->10862 10882 4024f0 10861->10882 10862->10862 10869 40590b DrawTextA SetBkMode SelectObject DeleteObject EndPaint 10862->10869 10863 4079c7 _fast_error_exit 36 API calls 10870 40595a 10863->10870 10913 4079c7 10864->10913 10877 4024f0 56 API calls 10867->10877 10876 4024f0 56 API calls 10868->10876 10869->10880 10873 4057c2 SetWindowLongA 10873->10864 10879 405777 10876->10879 10877->10880 10878 40571f 10881 4024f0 56 API calls 10878->10881 10879->10880 10880->10863 10881->10880 10883 402520 GetModuleHandleA 10882->10883 10884 40253b 10882->10884 10883->10884 10919 407a7c 10884->10919 10887 4025d4 LoadStringA 10888 4025fb 10887->10888 10889 4025eb 10887->10889 10937 4020d0 10888->10937 10927 407a8e 10889->10927 10890 407a7c __getbuf 36 API calls 10892 402569 LoadStringA 10890->10892 10893 407a7c __getbuf 36 API calls 10892->10893 10895 40258b 10893->10895 10922 40839d 10895->10922 10896 4079c7 _fast_error_exit 36 API calls 10898 40274f GetParent SetWindowTextA GetParent 10896->10898 10905 4010a0 GetParent 10898->10905 10900 407a7c __getbuf 36 API calls 10901 4025bb LoadStringA 10900->10901 10901->10887 10902 4025f1 10902->10896 10904 402634 10904->10902 10947 401ef0 10904->10947 10906 4010b4 GetDesktopWindow 10905->10906 10907 4010ba 7 API calls 10905->10907 10906->10907 10907->10878 10909 4024f0 56 API calls 10908->10909 10910 402769 10909->10910 10911 4024f0 56 API calls 10910->10911 10912 402774 MessageBoxA 10911->10912 10912->10873 10914 4057e3 10913->10914 10915 407996 ctype 10913->10915 11401 409a60 10915->11401 10961 407a50 10919->10961 11087 40bbc6 10922->11087 10925 4025a5 10925->10887 10925->10900 10929 407a9a ctype 10927->10929 10928 407af9 ctype 10928->10902 10929->10928 10930 409324 __lock 35 API calls 10929->10930 10936 407ad6 10929->10936 10932 407ab1 __mtdeletelocks 10930->10932 10931 407aeb HeapFree 10931->10928 10933 407acb 10932->10933 11242 409c86 10932->11242 11248 407ae1 10933->11248 10936->10928 10936->10931 10939 4020dd 10937->10939 10938 402121 10940 402132 10938->10940 11266 4071ef 10938->11266 10939->10938 10943 402104 10939->10943 10944 402145 10940->10944 11274 401910 10940->11274 11252 401ab0 10943->11252 10944->10904 10946 40211b 10946->10904 10950 401efd 10947->10950 10948 401f4b 10949 401f5b 10948->10949 10951 407197 41 API calls 10948->10951 10953 4071ef 41 API calls 10949->10953 10958 401f83 __shift 10949->10958 10950->10948 10952 401f24 10950->10952 10951->10949 11391 401ba0 10952->11391 10953->10958 10955 401fe9 10959 401910 41 API calls 10955->10959 10960 402000 __shift 10955->10960 10956 401f45 10956->10904 10957 4071ef 41 API calls 10957->10955 10958->10955 10958->10957 10958->10960 10959->10960 10960->10904 10962 402547 10961->10962 10964 407a57 __getbuf 10961->10964 10962->10887 10962->10890 10964->10962 10965 4079d5 10964->10965 10966 4079e1 ctype 10965->10966 10968 407a14 10966->10968 10975 409324 10966->10975 10969 407a2f HeapAlloc 10968->10969 10972 407a3e ctype 10968->10972 10969->10972 10970 4079fc 10982 40a43a 10970->10982 10972->10964 10976 409337 10975->10976 10977 40934a EnterCriticalSection 10975->10977 10991 409284 10976->10991 10977->10970 10979 40933d 10979->10977 11012 40883b 10979->11012 10985 40a46c 10982->10985 10983 40a58f 10987 407a07 10983->10987 11082 40a055 10983->11082 10985->10983 10985->10987 11074 409f9e 10985->11074 10988 407a47 10987->10988 11086 40926f LeaveCriticalSection 10988->11086 10990 407a4e 10990->10968 10992 409290 ctype 10991->10992 10993 407a7c __getbuf 36 API calls 10992->10993 10995 4092b3 __lock ctype 10992->10995 10994 4092a7 10993->10994 10996 4092bb 10994->10996 10997 4092ae 10994->10997 10995->10979 10999 409324 __lock 36 API calls 10996->10999 11018 408721 10997->11018 11000 4092c2 10999->11000 11001 409302 11000->11001 11002 4092ca 11000->11002 11003 407a8e __mtdeletelocks 36 API calls 11001->11003 11021 40eb3f 11002->11021 11005 4092fe 11003->11005 11026 40931b 11005->11026 11006 4092d5 11006->11005 11007 4092db 11006->11007 11008 407a8e __mtdeletelocks 36 API calls 11007->11008 11010 4092e1 11008->11010 11011 408721 __lock 36 API calls 11010->11011 11011->10995 11013 408844 11012->11013 11014 408849 11012->11014 11050 40df2f 11013->11050 11056 40ddb8 11014->11056 11029 40b6d8 GetLastError FlsGetValue 11018->11029 11020 408726 11020->10995 11022 40eb4b ctype 11021->11022 11023 40eb5d GetModuleHandleA 11022->11023 11025 40eb81 ctype 11022->11025 11024 40eb6c GetProcAddress 11023->11024 11023->11025 11024->11025 11025->11006 11049 40926f LeaveCriticalSection 11026->11049 11028 409322 11028->10995 11030 40b6f4 11029->11030 11031 40b73d SetLastError 11029->11031 11039 41018b 11030->11039 11031->11020 11033 40b700 11034 40b735 11033->11034 11035 40b708 FlsSetValue 11033->11035 11037 40883b __lock 31 API calls 11034->11037 11035->11034 11036 40b719 GetCurrentThreadId 11035->11036 11036->11031 11038 40b73c 11037->11038 11038->11031 11045 410197 __getbuf ___initmbctable ctype 11039->11045 11040 410204 HeapAlloc 11040->11045 11041 409324 __lock 35 API calls 11041->11045 11042 410230 ctype 11042->11033 11043 40a43a __getbuf 5 API calls 11043->11045 11045->11040 11045->11041 11045->11042 11045->11043 11046 410235 11045->11046 11047 40926f __mtdeletelocks LeaveCriticalSection 11046->11047 11048 41023c 11047->11048 11048->11045 11049->11028 11051 40df39 11050->11051 11052 40ddb8 _fast_error_exit 36 API calls 11051->11052 11055 40df66 11051->11055 11053 40df50 11052->11053 11054 40ddb8 _fast_error_exit 36 API calls 11053->11054 11054->11055 11055->11014 11059 40ddde 11056->11059 11057 40dee6 11060 4079c7 _fast_error_exit 33 API calls 11057->11060 11058 40deeb _strlen 11063 40df00 GetStdHandle WriteFile 11058->11063 11059->11057 11059->11058 11061 40de1d 11059->11061 11062 408852 11060->11062 11061->11057 11064 40de29 GetModuleFileNameA 11061->11064 11062->10977 11063->11057 11065 40de43 _strcat _fast_error_exit _strncpy _strlen 11064->11065 11067 40fa3a 11065->11067 11068 40fa4d LoadLibraryA 11067->11068 11071 40faba 11067->11071 11069 40fa62 GetProcAddress 11068->11069 11068->11071 11070 40fa79 GetProcAddress GetProcAddress 11069->11070 11069->11071 11070->11071 11072 40fa9c GetProcAddress 11070->11072 11071->11057 11072->11071 11073 40faad GetProcAddress 11072->11073 11073->11071 11075 409fb0 HeapReAlloc 11074->11075 11076 409fe4 HeapAlloc 11074->11076 11077 409fd3 11075->11077 11078 409fcf 11075->11078 11079 40a00b 11076->11079 11080 40a00f VirtualAlloc 11076->11080 11077->11076 11078->10983 11079->10983 11080->11079 11081 40a029 HeapFree 11080->11081 11081->11079 11083 40a06a VirtualAlloc 11082->11083 11085 40a0b1 11083->11085 11085->10987 11086->10990 11088 40c387 11087->11088 11095 40bbfd __aulldvrm _strlen 11087->11095 11089 4079c7 _fast_error_exit 36 API calls 11088->11089 11090 4083cc 11089->11090 11090->10925 11098 40a736 11090->11098 11091 40bb38 46 API calls _write_multi_char 11091->11095 11092 407a7c __getbuf 36 API calls 11092->11095 11093 410575 37 API calls 11093->11095 11094 407a8e __mtdeletelocks 36 API calls 11094->11095 11095->11088 11095->11091 11095->11092 11095->11093 11095->11094 11096 40bb8f 46 API calls 11095->11096 11097 40bb6b 46 API calls _write_multi_char 11095->11097 11096->11095 11097->11095 11102 40a74c _write_multi_char 11098->11102 11107 40a7d3 11098->11107 11099 40a7aa 11100 40a7b4 11099->11100 11101 40a818 11099->11101 11103 40a7cb 11100->11103 11108 40a7d8 11100->11108 11104 40aa1d _write_multi_char 44 API calls 11101->11104 11102->11099 11102->11107 11110 40fc64 11102->11110 11113 40aa1d 11103->11113 11104->11107 11107->10925 11108->11107 11131 40e861 11108->11131 11111 407a7c __getbuf 36 API calls 11110->11111 11112 40fc74 11111->11112 11112->11099 11114 40aa29 ctype 11113->11114 11115 40aaac 11114->11115 11117 40aa54 11114->11117 11116 408721 __lock 36 API calls 11115->11116 11118 40aab1 11116->11118 11149 40fe91 11117->11149 11120 40872a _write_multi_char 36 API calls 11118->11120 11126 40aa9c ctype 11120->11126 11121 40aa5a 11122 40aa68 11121->11122 11123 40aa7c 11121->11123 11158 40a84f 11122->11158 11125 408721 __lock 36 API calls 11123->11125 11128 40aa81 11125->11128 11126->11107 11127 40aa74 11185 40aaa4 11127->11185 11182 40872a 11128->11182 11132 40e86d ctype 11131->11132 11133 40e8f0 11132->11133 11135 40e898 11132->11135 11134 408721 __lock 36 API calls 11133->11134 11136 40e8f5 11134->11136 11137 40fe91 _write_multi_char 37 API calls 11135->11137 11138 40872a _write_multi_char 36 API calls 11136->11138 11139 40e89e 11137->11139 11146 40e8e0 ctype 11138->11146 11140 40e8c0 11139->11140 11141 40e8ac 11139->11141 11142 408721 __lock 36 API calls 11140->11142 11227 40e7ed 11141->11227 11144 40e8c5 11142->11144 11145 40872a _write_multi_char 36 API calls 11144->11145 11147 40e8b8 11145->11147 11146->11107 11238 40e8e8 11147->11238 11150 40fe9d ctype 11149->11150 11151 40feff EnterCriticalSection 11150->11151 11152 409324 __lock 36 API calls 11150->11152 11157 40fee2 __lock ctype 11151->11157 11153 40fec5 11152->11153 11154 40fedc 11153->11154 11155 40eb3f __lock 2 API calls 11153->11155 11154->11157 11188 40ff28 11154->11188 11155->11154 11157->11121 11159 40a880 11158->11159 11167 40a879 11158->11167 11160 40a8b9 11159->11160 11192 40fcd2 11159->11192 11162 40a997 WriteFile 11160->11162 11170 40a8ca 11160->11170 11165 40a9bf GetLastError 11162->11165 11177 40a95e 11162->11177 11163 4079c7 _fast_error_exit 36 API calls 11166 40aa15 11163->11166 11164 40a9d5 11164->11167 11168 408721 __lock 36 API calls 11164->11168 11165->11177 11166->11127 11167->11163 11172 40a9f2 11168->11172 11169 40a920 WriteFile 11169->11170 11173 40a960 GetLastError 11169->11173 11170->11164 11170->11169 11170->11177 11171 40a97b 11174 40a983 11171->11174 11175 40a9ca 11171->11175 11176 40872a _write_multi_char 36 API calls 11172->11176 11173->11177 11178 408721 __lock 36 API calls 11174->11178 11202 408733 11175->11202 11176->11167 11177->11164 11177->11167 11177->11171 11180 40a988 11178->11180 11181 40872a _write_multi_char 36 API calls 11180->11181 11181->11167 11183 40b6d8 __lock 36 API calls 11182->11183 11184 40872f 11183->11184 11184->11127 11226 40ff31 LeaveCriticalSection 11185->11226 11187 40aaaa 11187->11126 11191 40926f LeaveCriticalSection 11188->11191 11190 40ff2f 11190->11151 11191->11190 11219 40fe50 11192->11219 11194 40fcee 11195 40fd03 SetFilePointer 11194->11195 11196 40fcf6 11194->11196 11198 40fd1b GetLastError 11195->11198 11201 40fcfb 11195->11201 11197 408721 __lock 36 API calls 11196->11197 11197->11201 11199 40fd25 11198->11199 11198->11201 11200 408733 _write_multi_char 36 API calls 11199->11200 11200->11201 11201->11160 11203 40b6d8 __lock 36 API calls 11202->11203 11204 408739 11203->11204 11205 408769 11204->11205 11206 408751 11204->11206 11207 40b6d8 __lock 36 API calls 11205->11207 11208 40877a 11206->11208 11210 40875b 11206->11210 11209 40876e 11207->11209 11211 408798 11208->11211 11213 40878a 11208->11213 11209->11167 11212 40b6d8 __lock 36 API calls 11210->11212 11214 40b6d8 __lock 36 API calls 11211->11214 11216 408760 11212->11216 11217 40b6d8 __lock 36 API calls 11213->11217 11215 40879d 11214->11215 11215->11167 11216->11167 11218 40878f 11217->11218 11218->11167 11220 40fe5c 11219->11220 11221 408721 __lock 36 API calls 11220->11221 11222 40fe77 11220->11222 11223 40fe7f 11221->11223 11222->11194 11224 40872a _write_multi_char 36 API calls 11223->11224 11225 40fe8a 11224->11225 11225->11194 11226->11187 11228 40fe50 _write_multi_char 36 API calls 11227->11228 11229 40e7f8 11228->11229 11230 40e80e SetFilePointer 11229->11230 11231 40e7fe 11229->11231 11233 40e827 GetLastError 11230->11233 11234 40e82f 11230->11234 11232 408721 __lock 36 API calls 11231->11232 11235 40e803 11232->11235 11233->11234 11236 40e83b 11234->11236 11237 408733 _write_multi_char 36 API calls 11234->11237 11235->11147 11236->11147 11237->11236 11241 40ff31 LeaveCriticalSection 11238->11241 11240 40e8ee 11240->11146 11241->11240 11243 409cc3 11242->11243 11247 409f69 __shift 11242->11247 11244 409eaf VirtualFree 11243->11244 11243->11247 11245 409f13 11244->11245 11246 409f22 VirtualFree HeapFree 11245->11246 11245->11247 11246->11247 11247->10933 11251 40926f LeaveCriticalSection 11248->11251 11250 407ae8 11250->10936 11251->11250 11253 401ac3 11252->11253 11254 401ac8 11252->11254 11278 407197 11253->11278 11256 401afa 11254->11256 11257 401adb 11254->11257 11259 401b06 11256->11259 11261 4071ef 41 API calls 11256->11261 11288 401890 11257->11288 11263 401910 41 API calls 11259->11263 11265 401b19 11259->11265 11260 401ae7 11262 401890 41 API calls 11260->11262 11261->11259 11264 401af1 11262->11264 11263->11265 11264->10946 11265->10946 11267 4071f9 __EH_prolog 11266->11267 11268 4022e0 41 API calls 11267->11268 11269 407209 11268->11269 11270 4021c0 41 API calls 11269->11270 11271 407219 11270->11271 11310 40822a RaiseException 11271->11310 11273 40722e 11275 401943 11274->11275 11311 40714c 11275->11311 11277 401979 11277->10944 11279 4071a1 __EH_prolog 11278->11279 11292 4022e0 11279->11292 11285 4071d6 11301 402460 11285->11301 11289 40189e 11288->11289 11291 4018a3 __shift 11288->11291 11290 407197 41 API calls 11289->11290 11290->11291 11291->11260 11293 402300 11292->11293 11293->11293 11294 4020d0 41 API calls 11293->11294 11295 402312 11294->11295 11296 4021c0 11295->11296 11297 4021e2 11296->11297 11298 401ab0 41 API calls 11297->11298 11299 40220b 11298->11299 11300 40822a RaiseException 11299->11300 11300->11285 11306 4082b2 11301->11306 11303 402488 11304 401ab0 41 API calls 11303->11304 11305 4024b0 11304->11305 11305->11254 11307 4082ca _strlen 11306->11307 11309 4082d9 _strcat 11306->11309 11308 407a7c __getbuf 36 API calls 11307->11308 11308->11309 11309->11303 11310->11273 11313 407153 __getbuf 11311->11313 11312 407a7c __getbuf 36 API calls 11312->11313 11313->11312 11314 40716e 11313->11314 11316 40726e 11313->11316 11314->11277 11317 4072af 11316->11317 11318 407283 11316->11318 11319 4082b2 36 API calls 11317->11319 11326 408275 11318->11326 11322 4072bd 11319->11322 11321 40729f 11330 4091bf 11321->11330 11333 40822a RaiseException 11322->11333 11325 4072ce 11327 40828a _strlen 11326->11327 11328 407a7c __getbuf 36 API calls 11327->11328 11329 408291 _strcat 11328->11329 11329->11321 11334 409187 11330->11334 11332 4091c8 11332->11317 11333->11325 11335 409193 ctype 11334->11335 11342 409863 11335->11342 11341 4091b0 ctype 11341->11332 11343 409324 __lock 36 API calls 11342->11343 11344 409198 11343->11344 11345 4090df 11344->11345 11355 40eab9 11345->11355 11347 4090eb 11350 40912d 11347->11350 11363 40e90c 11347->11363 11349 409118 11349->11350 11351 40e90c 39 API calls 11349->11351 11352 4091b9 11350->11352 11351->11350 11387 40986c 11352->11387 11356 40eac5 ctype 11355->11356 11357 40eb08 HeapSize 11356->11357 11359 409324 __lock 36 API calls 11356->11359 11358 40eb1b ctype 11357->11358 11358->11347 11360 40ead5 __mtdeletelocks 11359->11360 11381 40eb26 11360->11381 11364 40e918 ctype 11363->11364 11365 40e921 11364->11365 11366 40e92f 11364->11366 11369 407a7c __getbuf 36 API calls 11365->11369 11367 40e942 11366->11367 11368 40e936 11366->11368 11374 40ea7d __getbuf 11367->11374 11378 40e94f __getbuf ___sbh_resize_block __mtdeletelocks 11367->11378 11370 407a8e __mtdeletelocks 36 API calls 11368->11370 11371 40e929 ctype 11369->11371 11370->11371 11371->11349 11372 40ea8b HeapReAlloc 11372->11374 11373 409324 __lock 36 API calls 11373->11378 11374->11371 11374->11372 11376 40e9db HeapAlloc 11376->11378 11377 40ea31 HeapReAlloc 11377->11378 11378->11371 11378->11373 11378->11376 11378->11377 11379 40a43a __getbuf 5 API calls 11378->11379 11380 409c86 VirtualFree VirtualFree HeapFree __mtdeletelocks 11378->11380 11384 40ea74 11378->11384 11379->11378 11380->11378 11382 40926f __mtdeletelocks LeaveCriticalSection 11381->11382 11383 40eb02 11382->11383 11383->11357 11383->11358 11385 40926f __mtdeletelocks LeaveCriticalSection 11384->11385 11386 40ea7b 11385->11386 11386->11378 11390 40926f LeaveCriticalSection 11387->11390 11389 4091be 11389->11341 11390->11389 11392 401bb4 11391->11392 11393 407197 41 API calls 11392->11393 11394 401bc4 11392->11394 11393->11394 11395 401bff 11394->11395 11396 4071ef 41 API calls 11394->11396 11397 401c2a 11395->11397 11398 4071ef 41 API calls 11395->11398 11400 401c3d __shift 11395->11400 11396->11395 11399 401910 41 API calls 11397->11399 11397->11400 11398->11397 11399->11400 11400->10956 11402 409a6f ctype 11401->11402 11403 409ad1 GetModuleFileNameA 11402->11403 11404 409a82 11402->11404 11407 409aeb _strcat _fast_error_exit _strncpy _strlen 11403->11407 11409 4099cb 11404->11409 11408 40fa3a _fast_error_exit 6 API calls 11407->11408 11408->11404 11412 4098f7 11409->11412 11411 4099d8 11413 409903 ctype 11412->11413 11414 409324 __lock 34 API calls 11413->11414 11415 40990a 11414->11415 11416 40991b GetCurrentProcess TerminateProcess 11415->11416 11417 40992b _fast_error_exit 11415->11417 11416->11417 11422 4099a6 11417->11422 11420 4099a1 ctype 11420->11411 11423 40998e 11422->11423 11424 4099ab 11422->11424 11423->11420 11426 409833 GetModuleHandleA 11423->11426 11430 40926f LeaveCriticalSection 11424->11430 11427 409842 GetProcAddress 11426->11427 11428 409858 ExitProcess 11426->11428 11427->11428 11429 409852 11427->11429 11429->11428 11430->11423

Executed Functions

Control-flow Graph

APIs
  • GetWindowLongA.USER32(?,000000EB), ref: 004056BF
  • GetParent.USER32(?), ref: 0040570D
  • SetWindowTextA.USER32(00000000), ref: 00405710
  • GetParent.USER32(?), ref: 00405717
    • Part of subcall function 004010A0: GetParent.USER32(?), ref: 004010AA
    • Part of subcall function 004010A0: GetDesktopWindow.USER32 ref: 004010B4
    • Part of subcall function 004010A0: GetWindowRect.USER32(00000000,?), ref: 004010C6
    • Part of subcall function 004010A0: GetWindowRect.USER32(?,?), ref: 004010CE
    • Part of subcall function 004010A0: CopyRect.USER32(?,?), ref: 004010DA
    • Part of subcall function 004010A0: OffsetRect.USER32(?,?,?), ref: 004010F9
    • Part of subcall function 004010A0: OffsetRect.USER32(?,?,?), ref: 0040110E
    • Part of subcall function 004010A0: OffsetRect.USER32(?,?,?), ref: 00401123
    • Part of subcall function 004010A0: SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000001), ref: 0040114E
  • SetWindowLongA.USER32(?,000000EB,?), ref: 004056F5
    • Part of subcall function 004024F0: GetModuleHandleA.KERNEL32(00000000), ref: 00402530
    • Part of subcall function 004024F0: LoadStringA.USER32(00400000,00000074,00000000,00000104), ref: 0040257F
    • Part of subcall function 004024F0: LoadStringA.USER32(00400000,0000007E,00000000,00000104), ref: 004025D2
    • Part of subcall function 004024F0: LoadStringA.USER32(00400000,?,00000000,00000104), ref: 004025E5
  • GetParent.USER32(?), ref: 00405763
  • PostMessageA.USER32(00000000), ref: 0040576A
  • BeginPaint.USER32(?,?), ref: 004057F3
  • GetObjectA.GDI32(?,00000018,?), ref: 00405808
  • CreateCompatibleDC.GDI32(?), ref: 0040580F
  • SelectObject.GDI32(00000000,?), ref: 00405824
  • BitBlt.GDI32(?,000000A4,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00405846
  • SetBkMode.GDI32(?,00000001), ref: 0040584F
  • SelectObject.GDI32 ref: 0040587D
  • SetTextColor.GDI32(?,?), ref: 00405888
  • DrawTextA.USER32(?,022A2760,022A2761,?,00000010), ref: 004058B7
  • SendMessageA.USER32(?,?,?,00000031), ref: 004058E4
  • SelectObject.GDI32(?,00000000), ref: 004058EC
  • SetTextColor.GDI32(?,?), ref: 004058F3
  • DrawTextA.USER32(?,022A2870,022A2871,?,00000010), ref: 00405917
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: Window$Rect$Text$ObjectParent$LoadOffsetSelectString$ColorDrawLongMessage$BeginCompatibleCopyCreateDesktopHandleModeModulePaintPostSend
  • String ID: U$U
  • API String ID: 2405167359-2145350036
  • Opcode ID: 0cde490c1356560679e6b05bd9945003fc1aea9c1c30cc1950706f7fdddbf5ea
  • Instruction ID: 9b9ff22ff364ffe63fa613ed25786ecafa5a7b7f5ff04c08ed32d64f08584d16
  • Opcode Fuzzy Hash: 0cde490c1356560679e6b05bd9945003fc1aea9c1c30cc1950706f7fdddbf5ea
  • Instruction Fuzzy Hash: 1A7170B1605300AFE310DB64DC89FAB7BA8EB88710F008929F645972D1C775E9058B6A

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 34 4034e0-40350a RegOpenKeyExA 35 403510-40353e RegQueryValueExA 34->35 36 40368f-403694 34->36 37 403540-403552 RegCloseKey 35->37 38 403553-40357b RegQueryValueExA 35->38 39 403581-403593 38->39 40 40365c-403662 38->40 41 403595-40359b 39->41 42 403664-40366c 40->42 43 4035b9-4035bb 41->43 44 40359d-40359f 41->44 42->42 45 40366e 42->45 48 4035be-4035c0 43->48 46 4035a1-4035a9 44->46 47 4035b5-4035b7 44->47 49 403673 45->49 46->43 51 4035ab-4035b3 46->51 47->48 52 4035c2-4035ca 48->52 53 4035e4-4035ee 48->53 50 403678-40368e RegCloseKey 49->50 51->41 51->47 54 4035d0-4035d8 52->54 55 4035f0-4035f6 53->55 54->54 56 4035da-4035df 54->56 57 403614-403616 55->57 58 4035f8-4035fa 55->58 56->49 59 403619-40361b 57->59 60 403610-403612 58->60 61 4035fc-403604 58->61 62 403654-40365a 59->62 63 40361d-403625 59->63 60->59 61->57 64 403606-40360e 61->64 62->50 65 403627-40362d 63->65 64->55 64->60 66 40364b-40364d 65->66 67 40362f-403631 65->67 70 403650-403652 66->70 68 403633-40363b 67->68 69 403647-403649 67->69 68->66 71 40363d-403645 68->71 69->70 70->50 70->62 71->65 71->69
APIs
  • RegOpenKeyExA.KERNELBASE ref: 00403502
  • RegQueryValueExA.ADVAPI32(?,Path,00000000,00000000), ref: 0040353A
  • RegCloseKey.ADVAPI32(00020019,?,Path,00000000,00000000), ref: 00403545
  • RegQueryValueExA.ADVAPI32(74DF0A60,Version,00000000,00000000,?,bA,?,?,Path,00000000,00000000), ref: 00403577
  • RegCloseKey.ADVAPI32(00000000,?,?,Path,00000000,00000000), ref: 0040367D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: CloseQueryValue$Open
  • String ID: Path$Version$bA$bA$cA$cA
  • API String ID: 4082589901-3673360911
  • Opcode ID: bfb0d4b1b3942d0dfa686b270ae8da9d6f66a251793f8f7d8f3fb2fb289391f3
  • Instruction ID: df61369e3dd74c151452abd1dfc2289ccd3ff1880d9a767e9004e023d726d58f
  • Opcode Fuzzy Hash: bfb0d4b1b3942d0dfa686b270ae8da9d6f66a251793f8f7d8f3fb2fb289391f3
  • Instruction Fuzzy Hash: CF514835604341AFC7208F289C90BE37FED5B6A315F198979E8D997391E23AD90CC758

Control-flow Graph

APIs
    • Part of subcall function 004015F0: KiUserCallbackDispatcher.NTDLL ref: 0040162C
    • Part of subcall function 004015F0: GetDC.USER32(00000000), ref: 00401675
    • Part of subcall function 004015F0: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401680
    • Part of subcall function 004015F0: CreateFontIndirectA.GDI32(00000000), ref: 004016A6
    • Part of subcall function 004015F0: ReleaseDC.USER32(00000000,00000000), ref: 004016B1
  • GetModuleHandleA.KERNEL32(00000000,00000084,00000000), ref: 00403734
  • LoadBitmapA.USER32(00000000), ref: 0040373B
    • Part of subcall function 004034E0: RegOpenKeyExA.KERNELBASE ref: 00403502
    • Part of subcall function 004034E0: RegQueryValueExA.ADVAPI32(?,Path,00000000,00000000), ref: 0040353A
    • Part of subcall function 004034E0: RegCloseKey.ADVAPI32(00020019,?,Path,00000000,00000000), ref: 00403545
    • Part of subcall function 00405A60: PropertySheetA.COMCTL32 ref: 00405AF2
  • DeleteObject.GDI32(?), ref: 00403776
  • DeleteObject.GDI32(?), ref: 0040377D
  • ShellExecuteA.SHELL32(00000000,open,1.12_readme.rtf,00000000,00000000,00000005), ref: 00403797
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: DeleteObject$BitmapCallbackCapsCloseCreateDeviceDispatcherExecuteFontHandleIndirectLoadModuleOpenPropertyQueryReleaseSheetShellUserValue
  • String ID: 1.12_readme.rtf$open
  • API String ID: 329534311-874067377
  • Opcode ID: cb1ff2a33884e0d8e27d2af622b2d272707821c56acd5dfe276cda05efe937a4
  • Instruction ID: 44c7bfdf73aab515836a071d630e11d159e8634a38cdc6d7b2076ede4d553871
  • Opcode Fuzzy Hash: cb1ff2a33884e0d8e27d2af622b2d272707821c56acd5dfe276cda05efe937a4
  • Instruction Fuzzy Hash: AA21E4B1909381AFC321DF698884A8BFFE8BB98304F54892EA18C93241D6349644CF5A

Control-flow Graph

APIs
  • KiUserCallbackDispatcher.NTDLL ref: 0040162C
  • GetDC.USER32(00000000), ref: 00401675
  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401680
  • CreateFontIndirectA.GDI32(00000000), ref: 004016A6
  • ReleaseDC.USER32(00000000,00000000), ref: 004016B1
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: CallbackCapsCreateDeviceDispatcherFontIndirectReleaseUser
  • String ID: Verdana Bold
  • API String ID: 2502719842-1317240787
  • Opcode ID: f56f62cdd38965160539956b6c154d5f2ec5c72cb52e4ab851a8f7e8fac1fa60
  • Instruction ID: ecaf978acd22dee2c8db0eeadd797b320830a83cc4721dfa0e0173c963e79192
  • Opcode Fuzzy Hash: f56f62cdd38965160539956b6c154d5f2ec5c72cb52e4ab851a8f7e8fac1fa60
  • Instruction Fuzzy Hash: 9E21A171605340AFD714CB68DC48AABBBE5FBC8314F01852DF9958B391D7B0D408CB86

Control-flow Graph

APIs
    • Part of subcall function 00405970: CreatePropertySheetPageA.COMCTL32 ref: 004059B6
    • Part of subcall function 00402D50: CreatePropertySheetPageA.COMCTL32 ref: 00402DAF
    • Part of subcall function 00403020: CreatePropertySheetPageA.COMCTL32 ref: 00403085
    • Part of subcall function 00402B90: CreatePropertySheetPageA.COMCTL32 ref: 00402BD6
  • PropertySheetA.COMCTL32 ref: 00405AF2
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: PropertySheet$CreatePage
  • String ID: 4$g$h
  • API String ID: 1150265010-1120535643
  • Opcode ID: d077e3ca0a9d8f0d98c256b79949455359efd43079a555244e85be941d852998
  • Instruction ID: 9c1fb18ac5363e713e49141834b88bc1091746eb97eabf806a7e09bd9f3e5a6b
  • Opcode Fuzzy Hash: d077e3ca0a9d8f0d98c256b79949455359efd43079a555244e85be941d852998
  • Instruction Fuzzy Hash: 3501F7B0419350ABC750DF66C848A4FBBF8EFC9708F40492EB184A3250D3B99509CFAA

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 95 409bc2-409be0 HeapCreate 96 409be2-409bef call 409ba8 95->96 97 409c0c-409c0e 95->97 100 409bf1-409bfe call 409c13 96->100 101 409c0f-409c12 96->101 100->101 104 409c00-409c06 HeapDestroy 100->104 104->97
APIs
  • HeapCreate.KERNELBASE(00000000,00001000,00000000,00408952,00000001,?,00416B70,00000060), ref: 00409BD3
    • Part of subcall function 00409C13: HeapAlloc.KERNEL32(00000000,00000140,00409BFB,000003F8,?,00416B70,00000060), ref: 00409C20
  • HeapDestroy.KERNEL32(?,00416B70,00000060), ref: 00409C06
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: Heap$AllocCreateDestroy
  • String ID:
  • API String ID: 2236781399-0
  • Opcode ID: 6a3faba964f4d7fc4e43294e5885a75bb1dfc529ea9202bab57ac6d95d495853
  • Instruction ID: bf9d53d87ee79ed86dc1b92df6285e294af9151f1d81023071d148f0ee3ef2b5
  • Opcode Fuzzy Hash: 6a3faba964f4d7fc4e43294e5885a75bb1dfc529ea9202bab57ac6d95d495853
  • Instruction Fuzzy Hash: 6AE04874A993016AEB205B325D0575636D4FFC4786F04883AF401D51D6EB78CC40951D

Non-executed Functions

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 406 40fa3a-40fa4b 407 40faba-40fac1 406->407 408 40fa4d-40fa5c LoadLibraryA 406->408 409 40fac3-40fac7 407->409 410 40faff-40fb06 407->410 411 40fa62-40fa77 GetProcAddress 408->411 412 40faf5-40faf7 408->412 419 40fae6-40faed 409->419 420 40fac9-40fade 409->420 414 40fb08-40fb0e 410->414 415 40fb1e-40fb27 410->415 411->412 416 40fa79-40fa9a GetProcAddress * 2 411->416 413 40fb2e-40fb32 412->413 414->415 425 40fb10-40fb17 414->425 415->413 416->407 418 40fa9c-40faab GetProcAddress 416->418 418->407 422 40faad-40fab5 GetProcAddress 418->422 423 40faf9-40fafd 419->423 424 40faef-40faf3 419->424 420->419 428 40fae0-40fae4 420->428 422->407 423->415 424->415 425->415 426 40fb19-40fb1c 425->426 426->415 428->410 428->419
APIs
  • LoadLibraryA.KERNEL32(user32.dll,00416C38,?,?), ref: 0040FA52
  • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0040FA6E
  • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0040FA7F
  • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 0040FA8C
  • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 0040FAA2
  • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 0040FAB3
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: AddressProc$LibraryLoad
  • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$user32.dll
  • API String ID: 2238633743-1612076079
  • Opcode ID: 5ac05cc89eddd1a555739867dc6fc7acf3d1019cef7d525b36247ef902c2efc5
  • Instruction ID: 9e302a74ac75a2ff9faf9559d815433ae7e0518dc8ed124a5c826ebdede9ad36
  • Opcode Fuzzy Hash: 5ac05cc89eddd1a555739867dc6fc7acf3d1019cef7d525b36247ef902c2efc5
  • Instruction Fuzzy Hash: 8821A571B40205BEDB20DFB5DC44BAB3FB9AB44744B14843AE805E25D1E778D8489F2D
APIs
  • GetVersionExA.KERNEL32(?,00416B70,00000060), ref: 004088A4
  • GetModuleHandleA.KERNEL32(00000000,?,00416B70,00000060), ref: 004088F7
  • _fast_error_exit.LIBCMT ref: 00408959
  • _fast_error_exit.LIBCMT ref: 0040896A
  • GetCommandLineA.KERNEL32(?,00416B70,00000060), ref: 00408989
  • GetStartupInfoA.KERNEL32(?), ref: 004089DD
  • __wincmdln.LIBCMT ref: 004089E3
  • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00408A00
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: HandleModule_fast_error_exit$CommandInfoLineStartupVersion__wincmdln
  • String ID:
  • API String ID: 3897392166-0
  • Opcode ID: acac43679610b0d6b4d9e2c4bdbb6ec179af1b7c27d438d72826a981d930fbb1
  • Instruction ID: 913d0b45b15da5cedc551b3dc4846abf06ac31f6f7fc4fc939f90b790d76a25c
  • Opcode Fuzzy Hash: acac43679610b0d6b4d9e2c4bdbb6ec179af1b7c27d438d72826a981d930fbb1
  • Instruction Fuzzy Hash: F14194B1D002149ACB20BB76D9056BE76A0AF44714F14883FE995B72D2DF3D8842CB5E
APIs
  • VirtualQuery.KERNEL32(?,?,0000001C), ref: 004112FE
  • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 0041130F
  • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 00411355
  • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,0000001C), ref: 00411393
  • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,0000001C), ref: 004113B9
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: Virtual$Query$AllocInfoProtectSystem
  • String ID:
  • API String ID: 4136887677-0
  • Opcode ID: 061f04a9bb139d109d293993b9d43e65b2453e407d4b2f0b45565f1611130b5d
  • Instruction ID: ab220b3ce32624c57b726697eb7ed16ca6fb885ecdca9b8cb0cc4b521c7d8818
  • Opcode Fuzzy Hash: 061f04a9bb139d109d293993b9d43e65b2453e407d4b2f0b45565f1611130b5d
  • Instruction Fuzzy Hash: 7F31E531D0020DEFEF10CBA4DC45AEE7BB9EB04350F104166EE11E32A0D7359E808B98
APIs
  • GetLocaleInfoA.KERNEL32(?,00001004,00000100,00000006,00000100,?,00000000), ref: 004119DE
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: InfoLocale
  • String ID:
  • API String ID: 2299586839-0
  • Opcode ID: faf3c1ad7f862df4f9a774d4a564fa6d148f9fb4dedc464f1f64c909d9e08721
  • Instruction ID: 2ed584359e4519295f30e6d53e55bbc0e575f7ba065e714c4fa40ecc58970e9e
  • Opcode Fuzzy Hash: faf3c1ad7f862df4f9a774d4a564fa6d148f9fb4dedc464f1f64c909d9e08721
  • Instruction Fuzzy Hash: B1E09274A14208BBDF00DBE5D942EDD7BB86B04318F10426AE614D61D0E6B4D6449B59
APIs
  • SetUnhandledExceptionFilter.KERNEL32(Function_0000BA3C), ref: 0040BA8F
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled
  • String ID:
  • API String ID: 3192549508-0
  • Opcode ID: a22be2ae043ba90d3fa5b6222142badfa6ec5ce8e53451f6c163a32a25457f42
  • Instruction ID: 7c01628d1b2da803a0e4275eeccb4dba9e5abc0f6a185ac8f7defb1e2e3af81d
  • Opcode Fuzzy Hash: a22be2ae043ba90d3fa5b6222142badfa6ec5ce8e53451f6c163a32a25457f42
  • Instruction Fuzzy Hash: E8A022F0B80300ABC300EF30AC080C83AA0E300B02B22C033F800E32A2FB3880008E2C
APIs
  • SetUnhandledExceptionFilter.KERNEL32 ref: 0040BAA3
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled
  • String ID:
  • API String ID: 3192549508-0
  • Opcode ID: 0ab5bf8a92545e2c48e8d69273fdaad892fa934f99c9beb6a61ba0631ea4a39c
  • Instruction ID: 9654367ba2d342f7df9a3da713d531c27da45dd0e0aca9c3bafd9d1e3e2788af
  • Opcode Fuzzy Hash: 0ab5bf8a92545e2c48e8d69273fdaad892fa934f99c9beb6a61ba0631ea4a39c
  • Instruction Fuzzy Hash:
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: c7f9b2ee21ebc983af6be5fde04207f9a6622a4fefcf87c55bd429c679f5d63d
  • Instruction ID: 3ec902b3bdd4662f55b690eb31e5e124bcb83b01b0141810fb0b356342b9ce64
  • Opcode Fuzzy Hash: c7f9b2ee21ebc983af6be5fde04207f9a6622a4fefcf87c55bd429c679f5d63d
  • Instruction Fuzzy Hash: C7626CB16083458FCB18DF18C8906AABBE1FFC9304F14456EE896CB745E739D985CB86
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: fcb747a31e4475319f00ff270345fa019ea98dc8d05b97d2be0a060a132acb34
  • Instruction ID: 1ba16a5099f681f69c815425d0eb076423dd797d59542fe786898520beff1f94
  • Opcode Fuzzy Hash: fcb747a31e4475319f00ff270345fa019ea98dc8d05b97d2be0a060a132acb34
  • Instruction Fuzzy Hash: B222D5B16043008FDB14DF28C9807ABBBE1EFC5305F14895EE8958B346D778DA85CB9A
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 1a3bf61d73b91824d9329b8c81c5f218d27d663e4ca8ce489272cc4d02c01f29
  • Instruction ID: 50c7cbac3d348a2724b7cd86bad52814b32c0462109d6804a05a0c3e7e1b8fdb
  • Opcode Fuzzy Hash: 1a3bf61d73b91824d9329b8c81c5f218d27d663e4ca8ce489272cc4d02c01f29
  • Instruction Fuzzy Hash: FEE1B2312083858FC708CF28D9905AAFBE1EBD5304F144A6EE8D6C7342E779D94ACB56
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 27b29b9277175a90575f8e2059a9ed85d4ab924e38cd8293e3805c48b0d4fc41
  • Instruction ID: 9813e9bd1526a73c78d5d7c63d749a87862753f5398dfa0e90589ff6c70a7b4f
  • Opcode Fuzzy Hash: 27b29b9277175a90575f8e2059a9ed85d4ab924e38cd8293e3805c48b0d4fc41
  • Instruction Fuzzy Hash: 6871D571A502564BD310CF2DECC02A633A2EB9D311F48C53DD7409B366DB39EA26D788
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 3af195e6f950f052f1c19088994c85791562d9d8457cacffa45ad3fc7bf051c4
  • Instruction ID: 9a459b1eec2d055093473535c49dca624331fe29ea8e6fbe7bbebb35aac7ff41
  • Opcode Fuzzy Hash: 3af195e6f950f052f1c19088994c85791562d9d8457cacffa45ad3fc7bf051c4
  • Instruction Fuzzy Hash: D421A732900204DBCB10DF69C8C08A7B7A5FF45350B05857DE955AB286DB34FD15CBE0
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
  • Instruction ID: 148194413cb48007b23aa9be887e903e4083028ff0ede5f82f908c64ceb40ae7
  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
  • Instruction Fuzzy Hash: 771126B7A0C04243F614863DD4B45BBE395EAC532072C827BDD416B7D4D23AF942F90A

Control-flow Graph

APIs
  • GetWindowLongA.USER32(?,000000EB), ref: 0040294E
  • SetWindowLongA.USER32(?,000000EB,?), ref: 00402984
  • GetParent.USER32(?), ref: 0040298F
  • GetDlgItem.USER32(00000000), ref: 00402996
  • EnableWindow.USER32(00000000), ref: 0040299D
    • Part of subcall function 004024F0: GetModuleHandleA.KERNEL32(00000000), ref: 00402530
    • Part of subcall function 004024F0: LoadStringA.USER32(00400000,00000074,00000000,00000104), ref: 0040257F
    • Part of subcall function 004024F0: LoadStringA.USER32(00400000,0000007E,00000000,00000104), ref: 004025D2
    • Part of subcall function 004024F0: LoadStringA.USER32(00400000,?,00000000,00000104), ref: 004025E5
  • GetParent.USER32(?), ref: 004029EF
  • PostMessageA.USER32(00000000), ref: 004029F6
  • BeginPaint.USER32(?,?), ref: 00402A18
  • GetObjectA.GDI32(?,00000018,?), ref: 00402A2D
  • CreateCompatibleDC.GDI32(?), ref: 00402A34
  • SelectObject.GDI32(00000000,?), ref: 00402A49
  • BitBlt.GDI32(?,000000A4,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00402A6B
  • SetBkMode.GDI32(?,00000001), ref: 00402A74
  • SelectObject.GDI32 ref: 00402AA2
  • SetTextColor.GDI32(?,?), ref: 00402AAD
  • DrawTextA.USER32(?,00000000,00000001,?,00000010), ref: 00402AD9
  • SendMessageA.USER32(?,?,?,00000031), ref: 00402B06
  • SelectObject.GDI32(?,00000000), ref: 00402B0E
  • SetTextColor.GDI32(?,?), ref: 00402B15
  • DrawTextA.USER32(?,00000000,00000001,?,00000010), ref: 00402B39
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: ObjectText$LoadSelectStringWindow$ColorDrawLongMessageParent$BeginCompatibleCreateEnableHandleItemModeModulePaintPostSend
  • String ID: P$P
  • API String ID: 244043150-159270896
  • Opcode ID: 0b5c56052b6e088861df57ffb0dae977dcb7cadccd46b735322549dc434e5530
  • Instruction ID: 22879f3d36c47acabb7fac623b43478907f18231ba7b04a5e9b88ca75e0af537
  • Opcode Fuzzy Hash: 0b5c56052b6e088861df57ffb0dae977dcb7cadccd46b735322549dc434e5530
  • Instruction Fuzzy Hash: 7C515DB1545300AFE310DF64DD88FABBBB8FB89700F118919F645962D1C7B9E9048B6A

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 262 40ddb8-40dddc 263 40ddde-40dde5 262->263 264 40dde7-40ddeb 263->264 265 40dded-40ddf8 263->265 264->263 264->265 266 40df13-40df2e call 4079c7 265->266 267 40ddfe-40de06 265->267 268 40deeb-40df0d call 408cf0 GetStdHandle WriteFile 267->268 269 40de0c-40de0e 267->269 268->266 272 40de10-40de17 269->272 273 40de1d-40de23 269->273 272->268 272->273 273->266 276 40de29-40de41 GetModuleFileNameA 273->276 277 40de53-40de63 call 408cf0 276->277 278 40de43-40de52 call 4094c0 276->278 283 40de65-40de84 call 408cf0 call 40fb40 277->283 284 40de87-40dee9 call 408cf0 * 2 call 40e7b0 call 4094c0 call 4094d0 * 3 call 40fa3a 277->284 278->277 283->284 284->266
APIs
  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 0040DE39
  • _strcat.LIBCMT ref: 0040DE4C
  • _strlen.LIBCMT ref: 0040DE59
  • _strlen.LIBCMT ref: 0040DE68
  • _strncpy.LIBCMT ref: 0040DE7F
  • _strlen.LIBCMT ref: 0040DE88
  • _strlen.LIBCMT ref: 0040DE95
  • _strcat.LIBCMT ref: 0040DEB3
  • _strlen.LIBCMT ref: 0040DEFB
  • GetStdHandle.KERNEL32(000000F4,00417370,00000000,?,00000000,00000000,00000000,00000000), ref: 0040DF06
  • WriteFile.KERNEL32(00000000), ref: 0040DF0D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: _strlen$File_strcat$HandleModuleNameWrite_strncpy
  • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
  • API String ID: 3601721357-4022980321
  • Opcode ID: 9d9c39d55fb5ef02d3fda956b415a9302e2a082af4a0791697621d244d628f53
  • Instruction ID: 9556ef4061b35f536f7fe8a4e65467fadb46caa8c0ce1cee89d1a8fb73dc6ddb
  • Opcode Fuzzy Hash: 9d9c39d55fb5ef02d3fda956b415a9302e2a082af4a0791697621d244d628f53
  • Instruction Fuzzy Hash: C731E972940104ABEB24AB75DD85EEA3369EB44308F14443FF996E71C3DE3CA9458B6C

Control-flow Graph

APIs
  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00416DF0,00000118,004079AF,00000001,00000000,00416A88,00000008,0040DF24,00000000,00000000,00000000), ref: 00409AE1
  • _strcat.LIBCMT ref: 00409AF7
  • _strlen.LIBCMT ref: 00409B07
  • _strlen.LIBCMT ref: 00409B18
  • _strncpy.LIBCMT ref: 00409B32
  • _strlen.LIBCMT ref: 00409B3B
  • _strcat.LIBCMT ref: 00409B57
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: _strlen$_strcat$FileModuleName_strncpy
  • String ID: ...$8lA$<program name unknown>$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!$XlA
  • API String ID: 3058806289-574691917
  • Opcode ID: 716e73351b54766b154958a5399d6c6699f47c021146a8e2d5c0b39e74a618f7
  • Instruction ID: 6369ac5000f7328591a0f38c28325e99da4221049d6d0f3c6d0a615ba7077fbe
  • Opcode Fuzzy Hash: 716e73351b54766b154958a5399d6c6699f47c021146a8e2d5c0b39e74a618f7
  • Instruction Fuzzy Hash: 8131B171A452186BDB10AB618D42ACF37689B05318F15807FF454B72C3DB7CDE828BAD

Control-flow Graph

APIs
  • GetWindowLongA.USER32(?,000000EB), ref: 00402DCB
  • SetWindowLongA.USER32(?,000000EB,?), ref: 00402E03
    • Part of subcall function 00402800: SetDlgItemTextA.USER32(?,?,00000000), ref: 00402818
  • GetParent.USER32(?), ref: 00402E6D
  • PostMessageA.USER32(00000000), ref: 00402E7A
  • PostMessageA.USER32(?,00000401,00000000,00000000), ref: 00402EBE
  • GetParent.USER32(?), ref: 00402F52
  • SendMessageA.USER32(00000000), ref: 00402F5B
  • GetParent.USER32(?), ref: 00402FA4
  • SendMessageA.USER32(00000000), ref: 00402FA7
  • GetDlgItem.USER32(?,000003EB), ref: 00402FE6
  • SetWindowTextA.USER32(00000000), ref: 00402FE9
  • GetDlgItem.USER32(?,000003F2), ref: 00403001
  • SendMessageA.USER32(00000000), ref: 00403004
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: Message$ItemParentSendWindow$LongPostText
  • String ID:
  • API String ID: 924561885-0
  • Opcode ID: ba9532b82916fcb306d9a1587e00647bfc69fe6f1885d9564220f9d259de4f1a
  • Instruction ID: 153b5e66ff23b685011dedfcf8aa3685c2b8d58685209fc8c4c75602d689ad90
  • Opcode Fuzzy Hash: ba9532b82916fcb306d9a1587e00647bfc69fe6f1885d9564220f9d259de4f1a
  • Instruction Fuzzy Hash: C851E5727812106BE220AB64AC89FDB3758EB85726F11C537F300FA2D1C7F9954187AD

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 387 40b890-40b897 call 4091d1 390 40b8a1-40b8b2 GetModuleHandleA 387->390 391 40b899-40b8a0 call 40b6bb 387->391 393 40b8b4-40b8f5 GetProcAddress * 4 390->393 394 40b91f-40b932 FlsAlloc 390->394 393->394 396 40b8f7-40b91a 393->396 397 40b934-40b948 call 41018b 394->397 398 40b975-40b97a call 40b6bb 394->398 396->394 397->398 404 40b94a-40b959 FlsSetValue 397->404 403 40b97c-40b97e 398->403 404->398 405 40b95b-40b973 GetCurrentThreadId 404->405 405->403
APIs
  • GetModuleHandleA.KERNEL32(kernel32.dll,74DF0A60,00000000,00408964,?,00416B70,00000060), ref: 0040B8A8
  • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0040B8C0
  • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0040B8CD
  • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0040B8DA
  • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 0040B8E7
  • FlsAlloc.KERNEL32(0040B749,?,00416B70,00000060), ref: 0040B924
  • FlsSetValue.KERNEL32(00000000,?,00416B70,00000060), ref: 0040B951
  • GetCurrentThreadId.KERNEL32 ref: 0040B965
    • Part of subcall function 0040B6BB: FlsFree.KERNEL32(00000006,0040B97A,?,00416B70,00000060), ref: 0040B6C6
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: AddressProc$AllocCurrentFreeHandleModuleThreadValue
  • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
  • API String ID: 2355849793-282957996
  • Opcode ID: 842e721fe93683e2db75ae9bcdf27e3df195cafb2489c5eff036494e562882c9
  • Instruction ID: 4f28cf62eaf96c1c77dd52bbb5c0e5baa2f9bcabf52afa4c0216d0efba2f2e24
  • Opcode Fuzzy Hash: 842e721fe93683e2db75ae9bcdf27e3df195cafb2489c5eff036494e562882c9
  • Instruction Fuzzy Hash: FF2192B4981315AAC3209F35AC49A973EF4EB81B10712853BE864D33A1DB78D481CB9E

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 430 40f433-40f452 call 409600 433 40f454-40f467 CompareStringW 430->433 434 40f486-40f489 430->434 435 40f471-40f47a GetLastError 433->435 436 40f469-40f46f 433->436 437 40f49a-40f49f 434->437 438 40f48b-40f497 call 40f417 434->438 435->434 439 40f47c 435->439 436->434 441 40f4a1-40f4ab call 40f417 437->441 442 40f4ae-40f4b9 437->442 438->437 439->434 441->442 445 40f6f8-40f6fe 442->445 446 40f4bf-40f4c1 442->446 447 40f700-40f705 445->447 448 40f708-40f70d 445->448 446->445 450 40f4c7-40f4c9 446->450 447->448 451 40f715-40f723 call 4119be 448->451 452 40f70f 448->452 453 40f725-40f727 450->453 454 40f4cf-40f4db 450->454 451->453 467 40f729-40f72b 451->467 452->451 456 40f7a6-40f7b6 call 4079c7 call 40963b 453->456 457 40f4e6-40f4e9 454->457 458 40f4dd-40f4e3 454->458 460 40f4f3-40f4f6 457->460 461 40f4eb-40f4ed 457->461 458->457 465 40f4f8-40f4fa 460->465 466 40f4ff-40f501 460->466 461->460 464 40f59c-40f5b6 MultiByteToWideChar 461->464 464->453 471 40f5bc-40f5fc call 40e7b0 464->471 465->456 469 40f7a4 466->469 470 40f507-40f50a 466->470 472 40f776-40f792 CompareStringA 467->472 473 40f72d-40f746 call 411a01 467->473 469->456 476 40f514-40f523 GetCPInfo 470->476 477 40f50c-40f50f 470->477 492 40f616-40f62a MultiByteToWideChar 471->492 493 40f5fe-40f60d call 407a7c 471->493 472->469 479 40f794-40f7a3 call 407a8e * 2 472->479 473->453 484 40f748-40f762 call 411a01 473->484 476->453 481 40f529-40f52c 476->481 477->456 479->469 485 40f559-40f55c 481->485 486 40f52e-40f531 481->486 506 40f764-40f76b call 407a8e 484->506 507 40f76d-40f773 484->507 485->464 489 40f55e-40f561 485->489 486->477 491 40f533-40f53a 486->491 489->469 495 40f567-40f56e 489->495 491->477 499 40f53c-40f541 491->499 496 40f630-40f64c MultiByteToWideChar 492->496 497 40f6e1-40f6e5 492->497 493->453 510 40f613 493->510 495->469 504 40f574-40f579 495->504 496->497 505 40f652-40f68f call 40e7b0 496->505 502 40f6f0-40f6f3 497->502 503 40f6e7-40f6ef call 407a8e 497->503 499->477 508 40f543-40f54a 499->508 502->456 503->502 504->469 512 40f57f-40f586 504->512 525 40f691-40f69f call 407a7c 505->525 526 40f6a8-40f6bd MultiByteToWideChar 505->526 506->453 507->472 515 40f550-40f555 508->515 516 40f54c-40f54e 508->516 510->492 518 40f590-40f595 512->518 519 40f588-40f58a 512->519 515->499 522 40f557 515->522 516->465 516->515 518->504 524 40f597 518->524 519->465 519->518 522->477 524->469 525->497 532 40f6a1 525->532 528 40f6d4-40f6d8 526->528 529 40f6bf-40f6d1 CompareStringW 526->529 528->497 531 40f6da-40f6e0 call 407a8e 528->531 529->528 531->497 532->526
APIs
  • CompareStringW.KERNEL32(00000000,00000000,0041745C,00000001,0041745C,00000001,00417460,00000040,00409790,?,00000001,?,00000000,?,00000000,?), ref: 0040F45F
  • GetLastError.KERNEL32 ref: 0040F471
  • GetCPInfo.KERNEL32(?,?,00417460,00000040,00409790,?,00000001,?,00000000,?,00000000,?), ref: 0040F51B
  • MultiByteToWideChar.KERNEL32(?,00000009,00000000,?,00000000,00000000), ref: 0040F5A9
  • MultiByteToWideChar.KERNEL32(?,00000001,00000000,?,?,00000000), ref: 0040F622
  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 0040F63F
  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0040F6B5
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: ByteCharMultiWide$CompareErrorInfoLastString
  • String ID: \tA
  • API String ID: 1773772771-3496985394
  • Opcode ID: 3cd67a7171dcdeab2c00407a5e3cb0eafc8313b99ca3c0858f7c5b5fbc18dbd4
  • Instruction ID: f453ca0bf77c0eca6da511ff6eca57835fdb9af38f9d3d1a64c9961bb57ec003
  • Opcode Fuzzy Hash: 3cd67a7171dcdeab2c00407a5e3cb0eafc8313b99ca3c0858f7c5b5fbc18dbd4
  • Instruction Fuzzy Hash: D2B18A71900209ABCF31DF64DC80AEF7BB6AF48354F24413AF814B66E1D7398959CB5A

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 535 411448-41145c call 409600 538 411496-411499 535->538 539 41145e-411477 LCMapStringW 535->539 542 4114b6-4114be 538->542 543 41149b-41149e 538->543 540 411481-41148a GetLastError 539->540 541 411479-41147f 539->541 540->538 547 41148c 540->547 541->538 545 4116a0-4116ab 542->545 546 4114c4-4114c6 542->546 544 4114a1-4114a4 543->544 548 4114a6-4114a9 544->548 549 4114ae-4114b3 544->549 551 4116b5-4116b8 545->551 552 4116ad-4116b2 545->552 546->545 550 4114cc-4114cf 546->550 547->538 548->544 555 4114ab 548->555 549->542 556 4116d3-4116d5 550->556 557 4114d5-4114e3 550->557 553 4116c2-4116d1 call 4119be 551->553 554 4116ba-4116bf 551->554 552->551 553->556 565 4116da-4116dd 553->565 554->553 555->549 559 4117fb-411803 call 40963b 556->559 560 4114e5-4114ea 557->560 561 4114ed-411515 MultiByteToWideChar 557->561 560->561 561->556 564 41151b-41155c call 40e7b0 561->564 577 41157a-411591 MultiByteToWideChar 564->577 578 41155e-41156d call 407a7c 564->578 568 4117d1-4117e9 LCMapStringA 565->568 569 4116e3-4116fd call 411a01 565->569 571 4117eb-4117ee 568->571 569->556 582 4116ff-411718 LCMapStringA 569->582 574 4117f0-4117f8 call 407a8e 571->574 575 4117f9 571->575 574->575 575->559 579 411597-4115b0 LCMapStringW 577->579 580 41167d-411680 577->580 578->556 591 411573 578->591 579->580 585 4115b6-4115ba 579->585 587 411682-41168a call 407a8e 580->587 588 41168b-41168e 580->588 589 4117c0 582->589 590 41171e-411757 call 40e7b0 call 410c80 582->590 592 4115e9-41162a call 40e7b0 585->592 593 4115bc-4115bf 585->593 587->588 595 411690-411698 call 407a8e 588->595 596 411699-41169b 588->596 598 4117c3-4117c6 589->598 616 411759-411766 call 407a7c 590->616 617 41177c-411797 LCMapStringA 590->617 591->577 614 411644-41165a LCMapStringW 592->614 615 41162c-41163b call 407a7c 592->615 593->580 599 4115c5-4115c8 593->599 595->596 596->559 598->571 604 4117c8-4117cf call 407a8e 598->604 599->580 605 4115ce-4115e4 LCMapStringW 599->605 604->571 605->580 614->580 618 41165c-411661 614->618 615->580 629 41163d 615->629 623 411799-41179b 616->623 630 411768-411775 call 410c80 616->630 617->623 624 41179d-4117be call 411a01 617->624 621 411663-411665 618->621 622 411667-41166a 618->622 627 41166d-41167b WideCharToMultiByte 621->627 622->627 623->598 624->598 627->580 629->614 630->617
APIs
  • LCMapStringW.KERNEL32(00000000,00000100,0041745C,00000001,00000000,00000000,00417BE8,00000038,0040EDBF,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 0041146F
  • GetLastError.KERNEL32 ref: 00411481
  • MultiByteToWideChar.KERNEL32(?,00000000,0040F06C,?,00000000,00000000,00417BE8,00000038,0040EDBF,00000100,00000020,00000100,?,00000100,00000000,00000001), ref: 00411508
  • MultiByteToWideChar.KERNEL32(?,00000001,0040F06C,?,?,00000000), ref: 00411589
  • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 004115A3
  • LCMapStringW.KERNEL32(00000000,00000000,?,00000000,?,?), ref: 004115DE
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: String$ByteCharMultiWide$ErrorLast
  • String ID:
  • API String ID: 1775797328-0
  • Opcode ID: 7500d3814ce86f90ecc1c80004a37bcc7f227be7e99e2ab52b6e6e1d636db2fa
  • Instruction ID: e501de3142710ab72aca8db4a94106df26d4581f24121dbec88b4d1c59af6d7d
  • Opcode Fuzzy Hash: 7500d3814ce86f90ecc1c80004a37bcc7f227be7e99e2ab52b6e6e1d636db2fa
  • Instruction Fuzzy Hash: 2CB16A72800119EFCF119FA5DC859EE7FB5FF08314F14422AFA11A22B0D73A8991DB59
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: _strcat$___shr_12
  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?
  • API String ID: 1152255961-4131533671
  • Opcode ID: d0f9bebc3e0b5879999ed594692f0eb689094ff72ef74955053468ceac4cd302
  • Instruction ID: fbbb926ae87ae7e7875fa954d87e3d24e7c8dd571a029acfa38f3f0e953704e6
  • Opcode Fuzzy Hash: d0f9bebc3e0b5879999ed594692f0eb689094ff72ef74955053468ceac4cd302
  • Instruction Fuzzy Hash: 8B81473190429ADECF11CF68CA447EFBBB4AF15314F08455BD850EB282D3BC9695C7A9
APIs
  • SetCurrentDirectoryA.KERNEL32(?,75C07310), ref: 00404D8E
  • GetModuleHandleA.KERNEL32(00000000,?,00000104), ref: 00404DBF
  • GetModuleFileNameA.KERNEL32(00000000), ref: 00404DC6
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: Module$CurrentDirectoryFileHandleName
  • String ID: Version$_tmp.lst$cA$cA
  • API String ID: 2422855355-908956957
  • Opcode ID: 90f1acc147739569dd306498f84c7b11defd0b5181f2323722fc58469ac9517c
  • Instruction ID: 20f7632d7ca669d49278bb83e8d4429339806a960b61680dc29511b5aaf558e6
  • Opcode Fuzzy Hash: 90f1acc147739569dd306498f84c7b11defd0b5181f2323722fc58469ac9517c
  • Instruction Fuzzy Hash: 815128F2A442015BD710AF75DC82BE73799AB94308F05843EF684A72D1EB7EE844879D
APIs
    • Part of subcall function 00407957: __lock.LIBCMT ref: 00407965
  • _strlen.LIBCMT ref: 004077A4
  • _strlen.LIBCMT ref: 004077AE
  • _strlen.LIBCMT ref: 004077E5
  • _strlen.LIBCMT ref: 00407829
  • __lock.LIBCMT ref: 00407834
    • Part of subcall function 004095B8: GetFileAttributesA.KERNEL32(?,00407790,00416344,00000000,00416A68,00000018,0040118A,00000000,0041631C), ref: 004095BC
    • Part of subcall function 004095B8: GetLastError.KERNEL32 ref: 004095C7
    • Part of subcall function 004076BD: _strlen.LIBCMT ref: 004076C4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: _strlen$__lock$AttributesErrorFileLast
  • String ID: DcA$TMP$`jA
  • API String ID: 351179414-638715301
  • Opcode ID: 36ca2fd140b69415399beb5e6e155353026329d0170d7fb14dd6e51057c7e4d4
  • Instruction ID: 9134932beb1d59c434516de18aa6b7f88b04ebb7f740466bf423273f4d56e2f2
  • Opcode Fuzzy Hash: 36ca2fd140b69415399beb5e6e155353026329d0170d7fb14dd6e51057c7e4d4
  • Instruction Fuzzy Hash: 9341D532D0C214AADB117B79AC8599E77A89B44724F20813FF814B72D3DB3DAD41C66E
APIs
  • GetWindowLongA.USER32(?,000000EB), ref: 00402BF8
  • SetWindowLongA.USER32(?,000000EB,?), ref: 00402C5A
  • SetDlgItemTextA.USER32(?,000003EB,?), ref: 00402C83
  • GetDlgItem.USER32(?,000003EF), ref: 00402CC2
  • PostMessageA.USER32(00000000), ref: 00402CC9
  • GetParent.USER32(?), ref: 00402D02
  • PostMessageA.USER32(00000000), ref: 00402D09
  • SetWindowLongA.USER32(?,00000000,00000000), ref: 00402D21
  • SetWindowLongA.USER32(?,00000000,00000000), ref: 00402D3D
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: LongWindow$ItemMessagePost$ParentText
  • String ID:
  • API String ID: 2030907363-0
  • Opcode ID: 9c85f70c69935a3bb1c0c7333be135160b1028d9990b748b1218995beb5a9296
  • Instruction ID: 94932775fae8be0abf97b13faf2facce45c9619a957726997e20e8594440b62a
  • Opcode Fuzzy Hash: 9c85f70c69935a3bb1c0c7333be135160b1028d9990b748b1218995beb5a9296
  • Instruction Fuzzy Hash: 6F31F8712452107BE224AF24EE5DFAF3624AF44711F11463AF603BA2E1C7F9E941865E
APIs
  • GetParent.USER32(?), ref: 004010AA
  • GetDesktopWindow.USER32 ref: 004010B4
  • GetWindowRect.USER32(00000000,?), ref: 004010C6
  • GetWindowRect.USER32(?,?), ref: 004010CE
  • CopyRect.USER32(?,?), ref: 004010DA
  • OffsetRect.USER32(?,?,?), ref: 004010F9
  • OffsetRect.USER32(?,?,?), ref: 0040110E
  • OffsetRect.USER32(?,?,?), ref: 00401123
  • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000001), ref: 0040114E
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: Rect$Window$Offset$CopyDesktopParent
  • String ID:
  • API String ID: 2348473813-0
  • Opcode ID: c8576846493e218eaed216aa708f03b4bf9fb02ebb79cc66744ae1a92cd105c3
  • Instruction ID: 1d5e5209b31ca77a221acda3d24f05bfdf7c58e6a9b7de32b7fb6423d84c3733
  • Opcode Fuzzy Hash: c8576846493e218eaed216aa708f03b4bf9fb02ebb79cc66744ae1a92cd105c3
  • Instruction Fuzzy Hash: 2D215EB6204212AFD304DB28CC45EBBBBFCEBC8714F058A1DB995D3250D774E9058BA2
APIs
  • GetCPInfo.KERNEL32(00000000,?,00417C20,00000038,00411987,?,00000000,00000000,0040F06C,00000000,00000000,00417C10,0000001C,0040ED9B,00000001,00000020), ref: 00411A3F
  • GetCPInfo.KERNEL32(00000000,00000001), ref: 00411A52
  • _strlen.LIBCMT ref: 00411A76
  • MultiByteToWideChar.KERNEL32(00000000,00000001,0040F06C,?,00000000,00000000), ref: 00411A97
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: Info$ByteCharMultiWide_strlen
  • String ID:
  • API String ID: 1335377746-0
  • Opcode ID: df905bccd217f0533936ad5c150dee55dc6ca993ab886562f8dabfc8d16ecb37
  • Instruction ID: 7ccb309f8263eb8d0839f15ea6913aeda40b4f9e6f80d3d0390b434f762a6695
  • Opcode Fuzzy Hash: df905bccd217f0533936ad5c150dee55dc6ca993ab886562f8dabfc8d16ecb37
  • Instruction Fuzzy Hash: 2C515B71905208BACF20DF65EC84DEF7FB9EF44750B20412BF515A22A0E7355981CA68
APIs
  • GetEnvironmentStringsW.KERNEL32(74DF0A60,00000000,?,?,?,?,00408999,?,00416B70,00000060), ref: 0040E41A
  • GetLastError.KERNEL32(?,?,?,?,00408999,?,00416B70,00000060), ref: 0040E42E
  • GetEnvironmentStringsW.KERNEL32(74DF0A60,00000000,?,?,?,?,00408999,?,00416B70,00000060), ref: 0040E450
  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,74DF0A60,00000000,?,?,?,?,00408999), ref: 0040E484
  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,00408999,?,00416B70,00000060), ref: 0040E4A6
  • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,00408999,?,00416B70,00000060), ref: 0040E4BF
  • GetEnvironmentStrings.KERNEL32(74DF0A60,00000000,?,?,?,?,00408999,?,00416B70,00000060), ref: 0040E4D5
  • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0040E511
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: EnvironmentStrings$ByteCharFreeMultiWide$ErrorLast
  • String ID:
  • API String ID: 883850110-0
  • Opcode ID: fefadad9f569c73f73baeb113ad66cabbbf7e9f9be594875f164df031ab9a7ba
  • Instruction ID: 655f5fbbd0d52f626ea345bcb0820678003f703b227bd77f3f42964eb1d46a23
  • Opcode Fuzzy Hash: fefadad9f569c73f73baeb113ad66cabbbf7e9f9be594875f164df031ab9a7ba
  • Instruction Fuzzy Hash: F33128B26092247FD7206F669C8487B7A9CEB483587160D3FF541E33C1E6399C54866E
APIs
    • Part of subcall function 004024F0: GetModuleHandleA.KERNEL32(00000000), ref: 00402530
    • Part of subcall function 004024F0: LoadStringA.USER32(00400000,00000074,00000000,00000104), ref: 0040257F
    • Part of subcall function 004024F0: LoadStringA.USER32(00400000,0000007E,00000000,00000104), ref: 004025D2
    • Part of subcall function 004024F0: LoadStringA.USER32(00400000,?,00000000,00000104), ref: 004025E5
  • GetDlgItem.USER32(?,00000002), ref: 004059FC
  • SetWindowTextA.USER32(00000000), ref: 004059FF
  • GetDlgItem.USER32(?,00003023), ref: 00405A16
  • SetWindowTextA.USER32(00000000), ref: 00405A19
  • GetDlgItem.USER32(?,00003024), ref: 00405A30
  • SetWindowTextA.USER32(00000000), ref: 00405A33
  • GetDlgItem.USER32(?,00003025), ref: 00405A4A
  • SetWindowTextA.USER32(00000000), ref: 00405A4D
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: ItemTextWindow$LoadString$HandleModule
  • String ID:
  • API String ID: 1877859056-0
  • Opcode ID: aa1efcd8fbf2ecc5397101dd18819f0525c2247cc791af7d8da81518bc5ba239
  • Instruction ID: 31ed77bc2ba356e3a60ab543aaa4e261ba2b43719891e902020b9ffd539667e0
  • Opcode Fuzzy Hash: aa1efcd8fbf2ecc5397101dd18819f0525c2247cc791af7d8da81518bc5ba239
  • Instruction Fuzzy Hash: 6F014B95B416053AF920B2626D8AE7B124CDFC1748F055035BA04F62C3E969ED04D9BA
APIs
  • SendMessageA.USER32(00000000,00000402,?,00000001), ref: 00403148
  • GetParent.USER32(00000000), ref: 0040315A
  • PeekMessageA.USER32(?,00000000), ref: 00403166
  • TranslateMessage.USER32(?), ref: 00403171
  • DispatchMessageA.USER32(?), ref: 0040317C
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: Message$DispatchParentPeekSendTranslate
  • String ID:
  • API String ID: 3331897827-0
  • Opcode ID: 0a7901d0f28ce4b88b6138eb05b59d70e1493f11db9489fa5c8dde549eca77d9
  • Instruction ID: 88a43685e8475d66d1d43d6bc9e086ba4b81d71c4740b98afd8074aeeb39bcfb
  • Opcode Fuzzy Hash: 0a7901d0f28ce4b88b6138eb05b59d70e1493f11db9489fa5c8dde549eca77d9
  • Instruction Fuzzy Hash: B721D3B1A00200ABD610DF68EC49FD73B6CAB48705F01C439F945E72D2DB79D904CBAA
APIs
  • GetStringTypeW.KERNEL32(00000001,0041745C,00000001,?,00417C10,0000001C,0040ED9B,00000001,00000020,00000100,?,00000000), ref: 00411828
  • GetLastError.KERNEL32 ref: 0041183A
  • MultiByteToWideChar.KERNEL32(?,00000000,00000000,0040F06C,00000000,00000000,00417C10,0000001C,0040ED9B,00000001,00000020,00000100,?,00000000), ref: 0041189C
  • MultiByteToWideChar.KERNEL32(?,00000001,00000000,0040F06C,?,00000000), ref: 0041191A
  • GetStringTypeW.KERNEL32(00000000,?,00000000,?,?,00000000), ref: 0041192C
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: ByteCharMultiStringTypeWide$ErrorLast
  • String ID:
  • API String ID: 3581945363-0
  • Opcode ID: 630e2ff407345983f3c8f50ed9ed23a7970ac2ad09787e8825604be7bcaf8d69
  • Instruction ID: 295eb3711a1cec089e8d65110d8bbbcfa247695750cc4065bddd10cbeed20c78
  • Opcode Fuzzy Hash: 630e2ff407345983f3c8f50ed9ed23a7970ac2ad09787e8825604be7bcaf8d69
  • Instruction Fuzzy Hash: A741A3B1910215ABCB219F54DC45BEF3F75FF08760F11811AFA20A62A0D739C991CBAD
APIs
  • GetFileAttributesA.KERNEL32(?,?,00000010,00000000), ref: 00403265
  • RemoveDirectoryA.KERNEL32(?), ref: 00403275
  • DeleteFileA.KERNEL32(?), ref: 00403292
  • MoveFileA.KERNEL32(?,?), ref: 0040329E
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: File$AttributesDeleteDirectoryMoveRemove
  • String ID:
  • API String ID: 3889263473-0
  • Opcode ID: 14adb24699c5a3ea0f4c09c00a3d1c5ad65e01b372871009e2a8ae7bf176e7ce
  • Instruction ID: 2e4db3c983e2b9d778b7a80dba7d2dbb4be1ac2cfdbc1a47f8f46cc314c6faa1
  • Opcode Fuzzy Hash: 14adb24699c5a3ea0f4c09c00a3d1c5ad65e01b372871009e2a8ae7bf176e7ce
  • Instruction Fuzzy Hash: A92122755042414BCB209B2CD880AEABFD9FFD9312F40897EE5C593290DB35A849CB55
APIs
  • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000,00000000,00000000), ref: 00404FF7
  • GetFileTime.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004054BE), ref: 0040500F
  • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 0040501F
  • LocalFileTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004054BE), ref: 0040502F
  • SetFileTime.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004054BE), ref: 00405043
  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004054BE), ref: 0040504A
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: FileTime$CloseCreateDateHandleLocal
  • String ID:
  • API String ID: 3223929235-0
  • Opcode ID: 2d46b5975cc2ce7942537bbeeacee6b31a030980f46be93c0894216462b6dbdf
  • Instruction ID: 698c527d527979dded79a6d49355071938a265eb5b9f2e7d933bf4b563ebd962
  • Opcode Fuzzy Hash: 2d46b5975cc2ce7942537bbeeacee6b31a030980f46be93c0894216462b6dbdf
  • Instruction Fuzzy Hash: 8F016D72104202BBD315DB54DC89FEB7BBCEBCD701F02892DF64696090E674E6098B6A
APIs
  • CreateFileA.KERNEL32(80000000,80000000,?,0000000C,00000001,00000080,00000000,?,00000000,00000000), ref: 0041102E
  • GetFileType.KERNEL32(00000000), ref: 0041103B
  • CloseHandle.KERNEL32(00000000), ref: 00411046
  • GetLastError.KERNEL32 ref: 0041104C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: File$CloseCreateErrorHandleLastType
  • String ID: H
  • API String ID: 1809617866-2852464175
  • Opcode ID: c613ce2309d72010ed189a3fba096a1b36008a1c3b9bc09336b25cea9d3545f5
  • Instruction ID: 4cf4fdc350756edd3dbabb610dc58b9381b3536f0afc2c0bcf99cea2681ea35d
  • Opcode Fuzzy Hash: c613ce2309d72010ed189a3fba096a1b36008a1c3b9bc09336b25cea9d3545f5
  • Instruction Fuzzy Hash: 75812631D042449AEF318FA9C8863EE7F60AF05314F24816BE651A72E1C7FD49C6C75A
APIs
  • GetModuleHandleA.KERNEL32(00000000), ref: 00402530
  • LoadStringA.USER32(00400000,00000074,00000000,00000104), ref: 0040257F
  • LoadStringA.USER32(00400000,0000007E,00000000,00000104), ref: 004025D2
  • LoadStringA.USER32(00400000,?,00000000,00000104), ref: 004025E5
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: LoadString$HandleModule
  • String ID: %.1f GB
  • API String ID: 2805868756-2699307892
  • Opcode ID: 0ae76df34413e72c4fc0bf0ac24221507009f186c8d6e540469d7b616e4ed6a2
  • Instruction ID: d2b4171668ebd6ac41c4d3d64570f83977e2be7838a0572c971ed6f94027f41d
  • Opcode Fuzzy Hash: 0ae76df34413e72c4fc0bf0ac24221507009f186c8d6e540469d7b616e4ed6a2
  • Instruction Fuzzy Hash: B16149B1A042019FD714DF28CC95BA77BE5EB88308F00857EF989A73D1D679D908CB59
APIs
  • RegOpenKeyExA.ADVAPI32(80000001,004162E0,00000000,00020019,?), ref: 00403C31
  • RegQueryValueExA.ADVAPI32(?,Menu,00000000,00000000,?,004163F0), ref: 00403C59
  • RegCloseKey.ADVAPI32(?,?,?), ref: 00403C8D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: CloseOpenQueryValue
  • String ID: Menu$bA
  • API String ID: 3677997916-221589770
  • Opcode ID: cea780c703da7b577b62e6cf8628cfd840e09aee68383d36fd56fbefcf6c68d3
  • Instruction ID: f740fdd0b2f5436480c900ff048248449d1a59bc88ebe77419cc3bdc2c1634f0
  • Opcode Fuzzy Hash: cea780c703da7b577b62e6cf8628cfd840e09aee68383d36fd56fbefcf6c68d3
  • Instruction Fuzzy Hash: 3B316FB1508341EFD320DF54D884EABBBE9FB88714F048A2EF49993291D678D948CB56
APIs
  • GetModuleHandleA.KERNEL32(mscoree.dll,004099A1,?,00416BF8,00000008,004099D8,?,00000001,00000000,00409BA7,00000003), ref: 00409838
  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00409848
  • ExitProcess.KERNEL32 ref: 0040985C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: AddressExitHandleModuleProcProcess
  • String ID: CorExitProcess$mscoree.dll
  • API String ID: 75539706-1276376045
  • Opcode ID: 8ff3fdd13ca1654cc71805c583079bdc0bb7141a8302040be4514168fe72eb4d
  • Instruction ID: bf1979f40bcdec5e68165e847ed72e43062f48eea110b7c7ff376c1848d68f78
  • Opcode Fuzzy Hash: 8ff3fdd13ca1654cc71805c583079bdc0bb7141a8302040be4514168fe72eb4d
  • Instruction Fuzzy Hash: 6DD0C930388310BBDA103F61DD0DA9A3B69EE51B02703C83AB509E05A1CB39CC049A1D
APIs
  • VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,?,0040968D,?), ref: 0040F2A1
  • InterlockedExchange.KERNEL32(0041D578,00000001), ref: 0040F31F
  • InterlockedExchange.KERNEL32(0041D578,00000000), ref: 0040F384
  • InterlockedExchange.KERNEL32(0041D578,00000001), ref: 0040F3A8
  • InterlockedExchange.KERNEL32(0041D578,00000000), ref: 0040F408
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: ExchangeInterlocked$QueryVirtual
  • String ID:
  • API String ID: 2947987494-0
  • Opcode ID: 3f6a6c87dcefa9beee3a0edc8ac0d04f589666c03ded2b260142037206b99444
  • Instruction ID: 3596d50ad3538eecfe47f3413320adc4075bb916e4d9bfcac01044e460a32265
  • Opcode Fuzzy Hash: 3f6a6c87dcefa9beee3a0edc8ac0d04f589666c03ded2b260142037206b99444
  • Instruction Fuzzy Hash: 9751F370A00611AFCB34CF68E98076A77A2EB95328F64817BDC01E7AD1D779DC4AC64C
APIs
  • GetStartupInfoA.KERNEL32(?), ref: 0040E57D
  • GetFileType.KERNEL32(?), ref: 0040E627
  • GetStdHandle.KERNEL32(-000000F6), ref: 0040E6A8
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: FileHandleInfoStartupType
  • String ID:
  • API String ID: 2461013171-0
  • Opcode ID: a57e93b85aa2e666f38dea34e6425742282f818c7e8a0483c5dc51b21d93faed
  • Instruction ID: 877d95bb6f2b2cdc1c03265e5144728a9bd8d4b4cb62a1fec28481b88e9ff415
  • Opcode Fuzzy Hash: a57e93b85aa2e666f38dea34e6425742282f818c7e8a0483c5dc51b21d93faed
  • Instruction Fuzzy Hash: B45105B06043118FD710CB2AEC88B667BE4BB21328F548E3ED5A6E72E1D739D425C719
APIs
  • GetFileAttributesA.KERNEL32(?), ref: 00401452
  • GetFileAttributesA.KERNEL32(?), ref: 004014AD
  • CreateDirectoryA.KERNEL32(?,00000000), ref: 00401528
  • GetLastError.KERNEL32 ref: 00401532
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: AttributesFile$CreateDirectoryErrorLast
  • String ID:
  • API String ID: 3262623940-0
  • Opcode ID: 288893a92d70ea11fbed4adbc94174df08d8f7fa7795859a469b0c802357adfd
  • Instruction ID: d575d47d630af27eaecd897a2380ae1ec0285fad31ecffab962701400a0d74df
  • Opcode Fuzzy Hash: 288893a92d70ea11fbed4adbc94174df08d8f7fa7795859a469b0c802357adfd
  • Instruction Fuzzy Hash: F84169316082854BC7268B3C98907EBFBD1BFD9300F548A3DE4C9973A1D7399909C795
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 8e539b2a72c228aaf10fb502fff0a563492546efb04520e8a1756cfa00767e76
  • Instruction ID: df89a2aa0f6f14b427477cbff43780a6d7a42b381ae2d919b72067db90ba72e1
  • Opcode Fuzzy Hash: 8e539b2a72c228aaf10fb502fff0a563492546efb04520e8a1756cfa00767e76
  • Instruction Fuzzy Hash: DA41A3B1E001259ACF20BF678C848AF7A74FA453647144A3FF814B62D2D63C4D61CE9D
APIs
  • SendMessageA.USER32(00000000,00000402,?,00000001), ref: 00401057
  • GetParent.USER32(00000000), ref: 0040106A
  • PeekMessageA.USER32(?,00000000), ref: 00401076
  • TranslateMessage.USER32(?), ref: 00401081
  • DispatchMessageA.USER32(?), ref: 0040108C
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: Message$DispatchParentPeekSendTranslate
  • String ID:
  • API String ID: 3331897827-0
  • Opcode ID: 5267fb8fcab80c46d388f4cbd41f13e45b912ad3d2a29f8215c74737aef93ac2
  • Instruction ID: a17afffb3d96a8fdaacc45f33f986ceba3c6cbb73f1f12e30e24c07d71915b53
  • Opcode Fuzzy Hash: 5267fb8fcab80c46d388f4cbd41f13e45b912ad3d2a29f8215c74737aef93ac2
  • Instruction Fuzzy Hash: 75012D31340200ABC3119B5CDC84FEB3B79EB85700F45C469F944A72A5C734D445C7A9
APIs
  • GetLastError.KERNEL32(?,00000000,00408726,004092E6,00000000,00416BB0,00000008,0040933D,?,?,?,004101D4,00000004,00417520,00000010,0040B942), ref: 0040B6DA
  • FlsGetValue.KERNEL32(?,004101D4,00000004,00417520,00000010,0040B942,00000001,0000008C,?,00416B70,00000060), ref: 0040B6E8
  • SetLastError.KERNEL32(00000000,?,004101D4,00000004,00417520,00000010,0040B942,00000001,0000008C,?,00416B70,00000060), ref: 0040B73E
    • Part of subcall function 0041018B: __lock.LIBCMT ref: 004101CF
    • Part of subcall function 0041018B: HeapAlloc.KERNEL32(00000008,?,00417520,00000010,0040B942,00000001,0000008C,?,00416B70,00000060), ref: 0041020D
  • FlsSetValue.KERNEL32(00000000,?,004101D4,00000004,00417520,00000010,0040B942,00000001,0000008C,?,00416B70,00000060), ref: 0040B70F
  • GetCurrentThreadId.KERNEL32 ref: 0040B727
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLastValue$AllocCurrentHeapThread__lock
  • String ID:
  • API String ID: 3368326513-0
  • Opcode ID: 46fe1aee2752fe57b5c8a0fb279c590aad4492ae2231f72010d9e1110cd1e253
  • Instruction ID: 4b85de4510ce8ad36b25c61dbd83d3a545ebdbf3b77974f264e1f540f6bc4dd9
  • Opcode Fuzzy Hash: 46fe1aee2752fe57b5c8a0fb279c590aad4492ae2231f72010d9e1110cd1e253
  • Instruction Fuzzy Hash: 0EF0FC715417219FD3302F609C4D6967BA0EF10B61B00813AF842AB2D1DB74C84087DC
APIs
  • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00409A15
  • GetCurrentProcessId.KERNEL32 ref: 00409A21
  • GetCurrentThreadId.KERNEL32 ref: 00409A29
  • GetTickCount.KERNEL32 ref: 00409A31
  • QueryPerformanceCounter.KERNEL32(?), ref: 00409A3D
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
  • String ID:
  • API String ID: 1445889803-0
  • Opcode ID: 51e50a0f5f891b8e50a09473fab69b8b1abed8aa4235313e638a009434c341db
  • Instruction ID: 44a6c36aecf035784f5715053a0d954692115e59a76a4f970477b50628fca2aa
  • Opcode Fuzzy Hash: 51e50a0f5f891b8e50a09473fab69b8b1abed8aa4235313e638a009434c341db
  • Instruction Fuzzy Hash: BAF0F976D40124ABCB10ABB4ED4C4DAB7F9BB0D2547828A71D801F7252EB34E9408E98
APIs
  • RegCreateKeyExA.ADVAPI32(80000001,004162E0,00000000,0041631C,00000000,0002001F,00000000,?,00000000), ref: 004016FC
  • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?,?), ref: 0040172A
  • RegCloseKey.ADVAPI32(?), ref: 00401735
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: CloseCreateValue
  • String ID: bA
  • API String ID: 1818849710-2988567743
  • Opcode ID: 22a2ef07bb209c28082b178d8d1acb62bc2069339965823525f29f13e4ea0fbe
  • Instruction ID: 8c9570fcc09950f71b19103caa4bb8ca43dd5b320a206a174d652753a827ad22
  • Opcode Fuzzy Hash: 22a2ef07bb209c28082b178d8d1acb62bc2069339965823525f29f13e4ea0fbe
  • Instruction Fuzzy Hash: 3F0131B5344300BFE214CB54DC49FA777A8EB88B41F208519FA4AE72D1C6B5E8008769
APIs
  • RegCreateKeyExA.ADVAPI32(80000001,004162E0,00000000,0041631C,00000000,0002001F,00000000,?,00000000), ref: 0040177C
  • RegSetValueExA.ADVAPI32(?,?,00000000,00000004,?,00000004), ref: 00401799
  • RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,?,00000004), ref: 004017A3
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: CloseCreateValue
  • String ID: bA
  • API String ID: 1818849710-2988567743
  • Opcode ID: a97b988e1cc6f03e3dca354447292589402b65b3374c58577b133f04067690c3
  • Instruction ID: ac0ee5c4ebc35aaff8fba227fbd829580f352157df5a2a79e4757c61f40a7cd8
  • Opcode Fuzzy Hash: a97b988e1cc6f03e3dca354447292589402b65b3374c58577b133f04067690c3
  • Instruction Fuzzy Hash: F9F0FEB1354300BBE224DB50DC85FA777A8E788B05F10491CF756DA1D1D7B4E804DB69
APIs
  • GetModuleHandleA.KERNEL32(kernel32.dll,00417430,00000010,004091FC,00000000,00000FA0,74DF0A60,00000000,0040B895,00408964,?,00416B70,00000060), ref: 0040EB62
  • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 0040EB72
Strings
  • kernel32.dll, xrefs: 0040EB5D
  • InitializeCriticalSectionAndSpinCount, xrefs: 0040EB6C
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: AddressHandleModuleProc
  • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
  • API String ID: 1646373207-3733552308
  • Opcode ID: b0befe1f6837614d4d162a3a464b8019f6ef29f97255d677de6a0bcb5f0a3c1c
  • Instruction ID: bfea853bca8f26b70a02161b3352be2727edca992b34141a366c86b478d5717c
  • Opcode Fuzzy Hash: b0befe1f6837614d4d162a3a464b8019f6ef29f97255d677de6a0bcb5f0a3c1c
  • Instruction Fuzzy Hash: 8AF09074A01201EECB10DF668E457DA3BB5AB04718F10893AE816F12E1D33CD552C61C
APIs
  • GetModuleHandleA.KERNEL32(KERNEL32,00408438), ref: 0040C816
  • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0040C826
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: AddressHandleModuleProc
  • String ID: IsProcessorFeaturePresent$KERNEL32
  • API String ID: 1646373207-3105848591
  • Opcode ID: 073a3e34ed54fc33ad4a9207902d2b6245457e3f82a9e0e2d1ff065f75436b0f
  • Instruction ID: 2debe05a00c16bf4d9613cc2e82619b3f19ec8fb160d241433d8386774c5d84c
  • Opcode Fuzzy Hash: 073a3e34ed54fc33ad4a9207902d2b6245457e3f82a9e0e2d1ff065f75436b0f
  • Instruction Fuzzy Hash: 84C01230385302E6DA202FA06C4DB9A241C4B04B02F22A536B409E20C4EB78C001C42E
APIs
  • ReadFile.KERNEL32(0000010C,0000010C,00000000,0000010C,00000000,?,?,?), ref: 0040CADE
  • GetLastError.KERNEL32 ref: 0040CAE8
  • ReadFile.KERNEL32(?,?,00000001,0000010C,00000000), ref: 0040CBB1
  • GetLastError.KERNEL32 ref: 0040CBBB
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorFileLastRead
  • String ID:
  • API String ID: 1948546556-0
  • Opcode ID: aa9b3a1f40adbd0f17cf56d9d54329394b949427839ce75d4eba0acd9219d290
  • Instruction ID: b3187db998e4669a9eb899b538ef16091dee90a079824aa07fbe8367259a49a3
  • Opcode Fuzzy Hash: aa9b3a1f40adbd0f17cf56d9d54329394b949427839ce75d4eba0acd9219d290
  • Instruction Fuzzy Hash: BF61C570508389DFEB21CF58D8C579A7BB0AF01304F1486ABE865AB2D2D778D941CB59
APIs
  • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001), ref: 0040A937
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: FileWrite
  • String ID:
  • API String ID: 3934441357-0
  • Opcode ID: bede0b8de7aa8927857555564aca62c2c18337b1238ce60098a0945d5f51bc0a
  • Instruction ID: 394e449a60f15ee434e7435b4faf5075909b4133dd9c4be581ded974f8d63616
  • Opcode Fuzzy Hash: bede0b8de7aa8927857555564aca62c2c18337b1238ce60098a0945d5f51bc0a
  • Instruction Fuzzy Hash: F3516171A00348DFDB22DFA9CC84ADDBBB8FF45304F25452AE895AB292D7349911CF16
APIs
  • __lock.LIBCMT ref: 0040FF75
    • Part of subcall function 00409324: EnterCriticalSection.KERNEL32(?,?,?,004101D4,00000004,00417520,00000010,0040B942,00000001,0000008C,?,00416B70,00000060), ref: 0040934C
  • __lock.LIBCMT ref: 0040FFC1
  • EnterCriticalSection.KERNEL32(0000008C,004174F8,00000014,00410FEA,?,00000000,00000000), ref: 0041000B
  • LeaveCriticalSection.KERNEL32(0000008C), ref: 00410018
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: CriticalSection$Enter__lock$Leave
  • String ID:
  • API String ID: 885841014-0
  • Opcode ID: 0c7de5a7f759fee4002445e5bbc2df844e8c3a444a9cbdda817f5c12c30115ee
  • Instruction ID: f9a48345565b425f68b81e278b97ef46bb6627708926227300bc14f67d9e95f3
  • Opcode Fuzzy Hash: 0c7de5a7f759fee4002445e5bbc2df844e8c3a444a9cbdda817f5c12c30115ee
  • Instruction Fuzzy Hash: 404128719043168AC7249F75E8457AA7BA0AF05338F24823FE165A72E1CBBC99C1CB1D
APIs
  • CreateDirectoryA.KERNEL32(?,00000000), ref: 004012BD
  • GetLastError.KERNEL32 ref: 004012CB
  • CreateDirectoryA.KERNEL32(?,00000000), ref: 00401356
  • GetLastError.KERNEL32 ref: 004013D5
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: CreateDirectoryErrorLast
  • String ID:
  • API String ID: 1375471231-0
  • Opcode ID: 805e8e4a35168f82704e8eb56d01a618e0ffaaac54ea484fd0330ec43f290194
  • Instruction ID: 29398eeb2842912be790c925ebd2139725ee335ca0938be9adf055782d6f6556
  • Opcode Fuzzy Hash: 805e8e4a35168f82704e8eb56d01a618e0ffaaac54ea484fd0330ec43f290194
  • Instruction Fuzzy Hash: 1C317B719083418BE7309B28EC01BEB7B94AF95704F04853EF980A73D1EA79D84487DA
APIs
    • Part of subcall function 004112E4: VirtualQuery.KERNEL32(?,?,0000001C), ref: 004112FE
    • Part of subcall function 004112E4: GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 0041130F
    • Part of subcall function 004112E4: VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 00411355
  • MultiByteToWideChar.KERNEL32(?,00000001,00000000,?,?,00000000), ref: 0040F622
  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 0040F63F
  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0040F6B5
  • CompareStringW.KERNEL32(?,?,?,00000000,?,00000000,?,00000000), ref: 0040F6CB
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: ByteCharMultiWide$QueryVirtual$CompareInfoStringSystem
  • String ID:
  • API String ID: 1997773198-0
  • Opcode ID: f6b12e02390201fe11e4eb98017843ff988972892b6a8c95b2531df51b7ccf4b
  • Instruction ID: d3691e2217f3231159c7375a37fa26749d4f7800d79f474b1d5ff43a010d8db8
  • Opcode Fuzzy Hash: f6b12e02390201fe11e4eb98017843ff988972892b6a8c95b2531df51b7ccf4b
  • Instruction Fuzzy Hash: F3316832801208ABCF21DFA1DD45B9E7B76AF08314F21453AF914B62E0CB399966DB59
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: _strlen$___initmbctable_strcat
  • String ID:
  • API String ID: 109824703-0
  • Opcode ID: 638a8c6b50ddaccf70713ba18f7a040f5f5f30dcd4d38c629db019184ccae39b
  • Instruction ID: da78a652b068b5e062824c9a773f70b32bdf9923746fbc79f263ec53a1f1db0c
  • Opcode Fuzzy Hash: 638a8c6b50ddaccf70713ba18f7a040f5f5f30dcd4d38c629db019184ccae39b
  • Instruction Fuzzy Hash: 01112CB290D11499D7206F66AC409A67794FB403347340A3FECD17B2D2DB3C5852975E
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: ___addl
  • String ID:
  • API String ID: 2260456530-0
  • Opcode ID: d6adc6867b8e25f44f58ff544db632d9a5569eb15d37292193b5af5a2e9527b0
  • Instruction ID: dd436fed3de62e3f1c50885adc50629ffcec56d6156d8f23ec9715223329c4ce
  • Opcode Fuzzy Hash: d6adc6867b8e25f44f58ff544db632d9a5569eb15d37292193b5af5a2e9527b0
  • Instruction Fuzzy Hash: AAF0CD32600A06AFDA105B52DE01EABB7E9FF04310B04046AFD59C2131E776E8B8DB95
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID: 00A
  • API String ID: 0-95910775
  • Opcode ID: 10c47d0f26a7eb795a35bd8413a1e350ac7fa02020d40dde578ec44eecc66820
  • Instruction ID: 4c6f0766c8e6c649f6fa5f75d136a56df2f465acf2bbaeac50cb7838e6adf891
  • Opcode Fuzzy Hash: 10c47d0f26a7eb795a35bd8413a1e350ac7fa02020d40dde578ec44eecc66820
  • Instruction Fuzzy Hash: 55713B7190030A9BCF24CF64C6402EEB7F0FF14315F20856BE856D6280E3B89AD2DB59
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: Info
  • String ID: $
  • API String ID: 1807457897-3032137957
  • Opcode ID: cf68fc0822ecee7d317005f8d815060512e0b6c314e40716834a8a5c252a672a
  • Instruction ID: ab5f556c17e8fa056453de12ba5fe72f1389198aa28de498e511a9fb10a9c87a
  • Opcode Fuzzy Hash: cf68fc0822ecee7d317005f8d815060512e0b6c314e40716834a8a5c252a672a
  • Instruction Fuzzy Hash: CF41587050029C9EEB11A729DC59BFA3BE8DB06304F2448F6D585E71E2C33849A5CBDD
APIs
  • __shift.LIBCMT ref: 0040C4DF
    • Part of subcall function 0040C49F: _strlen.LIBCMT ref: 0040C4A7
  • _strcat.LIBCMT ref: 0040C51C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: __shift_strcat_strlen
  • String ID: e+000
  • API String ID: 208078240-1027065040
  • Opcode ID: 99204c837e2409f6986774c7ad654fe99a733af53dc47f239ca467ea9dd3a250
  • Instruction ID: 17bc50f9198c035c8cdd0ed79951e1a6cf5457ef73ecfd6babd9b9924cec0e73
  • Opcode Fuzzy Hash: 99204c837e2409f6986774c7ad654fe99a733af53dc47f239ca467ea9dd3a250
  • Instruction Fuzzy Hash: 3521F3762083A09FD71A8F389C903A63BD06B03758F1841BFE085DB2D2D679D885C355
APIs
  • ___initmbctable.LIBCMT ref: 0040E36E
  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe,00000104,74DF0A60,00000000,?,?,?,?,004089A3,?,00416B70,00000060), ref: 0040E386
Strings
  • C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe, xrefs: 0040E378, 0040E37D
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: FileModuleName___initmbctable
  • String ID: C:\Users\user\Desktop\SecuriteInfo.com.Malware-Cryptor.2LA.gen.4973.32615.exe
  • API String ID: 767393020-4180530821
  • Opcode ID: 8cb5aa8c63e3ae0c076fe0a51959125341a92f89518b774a0669bfdaad44e31d
  • Instruction ID: 34af04eded205d1839deb7f596b6f7d00c93fbf4a899fdb66f65a4aa5aae7100
  • Opcode Fuzzy Hash: 8cb5aa8c63e3ae0c076fe0a51959125341a92f89518b774a0669bfdaad44e31d
  • Instruction Fuzzy Hash: 8D11E7B2E04114ABDB10CB9AAC409DB7BA8EB44360F10043FFC05E3281D678AE44CBA9
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: _strcat_strlen
  • String ID: :r@
  • API String ID: 432593777-3177767856
  • Opcode ID: fc55715b70dd32b35d5ce41357b087dc10da2c00204978975048f2969736d880
  • Instruction ID: 9b84f219e6dc6495519c0e39d8d3cf2b3b8731bd6334c630473821531a0b474f
  • Opcode Fuzzy Hash: fc55715b70dd32b35d5ce41357b087dc10da2c00204978975048f2969736d880
  • Instruction Fuzzy Hash: EBF012B1608A019FD7109F59DA01916F7E8EF04710311C53FA499E3692EF74E851DB5C
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: _strcat_strlen
  • String ID: :r@
  • API String ID: 432593777-3177767856
  • Opcode ID: 4b6f2f19c237900bd8b59327495900d198c1ff25f984eef9e3f2aa470d14eabf
  • Instruction ID: a3ab82be0d77339f828a5c25522ef286b84f55980bf1bc4826a61dfb2be1e6fb
  • Opcode Fuzzy Hash: 4b6f2f19c237900bd8b59327495900d198c1ff25f984eef9e3f2aa470d14eabf
  • Instruction Fuzzy Hash: 8DE04F7250C3115FE7146B56A801947F7E8DF54324721842FF884E3292EF7AE8518A6C
APIs
  • CreatePropertySheetPageA.COMCTL32 ref: 004059B6
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: CreatePagePropertySheet
  • String ID: 0$e
  • API String ID: 1186078762-387598579
  • Opcode ID: 0fb5ba9432983c12d53e2fb6dbbaa43478b87ff23e13155c579a4c7f0b5f29c3
  • Instruction ID: 5e001264b58c7fb0f4f341529d291b05aad7a0abf59bd7c2e259db0dc7dfa74f
  • Opcode Fuzzy Hash: 0fb5ba9432983c12d53e2fb6dbbaa43478b87ff23e13155c579a4c7f0b5f29c3
  • Instruction Fuzzy Hash: F2E0AE74508341AFD740CF08C45864BBBE1BBC8718F808D2DF498962A0D7BAD6198F97
APIs
  • CreatePropertySheetPageA.COMCTL32 ref: 00402BD6
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: CreatePagePropertySheet
  • String ID: 0$e
  • API String ID: 1186078762-387598579
  • Opcode ID: a4d3f364f5a6c475895f094927139263ba6e15392356ec7413d84f51750e5a6d
  • Instruction ID: 04b2cd5ca17d254cab0e0fb71381903871eb6c4e0e6be1be6d9512ef0956a17d
  • Opcode Fuzzy Hash: a4d3f364f5a6c475895f094927139263ba6e15392356ec7413d84f51750e5a6d
  • Instruction Fuzzy Hash: 51E0AEB4518341AFD740CF08C51864BBBE1BBC8708F808D2DF499962A0D7B996098B97
APIs
  • HeapReAlloc.KERNEL32(00000000,?,00000000,0040A58F,00000000,?,00000000), ref: 00409FC5
  • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,0040A58F,00000000,?,00000000), ref: 00409FFE
  • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 0040A01C
  • HeapFree.KERNEL32(00000000,?), ref: 0040A033
Memory Dump Source
  • Source File: 00000000.00000002.2896734178.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
  • Associated: 00000000.00000002.2896720846.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896758675.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896771877.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.2896787284.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
Similarity
  • API ID: AllocHeap$FreeVirtual
  • String ID:
  • API String ID: 3499195154-0
  • Opcode ID: 0140f3a87997b1b329128429566e96d8bc50739baae339df39e1861dff9e783d
  • Instruction ID: 83949e89e949b5b8c442eda20cbaf8359eb08ed794132a4c02adac5460ae7408
  • Opcode Fuzzy Hash: 0140f3a87997b1b329128429566e96d8bc50739baae339df39e1861dff9e783d
  • Instruction Fuzzy Hash: 50115B35240301AFD7308F2AEC459A2BBB5FF813A4710893AF562D25F1C3709851DF08