Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1443578
MD5:	fb7aaa1006f70fbfa147b89f23446ed3
SHA1:	203fd93ad7704755f0c6bedb050191f8aedc72cb
SHA256:	ab43d9e4e22c9e9fd0ed8cf7806a074e4b89ed31b752c9e3d949bb10cd2f0794
Tags:	exe
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found pyInstaller with non standard icon

Potentially malicious time measurement code found

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE / OLE file has an invalid certificate

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 7100 cmdline: "C:\Users\user\Desktop\file.exe" MD5: FB7AAA1006F70FBFA147B89F23446ED3)

file.exe (PID: 5804 cmdline: "C:\Users\user\Desktop\file.exe" MD5: FB7AAA1006F70FBFA147B89F23446ED3)

cleanup

Code function: 0_2_00007FF75A1053F0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00007FF75A1053F0

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_00007FFDA34E5731 rdtsc

2_2_00007FFDA34E5731

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\zstandard\backend_c.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\python311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md__mypyc.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\zstandard\_cffi.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\_cffi_backend.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\bcrypt\_bcrypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71002\python3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_0-17434

Source: C:\Users\user\Desktop\file.exe

API coverage: 1.7 %

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF75A108D00 FindFirstFileExW,FindClose,	0_2_00007FF75A108D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF75A118670 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF75A118670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF75A118670 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,	0_2_00007FF75A118670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF75A1226C4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF75A1226C4
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA34E322E _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,	2_2_00007FFDA34E322E

Source: file.exe, 00000000.00000003.2080560064.000002181B332000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.dr	Binary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: file.exe, 00000002.00000003.2101360000.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101768333.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107232156.00000239C340E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2121174220.00000239C3415000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107932805.00000239C340F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109777948.00000239C3415000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102004693.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108348320.00000239C3413000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWstem%SystemRoot%\system32\mswsock.dllr
Source: cacert.pem.0.dr	Binary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA34E5731		2_2_00007FFDA34E5731
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA34E4246		2_2_00007FFDA34E4246

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_00007FFDA34E5731 rdtsc

2_2_00007FFDA34E5731

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF75A11B3CC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF75A11B3CC

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF75A1242D0 GetProcessHeap,

0_2_00007FF75A1242D0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF75A11B3CC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF75A11B3CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF75A10CA9C SetUnhandledExceptionFilter,	0_2_00007FF75A10CA9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF75A10C030 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF75A10C030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF75A10C8BC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF75A10C8BC
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFD941D2A90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00007FFD941D2A90
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFD941D3058 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00007FFD941D3058
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA3383BB0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00007FFDA3383BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA33835E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00007FFDA33835E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA340EC00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00007FFDA340EC00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA3432009 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00007FFDA3432009
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA34E5A24 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00007FFDA34E5A24
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA3C232D8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00007FFDA3C232D8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA3C22D10 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00007FFDA3C22D10

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF75A12A620 cpuid

0_2_00007FF75A12A620

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\certifi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\bcrypt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\libcrypto-1_1.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\_ssl.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\zstandard VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\zstandard\backend_c.cp311-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md.cp311-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md__mypyc.cp311-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\unicodedata.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI71002 VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF75A10C7A0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF75A10C7A0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF75A126B50 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF75A126B50

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_00007FFDA34E2B62 bind,WSAGetLastError,

2_2_00007FFDA34E2B62

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	11 Process Injection	11 Process Injection	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	31 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	22 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Temp\_MEI71002\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\VCRUNTIME140.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\_bz2.pyd	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\_bz2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\_cffi_backend.cp311-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\_cffi_backend.cp311-win_amd64.pyd	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\_decimal.pyd	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\_decimal.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\_hashlib.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\_hashlib.pyd	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\_lzma.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\_lzma.pyd	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\_queue.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\_queue.pyd	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\_socket.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\_socket.pyd	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\_ssl.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\_ssl.pyd	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\bcrypt\_bcrypt.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\bcrypt\_bcrypt.pyd	1%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md.cp311-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md.cp311-win_amd64.pyd	1%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md__mypyc.cp311-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md__mypyc.cp311-win_amd64.pyd	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography\hazmat\bindings\_rust.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography\hazmat\bindings\_rust.pyd	1%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\libcrypto-1_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71002\libcrypto-1_1.dll	0%	Virustotal	Browse

Source	Detection	Scanner	Label	Link
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
https://www.python.org/download/releases/2.3/mro/.	0%	URL Reputation	safe
https://cryptography.io/	0%	URL Reputation	safe
https://httpbin.org/post	0%	URL Reputation	safe
https://docs.rs/getrandom#nodejs-es-module-support	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	0%	URL Reputation	safe
https://yahoo.com/	0%	URL Reputation	safe
https://tools.ietf.org/html/rfc2388#section-4.4	0%	URL Reputation	safe
https://www.apache.org/licenses/LICENSE-2.0	0%	URL Reputation	safe
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64	0%	URL Reputation	safe
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6	0%	URL Reputation	safe
http://cacerts.digicert.co	0%	URL Reputation	safe
https://html.spec.whatwg.org/multipage/	0%	URL Reputation	safe
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings	0%	URL Reputation	safe
https://cryptography.io/en/latest/changelog/	0%	URL Reputation	safe
http://www.iana.org/time-zones/repository/tz-link.html	0%	URL Reputation	safe
https://mail.python.org/mailman/listinfo/cryptography-dev	0%	URL Reputation	safe
https://requests.readthedocs.io	0%	URL Reputation	safe
https://peps.python.org/pep-0205/	0%	URL Reputation	safe
http://curl.haxx.se/rfc/cookie_spec.html	0%	URL Reputation	safe
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy	0%	URL Reputation	safe
https://httpbin.org/get	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
https://www.python.org	0%	URL Reputation	safe
https://www.python.org/	0%	URL Reputation	safe
https://json.org	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	0%	URL Reputation	safe
https://httpbin.org/	0%	URL Reputation	safe
https://www.apache.org/licenses/	0%	URL Reputation	safe
https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file	0%	URL Reputation	safe
http://www.cl.cam.ac.uk/~mgk25/iso-time.html	0%	URL Reputation	safe
https://twitter.com/	0%	URL Reputation	safe
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535	0%	URL Reputation	safe
https://cryptography.io/en/latest/installation/	0%	URL Reputation	safe
https://www.python.org/psf/license/	0%	URL Reputation	safe
https://img.shields.io/pypi/v/cryptography.svg	0%	URL Reputation	safe
http://wwwsearch.sf.net/):	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	0%	URL Reputation	safe
http://tools.ietf.org/html/rfc6125#section-6.4.3	0%	URL Reputation	safe
https://mahler:8092/site-updates.py	0%	Avira URL Cloud	safe
https://cryptography.io/en/latest/security/	0%	URL Reputation	safe
https://cffi.readthedocs.io/en/latest/using.html#callbacks	0%	URL Reputation	safe
http://.../back.jpeg	0%	Avira URL Cloud	safe
https://www.openssl.org/H	0%	URL Reputation	safe
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm	0%	URL Reputation	safe
http://google.com/	0%	Avira URL Cloud	safe
https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy	0%	URL Reputation	safe
https://cryptography.io	0%	URL Reputation	safe
https://peps.python.org/pep-0263/	0%	URL Reputation	safe
https://foss.heptapod.net/pypy/pypy/-/issues/3539	0%	URL Reputation	safe
https://github.com/pyca/cryptography/issues/8996	0%	Avira URL Cloud	safe
https://github.com/pyca/cryptography	0%	Avira URL Cloud	safe
https://github.com/pyca/cryptography/	0%	Avira URL Cloud	safe
https://github.com/Ousret/charset_normalizer	0%	Avira URL Cloud	safe
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	0%	Avira URL Cloud	safe
https://github.com/urllib3/urllib3/issues/2920	0%	Avira URL Cloud	safe
https://github.com/pyca/cryptography/actions?query=workflow%3ACI	0%	Avira URL Cloud	safe
http://google.com/	1%	Virustotal		Browse
https://github.com/pyca/cryptography/issues/8996	0%	Virustotal		Browse
https://github.com/Ousret/charset_normalizer	0%	Virustotal		Browse
https://github.com/pyca/cryptography	0%	Virustotal		Browse
http://hg.python.org/cpython/file/603b4d5937	0%	Avira URL Cloud	safe
https://github.com/pyca/cryptography/	0%	Virustotal		Browse
https://pluvinecollutstogie.sbs/id777index	0%	Avira URL Cloud	safe
https://github.com/urllib3/urllib3/issues/2920	0%	Virustotal		Browse
https://pluvinecollutstogie.sbs/id777	0%	Avira URL Cloud	safe
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	0%	Virustotal		Browse
https://github.com/pyca/cryptography/actions?query=workflow%3ACI	0%	Virustotal		Browse
https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963	0%	Avira URL Cloud	safe
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688	0%	Avira URL Cloud	safe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	0%	Avira URL Cloud	safe
https://pluvinecollutstogie.sbs/id777	0%	Virustotal		Browse
http://hg.python.org/cpython/file/603b4d5937	0%	Virustotal		Browse
https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main	0%	Avira URL Cloud	safe
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy	0%	Avira URL Cloud	safe
https://google.com/	0%	Avira URL Cloud	safe
https://google.com/mail/	0%	Avira URL Cloud	safe
https://bugs.python.org/issue42195.	0%	Avira URL Cloud	safe
https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main	0%	Virustotal		Browse
http://google.com/mail/	0%	Avira URL Cloud	safe
https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963	0%	Virustotal		Browse
https://google.com/	1%	Virustotal		Browse
https://google.com/mail/	0%	Virustotal		Browse
http://crPyObject_CheckReadBufferpython311.PyObject_CheckReadBufferPyObject_ClearWeakRefspython311.P	0%	Avira URL Cloud	safe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	0%	Virustotal		Browse
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688	0%	Virustotal		Browse
https://google.com/mail	0%	Avira URL Cloud	safe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py	0%	Avira URL Cloud	safe
https://github.com/pyca/cryptography/issues	0%	Avira URL Cloud	safe
https://bugs.python.org/issue42195.	0%	Virustotal		Browse
https://github.com/pyca/bcrypt/__version_ex__4.1.2The	0%	Avira URL Cloud	safe
https://readthedocs.org/projects/cryptography/badge/?version=latest	0%	Avira URL Cloud	safe
http://google.com/mail/	0%	Virustotal		Browse
https://pypi.org/project/cryptography/	0%	Avira URL Cloud	safe
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.	0%	Avira URL Cloud	safe
https://github.com/pyca/cryptography/issues	0%	Virustotal		Browse
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py	0%	Virustotal		Browse
https://google.com/mail	0%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
http://google.com/	file.exe, 00000002.00000003.2107470310.00000239C3421000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2110567806.00000239C3450000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107232156.00000239C340E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2110906844.00000239C3453000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C3443000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111082663.00000239C3464000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://mahler:8092/site-updates.py	file.exe, 00000002.00000003.2105471619.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104835722.00000239C38B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104765849.00000239C3908000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2122509155.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106826126.00000239C3920000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106070756.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107422942.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106437603.00000239C3901000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104835722.00000239C38E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2105814384.00000239C38FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106796381.00000239C3916000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107342561.00000239C3926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104325449.00000239C38CC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/pyca/cryptography/issues/8996	_rust.pyd.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	file.exe	false	URL Reputation: safe URL Reputation: safe	unknown
http://ocsp.sectigo.com0	file.exe	false	URL Reputation: safe	unknown
http://.../back.jpeg	file.exe, 00000002.00000003.2104835722.00000239C38B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2122964981.00000239C3C40000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104716566.00000239C3222000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/pyca/cryptography	file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.python.org/download/releases/2.3/mro/.	file.exe, 00000002.00000002.2119286783.00000239C2D00000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098027317.00000239C31A7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098073514.00000239C3184000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.dr	false	URL Reputation: safe	unknown
https://cryptography.io/	METADATA.0.dr	false	URL Reputation: safe	unknown
https://httpbin.org/post	file.exe, 00000002.00000003.2108047474.00000239C31BF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2115650014.00000239C31C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106513414.00000239C31BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108451542.00000239C31C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106467560.00000239C31A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2120001108.00000239C31C4000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://docs.rs/getrandom#nodejs-es-module-support	_bcrypt.pyd.0.dr	false	URL Reputation: safe	unknown
https://github.com/pyca/cryptography/	file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/Ousret/charset_normalizer	file.exe, 00000002.00000003.2111970200.00000239C34F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C34F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111255514.00000239C34F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106115971.00000239C34F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104166897.00000239C34D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	file.exe	false	URL Reputation: safe	unknown
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	file.exe, 00000002.00000003.2099430534.00000239C13FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2096439344.00000239C3141000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106855895.00000239C13DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2114317566.00000239C1413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099518287.00000239C1401000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2118572303.00000239C1414000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107882981.00000239C1406000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099123421.00000239C1405000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099804414.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109428688.00000239C1410000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098285001.00000239C140D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2100696562.00000239C13FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108940623.00000239C140D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098766089.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/urllib3/urllib3/issues/2920	file.exe, 00000002.00000002.2122202015.00000239C3640000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/pyca/cryptography/actions?query=workflow%3ACI	file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://yahoo.com/	file.exe, 00000002.00000003.2106627313.00000239C34F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106610803.00000239C3518000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107583289.00000239C351E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106494916.00000239C350C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108495608.00000239C34FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106115971.00000239C34F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104166897.00000239C34D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://hg.python.org/cpython/file/603b4d5937	file.exe, 00000002.00000003.2107470310.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2121613410.00000239C349F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109093292.00000239C3499000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C348F000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://tools.ietf.org/html/rfc2388#section-4.4	file.exe, 00000002.00000003.2107697642.00000239C31A3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106467560.00000239C31A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2114474082.00000239C31A6000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.apache.org/licenses/LICENSE-2.0	file.exe, 00000000.00000003.2081956102.000002181B343000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081387871.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081346972.000002181B343000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.dr	false	URL Reputation: safe	unknown
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64	file.exe, 00000002.00000003.2102374817.00000239C3462000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107470310.00000239C3421000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101360000.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107232156.00000239C340E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109567235.00000239C3466000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101535138.00000239C3461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102004693.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C3443000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101688059.00000239C346D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102486918.00000239C346C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2110151704.00000239C346D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102150171.00000239C3450000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://pluvinecollutstogie.sbs/id777index	file.exe, 00000002.00000002.2119644866.00000239C2F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6	file.exe, 00000002.00000003.2106591896.00000239C3503000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109975810.00000239C3509000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106115971.00000239C34F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104166897.00000239C34D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://cacerts.digicert.co	file.exe, 00000000.00000003.2078796039.000002181B332000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://html.spec.whatwg.org/multipage/	file.exe, 00000002.00000003.2107470310.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111373792.00000239C34E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107907520.00000239C34D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108987087.00000239C34D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104166897.00000239C34D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings	file.exe, 00000002.00000002.2122330234.00000239C3740000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cryptography.io/en/latest/changelog/	file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	false	URL Reputation: safe	unknown
https://pluvinecollutstogie.sbs/id777	file.exe, 00000002.00000002.2119644866.00000239C2F40000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963	file.exe, 00000002.00000002.2122202015.00000239C3640000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.iana.org/time-zones/repository/tz-link.html	file.exe, 00000002.00000003.2101768333.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102004693.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102150171.00000239C3450000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://mail.python.org/mailman/listinfo/cryptography-dev	file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	false	URL Reputation: safe	unknown
https://requests.readthedocs.io	file.exe, 00000002.00000003.2108047474.00000239C31BF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2115650014.00000239C31C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2116021706.00000239C3DF8000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106513414.00000239C31BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108451542.00000239C31C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106467560.00000239C31A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2120001108.00000239C31C4000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://peps.python.org/pep-0205/	file.exe, 00000002.00000002.2120171366.00000239C3240000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.dr	false	URL Reputation: safe	unknown
http://curl.haxx.se/rfc/cookie_spec.html	file.exe, 00000002.00000003.2104251717.00000239C390B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2122330234.00000239C3740000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103420247.00000239C390B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy	file.exe, 00000002.00000002.2122330234.00000239C3740000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688	file.exe, 00000002.00000003.2096439344.00000239C3141000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2119286783.00000239C2D88000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://httpbin.org/get	file.exe, 00000002.00000003.2116021706.00000239C3E28000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.2120126103.00000239C3221000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2105710336.00000239C3524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2105814384.00000239C38FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107583289.00000239C3528000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108695923.00000239C3528000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106348484.00000239C3528000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106141104.00000239C31D9000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sectigo.com/CPS0	file.exe	false	URL Reputation: safe	unknown
https://www.python.org	file.exe, 00000002.00000003.2108047474.00000239C31BF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2115650014.00000239C31C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106513414.00000239C31BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108451542.00000239C31C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106467560.00000239C31A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2120001108.00000239C31C4000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.python.org/	file.exe, 00000002.00000003.2105471619.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104835722.00000239C38B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104765849.00000239C3908000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2122509155.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106826126.00000239C3920000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106070756.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107422942.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106437603.00000239C3901000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104835722.00000239C38E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2105814384.00000239C38FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106796381.00000239C3916000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107342561.00000239C3926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104325449.00000239C38CC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	file.exe, 00000002.00000003.2099430534.00000239C13FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2096439344.00000239C3141000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106855895.00000239C13DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2114317566.00000239C1413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099518287.00000239C1401000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2118572303.00000239C1414000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107882981.00000239C1406000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099123421.00000239C1405000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099804414.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109428688.00000239C1410000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098285001.00000239C140D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2100696562.00000239C13FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108940623.00000239C140D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098766089.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://json.org	file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111772823.00000239C34DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111970200.00000239C34DE000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	file.exe	false	URL Reputation: safe	unknown
https://httpbin.org/	file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.apache.org/licenses/	file.exe, 00000000.00000003.2081387871.000002181B335000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.dr	false	URL Reputation: safe	unknown
https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main	file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file	_rust.pyd.0.dr	false	URL Reputation: safe	unknown
http://www.cl.cam.ac.uk/~mgk25/iso-time.html	file.exe, 00000002.00000003.2101618066.00000239C3480000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101768333.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102004693.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102150171.00000239C3450000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://twitter.com/	file.exe, 00000002.00000003.2106115971.00000239C34F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106467560.00000239C31A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104166897.00000239C34D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535	file.exe, 00000002.00000003.2107470310.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2121613410.00000239C349F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107470310.00000239C3421000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107232156.00000239C340E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109567235.00000239C3466000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109093292.00000239C3499000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C3443000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cryptography.io/en/latest/installation/	file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	false	URL Reputation: safe	unknown
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy	file.exe, 00000002.00000003.2099430534.00000239C13FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2096439344.00000239C3141000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106855895.00000239C13DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2114317566.00000239C1413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099518287.00000239C1401000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2118572303.00000239C1414000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107882981.00000239C1406000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099123421.00000239C1405000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099804414.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109428688.00000239C1410000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098285001.00000239C140D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2100696562.00000239C13FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108940623.00000239C140D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098766089.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://google.com/	file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://google.com/mail/	file.exe, 00000002.00000003.2109498206.00000239C3473000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.python.org/psf/license/	file.exe, 00000002.00000002.2124395084.00007FFD94708000.00000004.00000001.01000000.00000004.sdmp, python311.dll.0.dr	false	URL Reputation: safe	unknown
https://bugs.python.org/issue42195.	file.exe, 00000002.00000003.2111125283.00000239C33B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101768333.00000239C33C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C33B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101360000.00000239C33B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2100755088.00000239C3456000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2100212085.00000239C3456000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2110269188.00000239C33B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111817225.00000239C33B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2120983564.00000239C33B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102208957.00000239C33C0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://img.shields.io/pypi/v/cryptography.svg	file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	false	URL Reputation: safe	unknown
http://google.com/mail/	file.exe, 00000002.00000003.2107470310.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108987087.00000239C34A5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2121639639.00000239C34AD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C348F000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://wwwsearch.sf.net/):	file.exe, 00000002.00000003.2107073018.00000239C31CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104251717.00000239C390B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106513414.00000239C31BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111330977.00000239C31CB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106467560.00000239C31A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103420247.00000239C390B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	file.exe	false	URL Reputation: safe	unknown
http://tools.ietf.org/html/rfc6125#section-6.4.3	file.exe, 00000002.00000002.2122964981.00000239C3C40000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cryptography.io/en/latest/security/	file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	false	URL Reputation: safe	unknown
https://cffi.readthedocs.io/en/latest/using.html#callbacks	_cffi_backend.cp311-win_amd64.pyd.0.dr	false	URL Reputation: safe	unknown
https://www.openssl.org/H	file.exe, 00000000.00000003.2086703998.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmp, file.exe, 00000002.00000002.2126709512.00007FFDA3828000.00000002.00000001.01000000.0000000A.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr	false	URL Reputation: safe	unknown
http://crPyObject_CheckReadBufferpython311.PyObject_CheckReadBufferPyObject_ClearWeakRefspython311.P	file.exe, 00000000.00000003.2087073718.000002181B335000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://google.com/mail	file.exe, 00000002.00000003.2106627313.00000239C34F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106610803.00000239C3518000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107583289.00000239C351E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106494916.00000239C350C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108495608.00000239C34FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106115971.00000239C34F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104166897.00000239C34D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py	file.exe, 00000002.00000003.2098766089.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm	file.exe, 00000002.00000003.2101618066.00000239C3480000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101768333.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102004693.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102150171.00000239C3450000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy	file.exe, 00000002.00000003.2116021706.00000239C3DF8000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cryptography.io	file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	false	URL Reputation: safe	unknown
https://github.com/pyca/cryptography/issues	METADATA.0.dr, _rust.pyd.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/pyca/bcrypt/__version_ex__4.1.2The	_bcrypt.pyd.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://readthedocs.org/projects/cryptography/badge/?version=latest	file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://peps.python.org/pep-0263/	file.exe, 00000002.00000002.2124080160.00007FFD9466B000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr	false	URL Reputation: safe	unknown
https://pypi.org/project/cryptography/	file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://foss.heptapod.net/pypy/pypy/-/issues/3539	file.exe, 00000002.00000002.2122202015.00000239C3640000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.	file.exe, 00000002.00000003.2107470310.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2121613410.00000239C349F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109093292.00000239C3499000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C348F000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1443578
Start date and time:	2024-05-18 02:05:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal48.evad.winEXE@3/31@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Report size exceeded maximum capacity and may have missing disassembly code.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\_MEI71002\VCRUNTIME140.dll	SecuriteInfo.com.Win64.SpywareX-gen.27721.19030.exe	Get hash	malicious	Python Stealer, Discord Token Stealer	Browse
	access_version_x32-64_pack.exe	Get hash	malicious	Unknown	Browse
	https://c51k11nyj56k.pettisville.sbs/lander/FileRotator_ID428/download.php	Get hash	malicious	Unknown	Browse
	Wave32bit.exe	Get hash	malicious	Unknown	Browse
	Wave32bit.exe	Get hash	malicious	Unknown	Browse
	DeltaX.exe	Get hash	malicious	Xmrig	Browse
	Arceus.exe	Get hash	malicious	Xmrig	Browse
	DeltaX.exe	Get hash	malicious	Xmrig	Browse
	SecuriteInfo.com.FileRepMalware.5539.23420.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.FileRepMalware.5539.23420.exe	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\_MEI71002\_bz2.pyd	access_version_x32-64_pack.exe	Get hash	malicious	Unknown	Browse
	https://c51k11nyj56k.pettisville.sbs/lander/FileRotator_ID428/download.php	Get hash	malicious	Unknown	Browse
	Wave32bit.exe	Get hash	malicious	Unknown	Browse
	Wave32bit.exe	Get hash	malicious	Unknown	Browse
	DeltaX.exe	Get hash	malicious	Xmrig	Browse
	Arceus.exe	Get hash	malicious	Xmrig	Browse
	DeltaX.exe	Get hash	malicious	Xmrig	Browse
	W1dMSoIHTz.exe	Get hash	malicious	Unknown	Browse
	W1dMSoIHTz.exe	Get hash	malicious	Unknown	Browse
	oNrzSFoBe5.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\_MEI71002\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	109392
Entropy (8bit):	6.641929675972235
Encrypted:	false
SSDEEP:	1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
MD5:	4585A96CC4EEF6AAFD5E27EA09147DC6
SHA1:	489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB
SHA-256:	A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
SHA-512:	D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: SecuriteInfo.com.Win64.SpywareX-gen.27721.19030.exe, Detection: malicious, Browse Filename: access_version_x32-64_pack.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: Wave32bit.exe, Detection: malicious, Browse Filename: Wave32bit.exe, Detection: malicious, Browse Filename: DeltaX.exe, Detection: malicious, Browse Filename: Arceus.exe, Detection: malicious, Browse Filename: DeltaX.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.FileRepMalware.5539.23420.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.FileRepMalware.5539.23420.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d..._#;..........." ...".....`......................................................=.....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\_bz2.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	84760
Entropy (8bit):	6.570831353064175
Encrypted:	false
SSDEEP:	1536:PdQz7pZ3catNZTRGE51LOBK5bib8tsfYqpIPCV17SyQPx:VQz9Z5VOwiItsAqpIPCV1Gx
MD5:	3859239CED9A45399B967EBCE5A6BA23
SHA1:	6F8FF3DF90AC833C1EB69208DB462CDA8CA3F8D6
SHA-256:	A4DD883257A7ACE84F96BCC6CD59E22D843D0DB080606DEFAE32923FC712C75A
SHA-512:	030E5CE81E36BD55F69D55CBB8385820EB7C1F95342C1A32058F49ABEABB485B1C4A30877C07A56C9D909228E45A4196872E14DED4F87ADAA8B6AD97463E5C69
Malicious:	false
Antivirus:	Antivirus: Virustotal, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: access_version_x32-64_pack.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: Wave32bit.exe, Detection: malicious, Browse Filename: Wave32bit.exe, Detection: malicious, Browse Filename: DeltaX.exe, Detection: malicious, Browse Filename: Arceus.exe, Detection: malicious, Browse Filename: DeltaX.exe, Detection: malicious, Browse Filename: W1dMSoIHTz.exe, Detection: malicious, Browse Filename: W1dMSoIHTz.exe, Detection: malicious, Browse Filename: oNrzSFoBe5.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A}...............d`.....J`......J`......J`......J`......J`.......`......Nd..........Z....`.......`.......`.......`......Rich............PE..d......d.........." ...".....^......L........................................P.......`....`.........................................p...H............0....... .. ......../...@..........T...........................p...@............................................text............................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\_cffi_backend.cp311-win_amd64.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	181248
Entropy (8bit):	6.186854863391558
Encrypted:	false
SSDEEP:	3072:nmHfhrWGYV6sewRdFRId6PBNKcqDn/C1j/UyS7viSTLkKxalPu//ay/i:nmprWX6sPRNPBAn/0/dCiSTLL0P2/ay
MD5:	210DEF84BB2C35115A2B2AC25E3FFD8F
SHA1:	0376B275C81C25D4DF2BE4789C875B31F106BD09
SHA-256:	59767B0918859BEDDF28A7D66A50431411FFD940C32B3E8347E6D938B60FACDF
SHA-512:	CD5551EB7AFD4645860C7EDD7B0ABD375EE6E1DA934BE21A6099879C8EE3812D57F2398CAD28FBB6F75BBA77471D9B32C96C7C1E9D3B4D26C7FC838745746C7F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........ ..MA.CMA.CMA.CD9MCAA.C.4.BOA.C+.#CIA.C.4.BFA.C.4.BEA.C.4.BIA.C.9.BIA.C.=.BNA.CMA.C.A.C.4.BIA.CD9KCLA.C.4.BLA.C.4!CLA.C.4.BLA.CRichMA.C........................PE..d...,..e.........." .........@..............................................0............`..........................................g..l...\|g..................<............ .......M...............................M..8............................................text............................... ..`.rdata..l...........................@..@.data....\.......0...v..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\_decimal.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	253200
Entropy (8bit):	6.559097478184273
Encrypted:	false
SSDEEP:	6144:7t9gXW32tb0yf6CgLp+E4YECs5wxvj9qWM53pLW1Apw9tBg2YAp:7ngXW3wgyCiE4texvGI4Ap
MD5:	65B4AB77D6C6231C145D3E20E7073F51
SHA1:	23D5CE68ED6AA8EAABE3366D2DD04E89D248328E
SHA-256:	93EB9D1859EDCA1C29594491863BF3D72AF70B9A4240E0D9DD171F668F4F8614
SHA-512:	28023446E5AC90E9E618673C879CA46F598A62FBB9E69EF925DB334AD9CB1544916CAF81E2ECDC26B75964DCEDBA4AD4DE1BA2C42FB838D0DF504D963FCF17EE
Malicious:	false
Antivirus:	Antivirus: Virustotal, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nyR.............w.......s.......s.......s.......s.......s.......w.........._....s.......s.......s.......s.......s......Rich............PE..d......d.........." ...".v...<......L...............................................Rn....`..........................................T..P...`T...................&......./......P.......T...........................P...@............................................text....u.......v.................. ..`.rdata..<............z..............@..@.data....*...p...$...R..............@....pdata...&.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\_hashlib.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	65304
Entropy (8bit):	6.222786912280051
Encrypted:	false
SSDEEP:	1536:6TO+CPN/pV8ETeERZX/fchw/IpBIPOIVQ7SygPx:mClZZow/IpBIPOIVQyx
MD5:	4255C44DC64F11F32C961BF275AAB3A2
SHA1:	C1631B2821A7E8A1783ECFE9A14DB453BE54C30A
SHA-256:	E557873D5AD59FD6BD29D0F801AD0651DBB8D9AC21545DEFE508089E92A15E29
SHA-512:	7D3A306755A123B246F31994CD812E7922943CDBBC9DB5A6E4D3372EA434A635FFD3945B5D2046DE669E7983EF2845BD007A441D09CFE05CF346523C12BDAD52
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F.u.'.&.'.&.'.&._,&.'.&.[.'.'.&.[.'.'.&.[.'.'.&.[.'.'.&._.'.'.&[.'.'.&.'.&e'.&[.'.'.&[.'.'.&[@&.'.&*[.'.'.&Rich.'.&........PE..d......d.........." ...".T...~......`?...............................................%....`.............................................P.......................,......../......\...0}..T............................{..@............p..(............................text...uR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\_lzma.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	158992
Entropy (8bit):	6.8491146526380025
Encrypted:	false
SSDEEP:	3072:A4lirS97HrdVmEkGCm5hAznf49mNo2NOvJ02pIPZ1wBExN:VlirG0EkTVAYO2NQ3w
MD5:	E5ABC3A72996F8FDE0BCF709E6577D9D
SHA1:	15770BDCD06E171F0B868C803B8CF33A8581EDD3
SHA-256:	1796038480754A680F33A4E37C8B5673CC86C49281A287DC0C5CAE984D0CB4BB
SHA-512:	B347474DC071F2857E1E16965B43DB6518E35915B8168BDEFF1EAD4DFF710A1CC9F04CA0CED23A6DE40D717EEA375EEDB0BF3714DAF35DE6A77F071DB33DFAE6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...D,..D,..D,...,..D,..E-..D,..A-..D,..@-..D,..G-..D,M.E-..D,..E-..D,..E,.D,M.I-..D,M.D-..D,M.,..D,M.F-..D,Rich..D,........PE..d...$..d.........." ...".b...........5....................................................`..........................................%..L...\%..x....p.......P.......>.../......8.......T...........................p...@............................................text....a.......b.................. ..`.rdata..............f..............@..@.data........@......................@....pdata.......P......................@..@.rsrc........p.......2..............@..@.reloc..8............<..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\_queue.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	32528
Entropy (8bit):	6.448063770045404
Encrypted:	false
SSDEEP:	384:AuCvO+MZFryl9SDCP6rXv+mkWsniRq9IPQUkHQIYiSy1pCQqIPxh8E9VF0NykOBw:1+yF+6rX2mk599IPQUO5YiSyv3PxWEun
MD5:	F00133F7758627A15F2D98C034CF1657
SHA1:	2F5F54EDA4634052F5BE24C560154AF6647EEE05
SHA-256:	35609869EDC57D806925EC52CCA9BC5A035E30D5F40549647D4DA6D7983F8659
SHA-512:	1C77DD811D2184BEEDF3C553C3F4DA2144B75C6518543F98C630C59CD597FCBF6FD22CFBB0A7B9EA2FDB7983FF69D0D99E8201F4E84A0629BC5733AA09FFC201
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_X..1...1...1.......1...0...1...4...1...5...1...2...1.~.0...1...0...1...0...1.~.<...1.~.1...1.~.....1.~.3...1.Rich..1.........PE..d......d.........." ...".....8......................................................./....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\_socket.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	79640
Entropy (8bit):	6.290841920161528
Encrypted:	false
SSDEEP:	1536:0JltpedXL+3ujz9/s+S+pzpMoiyivViaE9IPLwj7SyZPx:07tp4i3ujz9/sT+pzqoavVpE9IPLwjHx
MD5:	1EEA9568D6FDEF29B9963783827F5867
SHA1:	A17760365094966220661AD87E57EFE09CD85B84
SHA-256:	74181072392A3727049EA3681FE9E59516373809CED53E08F6DA7C496B76E117
SHA-512:	D9443B70FCDC4D0EA1CB93A88325012D3F99DB88C36393A7DED6D04F590E582F7F1640D8B153FE3C5342FA93802A8374F03F6CD37DD40CDBB5ADE2E07FAD1E09
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RXY..97..97..97..A...97.YE6..97.YE2..97.YE3..97.YE4..97..E6..97..96..97.]A6..97..E:..97..E7..97..E...97..E5..97.Rich.97.................PE..d... ..d.........." ...".l...........%.......................................P......V.....`.............................................P............0....... ..x......../...@..........T...............................@............................................text...:k.......l.................. ..`.rdata...t.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\_ssl.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	161040
Entropy (8bit):	6.029728458381984
Encrypted:	false
SSDEEP:	3072:LMaGbIQQbN9W3PiNGeA66l8rBk3xA87xfCA+nbUtFMsVjTNbEzc+pIPC7ODxd:LMaG0bN96oG1l8YA8ZMSR+E
MD5:	208B0108172E59542260934A2E7CFA85
SHA1:	1D7FFB1B1754B97448EB41E686C0C79194D2AB3A
SHA-256:	5160500474EC95D4F3AF7E467CC70CB37BEC1D12545F0299AAB6D69CEA106C69
SHA-512:	41ABF6DEAB0F6C048967CA6060C337067F9F8125529925971BE86681EC0D3592C72B9CC85DD8BDEE5DD3E4E69E3BB629710D2D641078D5618B4F55B8A60CC69D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p...p...p....8..p.......p.......p.......p.......p..N....p...p...q.......p..N....p..N....p..N.T..p..N....p..Rich.p..........................PE..d...'..d.........." ..."............l+..............................................NS....`.............................................d...t........`.......P.......F.../...p..8...0...T...............................@............................................text............................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P......."..............@..@.rsrc........`......................@..@.reloc..8....p.......8..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1438373
Entropy (8bit):	5.59108786847922
Encrypted:	false
SSDEEP:	24576:mQR5pATu7xm4lUKdcubgAnyfbcZ0iwhBdYf9P3sRHHL:mQR5plxmQJy
MD5:	2F6D57BCCF7F7735ACB884A980410F6A
SHA1:	93A6926887A08DC09CD92864CD82B2BEC7B24EC5
SHA-256:	1B7D326BAD406E96A4C83B5A49714819467E3174ED0A74F81C9EBD96D1DD40B3
SHA-512:	95BCFC66DBE7B6AD324BD2DC2258A3366A3594BFC50118AB37A2A204906109E42192FB10A91172B340CC28C12640513DB268C854947FB9ED8426F214FF8889B4
Malicious:	false
Preview:	PK..........!.h%..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

C:\Users\user\AppData\Local\Temp\_MEI71002\bcrypt\_bcrypt.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	316928
Entropy (8bit):	6.399172981599646
Encrypted:	false
SSDEEP:	3072:RrdaOOOJPELEbEhSoKbVeKuJgu3rAkbK7xokgwHSkbj57ytyE/pZxFuVpOUrjenn:SO2h0b0KuJguLbLFhkn57MyE3xFWpOn
MD5:	169518669942F1B7C9A0BC4D0D98651F
SHA1:	4C2132A29ABCD0B2E26F96D7BA54BC8968CC4853
SHA-256:	4904336E5DDD08DB8BE7694EEF0D1D83DE6799D6412952A82DCA4847A3F46251
SHA-512:	270AB970EB7C9BD5DB40FEF76F78FCA68A40266390F16D971C946A086F7C079314B78E068477CD083D9FAE2E76EE7CC8A4D8BA7DDC4F5F5B0C78767B77A4F858
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 1%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^R...3...3...3...K...3.......3.......3.......3.......3.. ....3...F...3..QK...3...3...3...3..H3..w....3..w....3..Rich.3..........PE..d....e\|e.........." ...&.b...p.......$....................................................`.............................................T........................"...................D..T....................E..(...PC..@............... ............................text...7`.......b.................. ..`.rdata..D?.......@...f..............@..@.data...............................@....pdata...".......$..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\certifi\cacert.pem

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290282
Entropy (8bit):	6.048183244201235
Encrypted:	false
SSDEEP:	6144:QW1H/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5Np:QWN/TRJLWURrI55MWavdF0L
MD5:	302B49C5F476C0AE35571430BB2E4AA0
SHA1:	35A7837A3F1B960807BF46B1C95EC22792262846
SHA-256:	CF9D37FA81407AFE11DCC0D70FE602561422AA2344708C324E4504DB8C6C5748
SHA-512:	1345AF52984B570B1FF223032575FEB36CDFB4F38E75E0BD3B998BC46E9C646F7AC5C583D23A70460219299B9C04875EF672BF5A0D614618731DF9B7A5637D0A
Malicious:	false
Preview:	.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md.cp311-win_amd64.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	4.663205590455457
Encrypted:	false
SSDEEP:	96:qlTp72HzA5iJewkY0hQMsQJCUCLsZEA4elh3XQMtCFNGioUjQcX6g8cim1qeSju1:ql12HzzjBbRYoesfoRcqgvimoe
MD5:	FA50D9F8BCE6BD13652F5090E7B82C4D
SHA1:	EE137DA302A43C2F46D4323E98FFD46D92CF4BEF
SHA-256:	FFF69928DEA1432E0C7CB1225AB96F94FD38D5D852DE9A6BB8BF30B7D2BEDCEB
SHA-512:	341CEC015E74348EAB30D86EBB35C028519703006814A2ECD19B9FE5E6FCB05EDA6DDE0AAF4FE624D254B0D0180EC32ADF3B93EE96295F8F0F4C9D4ED27A7C0C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 1%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.V\..V\..V\.._$..T\... ..T\...$..T\... ..]\... ..^\... ..U\... ..U\..V\..p\.. ..W\.. ..W\.. z.W\.. ..W\..RichV\..........................PE..d......d.........." ...".....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	115712
Entropy (8bit):	5.890497931382238
Encrypted:	false
SSDEEP:	1536:rKLwVA2epJbdfD3NTSGkzsvDNIWN4ZgibPq0kgIWgymA5TGK2MLVur:rKL/dhTMzsbNd9ibPavPA5TGK7Qr
MD5:	2D1F2FFD0FECF96A053043DAAD99A5DF
SHA1:	B03D5F889E55E802D3802D0F0CAA4D29C538406B
SHA-256:	207BBAE9DDF8BDD64E65A8D600FE1DD0465F2AFCD6DC6E28D4D55887CD6CBD13
SHA-512:	4F7D68F241A7F581E143A010C78113154072C63ADFF5F200EF67EB34D766D14CE872D53183EB2B96B1895AA9C8D4CA82EE5E61E1C5E655FF5BE56970BE9EBE3E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.........................................5...........m...L.....L.......L.......L.......Rich............................PE..d......d.........." ...".(...........,....................................................`.........................................P...d.......................................$...pu..............................0t..@............@...............................text....'.......(.................. ..`.rdata...S...@...T...,..............@..@.data...x8.......,..................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\INSTALLER

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Mn:M
MD5:	365C9BFEB7D89244F2CE01C1DE44CB85
SHA1:	D7A03141D5D6B1E88B6B59EF08B6681DF212C599
SHA-256:	CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
SHA-512:	D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
Malicious:	false
Preview:	pip.

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\LICENSE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	197
Entropy (8bit):	4.61968998873571
Encrypted:	false
SSDEEP:	3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
MD5:	8C3617DB4FB6FAE01F1D253AB91511E4
SHA1:	E442040C26CD76D1B946822CAF29011A51F75D6D
SHA-256:	3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
SHA-512:	77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
Malicious:	false
Preview:	This software is made available under the terms of either of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of both these licenses..

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\LICENSE.APACHE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	11360
Entropy (8bit):	4.426756947907149
Encrypted:	false
SSDEEP:	192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
MD5:	4E168CCE331E5C827D4C2B68A6200E1B
SHA1:	DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
SHA-256:	AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
SHA-512:	F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
Malicious:	false
Preview:	. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\LICENSE.BSD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1532
Entropy (8bit):	5.058591167088024
Encrypted:	false
SSDEEP:	24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
MD5:	5AE30BA4123BC4F2FA49AA0B0DCE887B
SHA1:	EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
SHA-256:	602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
SHA-512:	DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
Malicious:	false
Preview:	Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\METADATA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5292
Entropy (8bit):	5.115440205505611
Encrypted:	false
SSDEEP:	96:DxapqZink/QIHQIyzQIZQILuQIR8vtklGovxNx6sWwCvCCcTKvIrrg9BMM6VwDjz:sJnkoBs/sqLz8cTKvIrrUiM6VwDjyeWs
MD5:	137D13F917D94C83137A0FA5AE12B467
SHA1:	01E93402C225BF2A4EE59F9A06F8062CB5E4801E
SHA-256:	36738E6971D2F20DB78433185A0EF7912A48544AA6FF7006505A7DC785158859
SHA-512:	1B22CBC6E22FA5E2BD5CC4A370443A342D00E7DD53330A4000E9A680DE80262BCA7188764E3568944D01025188291602AC8C53C971630984FBD9FA7D75AAB124
Malicious:	false
Preview:	Metadata-Version: 2.1..Name: cryptography..Version: 41.0.7..Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers...Author-email: The Python Cryptographic Authority and individual contributors <cryptography-dev@python.org>..License: Apache-2.0 OR BSD-3-Clause..Project-URL: homepage, https://github.com/pyca/cryptography..Project-URL: documentation, https://cryptography.io/..Project-URL: source, https://github.com/pyca/cryptography/..Project-URL: issues, https://github.com/pyca/cryptography/issues..Project-URL: changelog, https://cryptography.io/en/latest/changelog/..Classifier: Development Status :: 5 - Production/Stable..Classifier: Intended Audience :: Developers..Classifier: License :: OSI Approved :: Apache Software License..Classifier: License :: OSI Approved :: BSD License..Classifier: Natural Language :: English..Classifier: Operating System :: MacOS :: MacOS X..Classifier: Operating System :: POSIX..Classifier: Operating Syst

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\RECORD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	15240
Entropy (8bit):	5.548070237688736
Encrypted:	false
SSDEEP:	384:3XpsU/ZfaigkeVJN5Z6FGotqw+x6uvnPLEC:3OUxfzpctZEC
MD5:	F7C5BE55C15575749E2EB889653C563C
SHA1:	42DAED0D18BD14B3CBDF321B586B53734E4A53F9
SHA-256:	493D4FAED66428B4DAA4C8A3BCFC4E21B7D068A8F618E89A332A24FF9E049764
SHA-512:	2F5FE44B0672286A97C5DF4B351492125EAB20855A02BAA37FD308044698CAC7DDF622389AADD6DC1B555BADF21E8B7529E6F46D6135B0792A17E06A1151FC77
Malicious:	false
Preview:	cryptography-41.0.7.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-41.0.7.dist-info/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-41.0.7.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-41.0.7.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-41.0.7.dist-info/METADATA,sha256=NnOOaXHS8g23hDMYWg73kSpIVEqm_3AGUFp9x4UViFk,5292..cryptography-41.0.7.dist-info/RECORD,,..cryptography-41.0.7.dist-info/WHEEL,sha256=-EX5DQzNGQEoyL99Q-0P0-D-CXbfqafenaAeiSQ_Ufk,100..cryptography-41.0.7.dist-info/top_level.txt,sha256=KNaT-Sn2K4uxNaEbe6mYdDn3qWDMlp4y-MtWfB73nJc,13..cryptography/__about__.py,sha256=uPXMbbcptt7EzZ_jllGRx0pVdMn-NBsAM4L74hOv-b0,445..cryptography/__init__.py,sha256=iVPlBlXWTJyiFeRedxcbMPhyHB34viOM10d72vGnWuE,364..cryptography/__pycache__/__about__.cpython-311.pyc,,..cryptography/__pycache__/__init__.cpython-311.pyc,,..cryptography/

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\WHEEL

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	100
Entropy (8bit):	5.0203365408149025
Encrypted:	false
SSDEEP:	3:RtEeX7MWcSlVlbY3KgP+tkKc/SKQLn:RtBMwlVCxWKxDQLn
MD5:	4B432A99682DE414B29A683A3546B69F
SHA1:	F59C5016889EE5E9F62D09B22AEFBC2211A56C93
SHA-256:	F845F90D0CCD190128C8BF7D43ED0FD3E0FE0976DFA9A7DE9DA01E89243F51F9
SHA-512:	CBBF10E19B6F4072C416EA95D7AE259B9C5A1B89068B7B6660B7C637D6F2437AEA8D8202A2E26A0BEC36DAECD8BBB6B59016FC2DDEB13C545F0868B3E15479CA
Malicious:	false
Preview:	Wheel-Version: 1.0.Generator: bdist_wheel (0.42.0).Root-Is-Purelib: false.Tag: cp37-abi3-win_amd64..

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\top_level.txt

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	13
Entropy (8bit):	3.2389012566026314
Encrypted:	false
SSDEEP:	3:cOv:Nv
MD5:	E7274BD06FF93210298E7117D11EA631
SHA1:	7132C9EC1FD99924D658CC672F3AFE98AFEFAB8A
SHA-256:	28D693F929F62B8BB135A11B7BA9987439F7A960CC969E32F8CB567C1EF79C97
SHA-512:	AA6021C4E60A6382630BEBC1E16944F9B312359D645FC61219E9A3F19D876FD600E07DCA6932DCD7A1E15BFDEAC7DBDCEB9FFFCD5CA0E5377B82268ED19DE225
Malicious:	false
Preview:	cryptography.

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography\hazmat\bindings\_rust.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6673920
Entropy (8bit):	6.582002531606852
Encrypted:	false
SSDEEP:	98304:EzN+T+xtLlk0PPMAiGoTzeDy3x8lGBlWi9Nk:E5Y6Jk0PPMtfTzp3x8c
MD5:	486085AAC7BB246A173CEEA0879230AF
SHA1:	EF1095843B2A9C6D8285C7D9E8E334A9CE812FAE
SHA-256:	C3964FC08E4CA8BC193F131DEF6CC4B4724B18073AA0E12FED8B87C2E627DC83
SHA-512:	8A56774A08DA0AB9DD561D21FEBEEBC23A5DEA6F63D5638EA1B608CD923B857DF1F096262865E6EBD56B13EFD3BBA8D714FFDCE8316293229974532C49136460
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 1%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QN.../.../.../...W(../......./......./......./......./...R.../...Z.../..^W.../.../...-../...",......./.../.../......./......./..Rich./..........PE..d...M7ee.........." ...&..M..........L...................................... f...........`......................................... .a.p.....a.\|............Pb..............Pe.p...p.[.T.....................[.(...0.[.@............0M..............................text.....M.......M................. ..`.rdata.......0M.......M.............@..@.data........0a.......a.............@....pdata.......Pb.......b.............@..@.reloc..p....Pe.......e.............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\libcrypto-1_1.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3445016
Entropy (8bit):	6.099467326309974
Encrypted:	false
SSDEEP:	98304:+/+YgEQaGDoWS04ki7x+QRsZ51CPwDv3uFfJx:MLgEXGUZ37x+VZ51CPwDv3uFfJx
MD5:	E94733523BCD9A1FB6AC47E10A267287
SHA1:	94033B405386D04C75FFE6A424B9814B75C608AC
SHA-256:	F20EB4EFD8647B5273FDAAFCEB8CCB2B8BA5329665878E01986CBFC1E6832C44
SHA-512:	07DD0EB86498497E693DA0F9DD08DE5B7B09052A2D6754CFBC2AA260E7F56790E6C0A968875F7803CB735609B1E9B9C91A91B84913059C561BFFED5AB2CBB29F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........).h.z.h.z.h.z..Oz.h.z...{.h.z...{.h.z...{.h.z...{.h.z.h.zjh.z...{.h.z=..{.h.z=..{.j.z=..{.h.z=.#z.h.z=..{.h.zRich.h.z........................PE..d.....wd.........." ..."..$...................................................5......o5...`..........................................y/..h...J4.@.....4.\|....p2......b4../....4..O..P.,.8.............................,.@............@4..............................text...$.$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata..h....p2.......1.............@..@.idata..^#...@4..$....3.............@..@.00cfg..u....p4.......3.............@..@.rsrc...\|.....4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\libssl-1_1.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	704792
Entropy (8bit):	5.55753143710539
Encrypted:	false
SSDEEP:	12288:ihO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0T9qwfU2lvzA:iis/POtrzbLp5dQ0T9qcU2lvzA
MD5:	25BDE25D332383D1228B2E66A4CB9F3E
SHA1:	CD5B9C3DD6AAB470D445E3956708A324E93A9160
SHA-256:	C8F7237E7040A73C2BEA567ACC9CEC373AADD48654AAAC6122416E160F08CA13
SHA-512:	CA2F2139BB456799C9F98EF8D89FD7C09D1972FA5DD8FC01B14B7AF00BF8D2C2175FB2C0C41E49A6DAF540E67943AAD338E33C1556FD6040EF06E0F25BFA88FA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........q...q...q.....q..p...q..p...q..t...q..u...q..r...q.[.p...q...p.u.q.[.u...q.[.q...q.[.....q.[.s...q.Rich..q.........................PE..d.....wd.........." ...".D...T......<.....................................................`..........................................A...N..@U..........s........N......./......h.......8...............................@............@..@............................text....B.......D.................. ..`.rdata.../...`...0...H..............@..@.data...AM.......D...x..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............l..............@..@.rsrc...s............n..............@..@.reloc..q............v..............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\python3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	67352
Entropy (8bit):	6.146621901948148
Encrypted:	false
SSDEEP:	768:rw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJSy:8/5k8cnzeJf9IPL037SyG3Px
MD5:	B711598FC3ED0FE4CF2C7F3E0877979E
SHA1:	299C799E5D697834AA2447D8A313588AB5C5E433
SHA-256:	520169AA6CF49D7EE724D1178DE1BE0E809E4BDCF671E06F3D422A0DD5FD294A
SHA-512:	B3D59EFF5E38CEF651C9603971BDE77BE7231EA8B7BDB444259390A8A9E452E107A0B6CB9CC93E37FD3B40AFB2BA9E67217D648BFCA52F7CDC4B60C7493B6B84
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%{..a.e.a.e.a.e..fm.`.e..fe.`.e..f..`.e..fg.`.e.Richa.e.........................PE..d......d.........." ...".................................................................`.........................................`...P................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\python311.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5762840
Entropy (8bit):	6.089392282930885
Encrypted:	false
SSDEEP:	49152:73djosVvASxQKADxYBVD0NErnKqroleDkcWE/Q3pPITbwVFZL7VgVr42I1vJHH++:73ZOKRtlrJ7wfGrs1BHeM+2PocL2
MD5:	5A5DD7CAD8028097842B0AFEF45BFBCF
SHA1:	E247A2E460687C607253949C52AE2801FF35DC4A
SHA-256:	A811C7516F531F1515D10743AE78004DD627EBA0DC2D3BC0D2E033B2722043CE
SHA-512:	E6268E4FAD2CE3EF16B68298A57498E16F0262BF3531539AD013A66F72DF471569F94C6FCC48154B7C3049A3AD15CBFCBB6345DACB4F4ED7D528C74D589C9858
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.D.5..5..5..z.+.7..z...;..z./.9..z...=..z.).1..<../..~.+.>..5.+.P....'......4......4....(.4..Rich5.*.........................PE..d......d.........." ...".X%..47.....\H........................................\.......X...`...........................................@......WA......p[.......V.d0....W../....[..C....).T.............................).@............p%..............................text...rV%......X%................. ..`.rdata.......p%......\%.............@..@.data.........A..L...hA.............@....pdata..d0....V..2....Q.............@..@PyRuntim......X.......S.............@....rsrc........p[......rV.............@..@.reloc...C....[..D...\|V.............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\select.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	30480
Entropy (8bit):	6.578957517354568
Encrypted:	false
SSDEEP:	384:N1ecReJKrHqDUI7A700EZ9IPQGNHQIYiSy1pCQn1tPxh8E9VF0NykfF:3eUeJGHqNbD9IPQGR5YiSyvnnPxWEuN
MD5:	C97A587E19227D03A85E90A04D7937F6
SHA1:	463703CF1CAC4E2297B442654FC6169B70CFB9BF
SHA-256:	C4AA9A106381835CFB5F9BADFB9D77DF74338BC66E69183757A5A3774CCDACCF
SHA-512:	97784363F3B0B794D2F9FD6A2C862D64910C71591006A34EEDFF989ECCA669AC245B3DFE68EAA6DA621209A3AB61D36E9118EBB4BE4C0E72CE80FAB7B43BDE12
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........tB.t'B.t'B.t'K..'@.t'..u&@.t'..q&N.t'..p&J.t'..w&F.t'..u&@.t'B.u'..t'..u&G.t'..y&C.t'..t&C.t'...'C.t'..v&C.t'RichB.t'................PE..d......d.........." ...".....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\unicodedata.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1141016
Entropy (8bit):	5.435086202175289
Encrypted:	false
SSDEEP:	12288:83kYbfjwR6nblonRiPDjRrO5184EPYPx++ZiLKGZ5KXyVH4eD1ol:8UYbMA0IDJcjEwPgPOG6Xyd461ol
MD5:	AA13EE6770452AF73828B55AF5CD1A32
SHA1:	C01ECE61C7623E36A834D8B3C660E7F28C91177E
SHA-256:	8FBED20E9225FF82132E97B4FEFBB5DDBC10C062D9E3F920A6616AB27BB5B0FB
SHA-512:	B2EEB9A7D4A32E91084FDAE302953AAC57388A5390F9404D8DFE5C4A8F66CA2AB73253CF5BA4CC55350D8306230DD1114A61E22C23F42FBCC5C0098046E97E0F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................,...............,.....,.....,.y...,.....Rich..........PE..d......d.........." ...".@..........P*...............................................!....`.............................................X............`.......P..0....:.../...p.......]..T............................[..@............P..x............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data...H....0......................@....pdata..0....P.......&..............@..@.rsrc........`......................@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\zstandard\_cffi.cp311-win_amd64.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	655360
Entropy (8bit):	6.429498330590438
Encrypted:	false
SSDEEP:	12288:Xs/doJlY/OBzRSxUlcUmNNuNkOFIj+fWT0hrHPPoX1yZcG7:mAuOBzRSxUlvFIj+fWIPPM1yZcg
MD5:	4327027D7CB61F547E22C4F668EB7BF7
SHA1:	22F413D03A90D04D571526687E43EB255F427435
SHA-256:	E681900AEB771E57BC063E44B303293E11DF32F1B1FECDCBC00574C00E75626C
SHA-512:	16A2E2E262C0246906D48EA67EE17D38C07712A1B97EB18C4F8F656F39EB187E18DA3EDC6D2FDF49DC9E35B92F6BA6BDE0F00948C3E68E146F7EDCD1E9C9404A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p...p...p....)..p..!....p.......p..!....p..!....p..!....p..G....p...p...p..G....p..G....p..G.E..p..G....p..Rich.p..........................PE..d...f.Ae.........." ...#.....`...............................................P............`.............................................\...........0..........\|5...........@.......s..............................Pr..@...............8............................text............................... ..`.rdata..............................@..@.data...0...........................@....pdata..\|5.......6..................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI71002\zstandard\backend_c.cp311-win_amd64.pyd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	524800
Entropy (8bit):	6.43361179692515
Encrypted:	false
SSDEEP:	12288:LhqzrH09USNNSNkUvpMnAp5Oqwj/k6OsoOfu/PYS/O51Y/H:LhqzrH0evpMnApu86OsynYUPv
MD5:	DC08F04C9E03452764B4E228FC38C60B
SHA1:	317BCC3F9C81E2FC81C86D5A24C59269A77E3824
SHA-256:	B990EFBDA8A50C49CD7FDE5894F3C8F3715CB850F8CC4C10BC03FD92E310260F
SHA-512:	FBC24DD36AF658CECE54BE14C1118AF5FDA4E7C5B99D22F99690A1FD625CC0E8AA41FD9ACCD1C74BB4B03D494B6C3571B24F2EE423AAAE9A5AD50ADC583C52F7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t...t...t....:..t..S....t.......t..S....t..S....t..S....t..5....t...t..dt..5....t..5....t..5.V..t..5....t..Rich.t..........................PE..d...Z.Ae.........." ...#.....................................................@............`.............................................d...$........ ......................0..d....k...............................j..@............... ............................text............................... ..`.rdata..............................@..@.data...(-.......(..................@....pdata..........,..................@..@.rsrc........ ......................@..@.reloc..d....0......................@..B................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.994345648851841
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	11'169'448 bytes
MD5:	fb7aaa1006f70fbfa147b89f23446ed3
SHA1:	203fd93ad7704755f0c6bedb050191f8aedc72cb
SHA256:	ab43d9e4e22c9e9fd0ed8cf7806a074e4b89ed31b752c9e3d949bb10cd2f0794
SHA512:	7f5d089530ecd1207040d927715e12edba8718d67b345f21af6c6b7a039d2c4a3c1d88b8a64967766c980fe7758c404a77a34463eb6870342fa1caab49fcede3
SSDEEP:	196608:dhQgDQsbuTID0pUzPLhQNQm8NkKeN4FMIZETKejPePdrQJ/B/9UQjnPv0kdqfp/:RMpUTLfhJKQETKevJt91jXvd2p
TLSH:	95B633CAE2E006F0C4968678D087C439E7E3757783749BA382F590961B7359BDA3AD31
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................-.....................,.............................................................Rich...........

File Icon


Icon Hash:	23d0cc697123970c

Static PE Info

General

Entrypoint:	0x14000c540
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x6647EA56 [Fri May 17 23:37:58 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	f4f2e2b03fe5666a721620fcea3aea9b

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	12/01/2023 19:00:00 12/01/2026 18:59:59
Subject Chain	CN=Adguard Software Limited, O=Adguard Software Limited, S=Lefkosia, C=CY
Version:	3
Thumbprint MD5:	97CB1ECDC7F0BCBB54ACA397BB03E6D1
Thumbprint SHA-1:	48BAFFCE2694F647A33854183A4B817BB8A7DBEA
Thumbprint SHA-256:	453226C42EB62A278F091B0155200D76DD284A1337795B6EB37A627D414F1284
Serial:	00B138E6660DCA7CC377CB2F6F6027F616

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FAE088030CCh
dec eax
add esp, 28h
jmp 00007FAE08802CEFh
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
dec eax
sub esp, 28h
call 00007FAE08803644h
test eax, eax
je 00007FAE08802E93h
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ecx, dword ptr [eax+08h]
jmp 00007FAE08802E77h
dec eax
cmp ecx, eax
je 00007FAE08802E86h
xor eax, eax
dec eax
cmpxchg dword ptr [00034FACh], ecx
jne 00007FAE08802E60h
xor al, al
dec eax
add esp, 28h
ret
mov al, 01h
jmp 00007FAE08802E69h
int3
int3
int3
dec eax
sub esp, 28h
test ecx, ecx
jne 00007FAE08802E79h
mov byte ptr [00034F95h], 00000001h
call 00007FAE08803451h
call 00007FAE08803A58h
test al, al
jne 00007FAE08802E76h
xor al, al
jmp 00007FAE08802E86h
call 00007FAE088119EFh
test al, al
jne 00007FAE08802E7Bh
xor ecx, ecx
call 00007FAE08803A68h
jmp 00007FAE08802E5Ch
mov al, 01h
dec eax
add esp, 28h
ret
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
cmp byte ptr [00034F5Ch], 00000000h
mov ebx, ecx
jne 00007FAE08802ED9h
cmp ecx, 01h
jnbe 00007FAE08802EDCh
call 00007FAE088035BAh
test eax, eax
je 00007FAE08802E9Ah
test ebx, ebx
jne 00007FAE08802E96h
dec eax
lea ecx, dword ptr [00034F46h]
call 00007FAE088117E2h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3e0bc	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x47000	0x4834	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x43000	0x231c	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0xaa41d0	0x2cd8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4c000	0x758	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3b460	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x3b320	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2c000	0x438	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2afb0	0x2b000	40bf1edebd1304ce1b08c50cb556d4db	False	0.5458416606104651	data	6.5002315273868	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2c000	0x12f36	0x13000	2d50501c59f18357408e5fe74e063ec7	False	0.5160875822368421	data	5.827958533270037	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3f000	0x33b8	0xe00	ae0f42b168987b17129506ccc4960b21	False	0.13392857142857142	firmware 32a2 vdf2d (revision 2569732096) \377\377\377\377 , version 256.0.512, 0 bytes or less, at 0xcd5d20d2 1725235199 bytes , at 0 0 bytes , at 0xffffffff 16777216 bytes	1.8264700601019173	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x43000	0x231c	0x2400	ffc5390666982cab67e3c9bf8e263bc3	False	0.4784071180555556	data	5.382434020909434	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x46000	0x1f4	0x200	771f0b097891d31289bb68f0eb426e66	False	0.529296875	data	3.713242247775091	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x47000	0x4834	0x4a00	ececca37e3bad8066b84c6d7331985d4	False	0.17546452702702703	data	4.249579346146195	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x4c000	0x758	0x800	7ecf18b15822e1aa4c79b9a361f07c79	False	0.546875	data	5.250941834312499	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x470e8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 0	0.14850023618327823
RT_GROUP_ICON	0x4b310	0x14	data	1.05
RT_MANIFEST	0x4b324	0x50d	XML 1.0 document, ASCII text	0.4694508894044857

Imports

DLL	Import
USER32.dll	CreateWindowExW, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
COMCTL32.dll
KERNEL32.dll	IsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, CreateFileW, GetFinalPathNameByHandleW, CloseHandle, GetModuleFileNameW, CreateSymbolicLinkW, GetCPInfo, GetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, GetProcAddress, GetSystemTimeAsFileTime, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
ADVAPI32.dll	OpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
GDI32.dll	SelectObject, DeleteObject, CreateFontIndirectW

Target ID:	0
Start time:	20:05:56
Start date:	17/05/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x7ff75a100000
File size:	11'169'448 bytes
MD5 hash:	FB7AAA1006F70FBFA147B89F23446ED3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	20:05:58
Start date:	17/05/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x7ff75a100000
File size:	11'169'448 bytes
MD5 hash:	FB7AAA1006F70FBFA147B89F23446ED3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	10.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	23.6%
Total number of Nodes:	2000
Total number of Limit Nodes:	40

Executed Functions

Function 00007FF75A101000 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 293
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF75A103F00: GetModuleFileNameW.KERNEL32(?,00007FF75A1039CA), ref: 00007FF75A103F34

SetDllDirectoryW.KERNEL32 ref: 00007FF75A103BD5
PostMessageW.USER32 ref: 00007FF75A103CC3
GetMessageW.USER32 ref: 00007FF75A103CD6
PostMessageW.USER32 ref: 00007FF75A103D61
GetMessageW.USER32 ref: 00007FF75A103D74

Part of subcall function 00007FF75A107D70: GetEnvironmentVariableW.KERNEL32(00007FF75A1039FF), ref: 00007FF75A107DAA
Part of subcall function 00007FF75A107D70: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF75A107DC7

Strings

Failed to convert DLL search path!, xrefs: 00007FF75A103BC5
Failed to initialize security descriptor for temporary directory!, xrefs: 00007FF75A103B53
Cannot side-load external archive %s (code %d)!, xrefs: 00007FF75A103B1F
MEI, xrefs: 00007FF75A103ADA
_MEIPASS2, xrefs: 00007FF75A1039EB, 00007FF75A103A54, 00007FF75A103D32, 00007FF75A103D3E
_PYI_ONEDIR_MODE, xrefs: 00007FF75A103A14, 00007FF75A103A3F
Cannot open PyInstaller archive from executable (%s) or external archive (%s), xrefs: 00007FF75A103AA6

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Message$EnvironmentPost$DirectoryExpandFileModuleNameStringsVariable
String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
API String ID: 2647325126-1544818733
Opcode ID: f252fba84ed4b3c7c8924ffb43d7a4f05c6511aecea4735023743724686940cf
Instruction ID: ec75885722db14c54a79d230bd8c354070d7142c1a7dc279d781bc855bcf3f68
Opcode Fuzzy Hash: f252fba84ed4b3c7c8924ffb43d7a4f05c6511aecea4735023743724686940cf
Instruction Fuzzy Hash: DEC17221A0CA4686FE24FB22B5512BDF2B1BF44788FEC41B1EA5D47696DF3CE5058720

Function 00007FF75A126B50 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF75A126B95

Part of subcall function 00007FF75A1264E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A1264FC

Part of subcall function 00007FF75A11B700: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF75A123B72,?,?,?,00007FF75A123BAF,?,?,00000000,00007FF75A124075,?,?,00000000,00007FF75A123FA7), ref: 00007FF75A11B716
Part of subcall function 00007FF75A11B700: GetLastError.KERNEL32(?,?,?,00007FF75A123B72,?,?,?,00007FF75A123BAF,?,?,00000000,00007FF75A124075,?,?,00000000,00007FF75A123FA7), ref: 00007FF75A11B720

Part of subcall function 00007FF75A11B6B8: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF75A11B697,?,?,?,?,?,00007FF75A1138BC), ref: 00007FF75A11B6C1
Part of subcall function 00007FF75A11B6B8: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF75A11B697,?,?,?,?,?,00007FF75A1138BC), ref: 00007FF75A11B6E6

_get_daylight.LIBCMT ref: 00007FF75A126B84

Part of subcall function 00007FF75A126548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A12655C

_get_daylight.LIBCMT ref: 00007FF75A126DFA
_get_daylight.LIBCMT ref: 00007FF75A126E0B
_get_daylight.LIBCMT ref: 00007FF75A126E1C
GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF75A12705C), ref: 00007FF75A126E43

Strings

Eastern Standard Time, xrefs: 00007FF75A126EE9
Eastern Summer Time, xrefs: 00007FF75A126F01

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureInformationLanguagesLastPreferredPresentProcessProcessorRestoreThreadTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 1458651798-239921721
Opcode ID: 56d1964116cbfe4d62757a50ddd6299317e33075484085a4832de33c5de3456c
Instruction ID: bd3eb6af0f74fb073f4a1466f6accdc816bdc21b36b8be802f8c32801a5bb1f9
Opcode Fuzzy Hash: 56d1964116cbfe4d62757a50ddd6299317e33075484085a4832de33c5de3456c
Instruction Fuzzy Hash: 3FD1CF26E08246C6FF20BF26E8505B9A371EF84794FC84175EA5D47AC5EE3EE4818760

Function 00007FF75A127A9C Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF75A1277D0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A127811
Part of subcall function 00007FF75A1277D0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A12788F
Part of subcall function 00007FF75A1277D0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A1278E0

CreateFileW.KERNELBASE ref: 00007FF75A127BA2
CreateFileW.KERNEL32 ref: 00007FF75A127BF2
GetLastError.KERNEL32 ref: 00007FF75A127C22
GetFileType.KERNELBASE ref: 00007FF75A127C37
GetLastError.KERNEL32 ref: 00007FF75A127C41
CloseHandle.KERNEL32 ref: 00007FF75A127C74
CloseHandle.KERNEL32 ref: 00007FF75A127DD7
CreateFileW.KERNEL32 ref: 00007FF75A127E0C
GetLastError.KERNEL32 ref: 00007FF75A127E1B

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: 8482aad9305a30c551bfc572177b6762c68ebfb4afe3bdfce811c5be068ed5ba
Instruction ID: ce83ebf6ccf732dcb1d9500a0b9952a2f7d8106eed09d66bf2c4f87bd888e806
Opcode Fuzzy Hash: 8482aad9305a30c551bfc572177b6762c68ebfb4afe3bdfce811c5be068ed5ba
Instruction Fuzzy Hash: 97C1CE36B28A4285FF10EF6AE4902AD7771EF49BA8B480275DB2E57394DF39D051C360

Function 00007FF75A107B60 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathW.KERNEL32(00000000,?,00000000,00000000,?,00007FF75A10153F), ref: 00007FF75A107BF7

Part of subcall function 00007FF75A107D70: GetEnvironmentVariableW.KERNEL32(00007FF75A1039FF), ref: 00007FF75A107DAA
Part of subcall function 00007FF75A107D70: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF75A107DC7

Part of subcall function 00007FF75A118610: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A118629

SetEnvironmentVariableW.KERNEL32 ref: 00007FF75A107CB1

Part of subcall function 00007FF75A102B10: MessageBoxW.USER32 ref: 00007FF75A102BE5

Strings

LOADER: Failed to set the TMP environment variable., xrefs: 00007FF75A107BDA
_MEI%d, xrefs: 00007FF75A107C05
TMP, xrefs: 00007FF75A107BC0
TMP, xrefs: 00007FF75A107B9A, 00007FF75A107C59, 00007FF75A107CE7

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
API String ID: 3752271684-1116378104
Opcode ID: 8ca8b3c2351723dac4712d3aa85941f8869fc0faa47b2209596cb44ab2a1f07c
Instruction ID: 8a882a5f0766f8749c6936334dda00be6796f4b84935adfae14b8f22b2cd7e13
Opcode Fuzzy Hash: 8ca8b3c2351723dac4712d3aa85941f8869fc0faa47b2209596cb44ab2a1f07c
Instruction Fuzzy Hash: B7513011F0D65342FE54B722BA162BAF6A16F85BC0FDC44B1ED4E4B796ED2CE4018360

Function 00007FF75A10A76D Relevance: 12.0, Strings: 9, Instructions: 745COMMON

Download Yara Rule

Strings

invalid code -- missing end-of-block, xrefs: 00007FF75A10AB86
invalid distances set, xrefs: 00007FF75A10AC60
invalid code lengths set, xrefs: 00007FF75A10A8ED
too many length or distance symbols, xrefs: 00007FF75A10A906
invalid distance too far back, xrefs: 00007FF75A10B130
invalid bit length repeat, xrefs: 00007FF75A10AB59
invalid distance code, xrefs: 00007FF75A10B074
invalid literal/length code, xrefs: 00007FF75A10AEA2
invalid literal/lengths set, xrefs: 00007FF75A10ABF3

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
API String ID: 0-2665694366
Opcode ID: 63f3ffa9379e1e3dea1ad36e367ec88dcfea323b25a29ef61fa4fbcfb838a92b
Instruction ID: d73006d51ebd8442b47867ffaafdbf812fe15b880b133de9f2e29057727ae7e3
Opcode Fuzzy Hash: 63f3ffa9379e1e3dea1ad36e367ec88dcfea323b25a29ef61fa4fbcfb838a92b
Instruction Fuzzy Hash: C2522772A196A68BEB649F14E548B7E7BB9FF44340F994139E64A877C0DB3CD840CB10

Function 00007FF75A126DCC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF75A126DFA

Part of subcall function 00007FF75A126548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A12655C

_get_daylight.LIBCMT ref: 00007FF75A126E0B

Part of subcall function 00007FF75A1264E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A1264FC

_get_daylight.LIBCMT ref: 00007FF75A126E1C

Part of subcall function 00007FF75A126518: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A12652C

Part of subcall function 00007FF75A11B700: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF75A123B72,?,?,?,00007FF75A123BAF,?,?,00000000,00007FF75A124075,?,?,00000000,00007FF75A123FA7), ref: 00007FF75A11B716
Part of subcall function 00007FF75A11B700: GetLastError.KERNEL32(?,?,?,00007FF75A123B72,?,?,?,00007FF75A123BAF,?,?,00000000,00007FF75A124075,?,?,00000000,00007FF75A123FA7), ref: 00007FF75A11B720

GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF75A12705C), ref: 00007FF75A126E43

Strings

Eastern Standard Time, xrefs: 00007FF75A126EE9
Eastern Summer Time, xrefs: 00007FF75A126F01

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorInformationLanguagesLastPreferredRestoreThreadTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 2248164782-239921721
Opcode ID: 0cf7f24dfb4a0bd8f39e31b491a0646437e2d0057ce543f8c036046d0e64ea90
Instruction ID: ca2dd55ead43a9f404b88b624aef2b72f7a123359d8c62747d354724fde0c6d4
Opcode Fuzzy Hash: 0cf7f24dfb4a0bd8f39e31b491a0646437e2d0057ce543f8c036046d0e64ea90
Instruction Fuzzy Hash: 60517E22E08642C6FB10FF26F8905A9E770FF48784F8841B5EA5D4B695EF3DE4408760

Function 00007FF75A109F3B Relevance: 4.1, Strings: 3, Instructions: 397COMMON

Download Yara Rule

Strings

unknown header flags set, xrefs: 00007FF75A109F85
header crc mismatch, xrefs: 00007FF75A10A3E1
, xrefs: 00007FF75A10A01B

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID: $header crc mismatch$unknown header flags set
API String ID: 0-1127688429
Opcode ID: a8b055446104684f1ad95e328151202d31fdc591d47a14639da6131c49358b20
Instruction ID: b38541bf0cdde8e2c46c29e5cc7d3df5c93fca21c9cc36d072ee1165d403d30c
Opcode Fuzzy Hash: a8b055446104684f1ad95e328151202d31fdc591d47a14639da6131c49358b20
Instruction Fuzzy Hash: 3DF18272A193D54BFBA5AB14E088B3EBABDFF44740F6945B8DA4947390CB38E540C750

Function 00007FF75A108D00 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNELBASE ref: 00007FF75A108D31
FindClose.KERNELBASE ref: 00007FF75A108D40

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: ecdf086f063d1ff4b022191a002e9e17b8509f6d6c47db3a09a7631b022981ea
Instruction ID: 49d8a47bca835463eaaae14517f2fcc581b5749f62c9635bf4f5e57c2580169d
Opcode Fuzzy Hash: ecdf086f063d1ff4b022191a002e9e17b8509f6d6c47db3a09a7631b022981ea
Instruction Fuzzy Hash: E7F08126A1C68587FBA09F64B489766B3A0BF84768F980736D66D066E4DF3CD4088B10

Function 00007FF75A109D9B Relevance: 2.7, Strings: 2, Instructions: 218COMMON

Download Yara Rule

Strings

invalid window size, xrefs: 00007FF75A109F09
incorrect header check, xrefs: 00007FF75A109F22

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID: incorrect header check$invalid window size
API String ID: 0-900081337
Opcode ID: 7b159ed6ab11f424a85810e34fe73a423a8b15e185d016247a9cbb34ea0f7710
Instruction ID: 930df1e04fb2b21b2c9edea81e1d2e3c0fe87f63a0d73677c5cfec0a9e8f51df
Opcode Fuzzy Hash: 7b159ed6ab11f424a85810e34fe73a423a8b15e185d016247a9cbb34ea0f7710
Instruction Fuzzy Hash: 9E91A772A182C587FBA49F14E45CB3E7AB9FF44344F694179DA4A867D0CB38E940CB10

Function 00007FF75A101700 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 148
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

pyi_arch_extract2fs was called before temporary directory was initialized!, xrefs: 00007FF75A101716
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF75A1017F6
Failed to extract %s: failed to open target file!, xrefs: 00007FF75A101780
fwrite, xrefs: 00007FF75A1018DC
fread, xrefs: 00007FF75A1018EC
malloc, xrefs: 00007FF75A10185D
fopen, xrefs: 00007FF75A101787
Failed to extract %s: failed to allocate temporary buffer!, xrefs: 00007FF75A101856
Failed to create symbolic link %s!, xrefs: 00007FF75A101743
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF75A1018E5
Failed to extract %s: failed to write data chunk!, xrefs: 00007FF75A1018D5
Failed to extract %s: failed to open archive file!, xrefs: 00007FF75A1017C9
fseek, xrefs: 00007FF75A1017FD

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Message
String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was initialized!
API String ID: 2030045667-3833288071
Opcode ID: 624b256421d29db674d8af6d4570ff11fabce32e1a86850a83c59ddb8c2b8861
Instruction ID: 2e044d8c475a60404e4df5c7990c467cfd1617d0b49ef7ee1aa9c44c3dde6db1
Opcode Fuzzy Hash: 624b256421d29db674d8af6d4570ff11fabce32e1a86850a83c59ddb8c2b8861
Instruction Fuzzy Hash: E0518D61B0864686FE10BB16F4502BAF3B1BF44BD4FE840B1DE4D4B695EF2DE6458720

Function 00007FF75A101A90 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF75A1084C0: _fread_nolock.LIBCMT ref: 00007FF75A10856A

_fread_nolock.LIBCMT ref: 00007FF75A101B44

Part of subcall function 00007FF75A102870: MessageBoxW.USER32 ref: 00007FF75A10297B

Strings

Failed to seek to cookie position!, xrefs: 00007FF75A101B1C
Could not read full TOC!, xrefs: 00007FF75A101BF9
Could not allocate buffer for TOC!, xrefs: 00007FF75A101BC6
fread, xrefs: 00007FF75A101B56, 00007FF75A101C00
MEI, xrefs: 00007FF75A101AD2
malloc, xrefs: 00007FF75A101BCD
Error on file., xrefs: 00007FF75A101C26
Failed to read cookie!, xrefs: 00007FF75A101B4F
fseek, xrefs: 00007FF75A101B23

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _fread_nolock$Message
String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
API String ID: 677216364-1384898525
Opcode ID: 5cd266322fad664289be317c9edcb8be1e00a69bd2bdfb873c0cbee326175dcc
Instruction ID: da9d59d9c5eeb5bac23cb86277de1b82a84699c78a2cd17b9fa4e60cbba4dc6d
Opcode Fuzzy Hash: 5cd266322fad664289be317c9edcb8be1e00a69bd2bdfb873c0cbee326175dcc
Instruction Fuzzy Hash: F4517A71A08A4286FF14EF25F590179B3F0FF48B84BA98576DA4C87799DE2CE440CB54

Function 00007FF75A108290 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90
processsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF75A108DE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF75A102A9B), ref: 00007FF75A108E1A

SetConsoleCtrlHandler.KERNEL32(00000000,00007FF75A103D8D), ref: 00007FF75A1082DF
GetStartupInfoW.KERNEL32 ref: 00007FF75A1082FE

Part of subcall function 00007FF75A11B234: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A11B248

Part of subcall function 00007FF75A118E54: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A118EBB

GetCommandLineW.KERNEL32 ref: 00007FF75A10839E
CreateProcessW.KERNELBASE ref: 00007FF75A1083E0
WaitForSingleObject.KERNEL32 ref: 00007FF75A1083F4
GetExitCodeProcess.KERNELBASE ref: 00007FF75A108404

Strings

Error creating child process!, xrefs: 00007FF75A108410
CreateProcessW, xrefs: 00007FF75A108417

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
String ID: CreateProcessW$Error creating child process!
API String ID: 2895956056-3524285272
Opcode ID: b7abaf37a347f063a3628d3e0586489636cc93df3d8b7db5f5a9dd5ff1266243
Instruction ID: 9f2838c90aee188da7a1f8b97997b777dc83065664e86d1dcfd7a019736a94f7
Opcode Fuzzy Hash: b7abaf37a347f063a3628d3e0586489636cc93df3d8b7db5f5a9dd5ff1266243
Instruction Fuzzy Hash: E8414E32A08B8282EE20AB64F4452AAF3B4FF94364F940775E6AD47AD5DF7CD4448B50

Function 00007FF75A101050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF75A101249
1.3.1, xrefs: 00007FF75A10107E
malloc, xrefs: 00007FF75A1010F8, 00007FF75A101126
Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF75A10111F
Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF75A1010F1
Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF75A1010B4

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Message
String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2030045667-2813020118
Opcode ID: 57368da15b5c1fc757d8ebe29877bffe9caf0f5a44bcb4222e5bb84d470f2d44
Instruction ID: 1f3304bc530efc5fe85e260f9c00b7d8ced77be35a9a7e67e3675c0863425ffc
Opcode Fuzzy Hash: 57368da15b5c1fc757d8ebe29877bffe9caf0f5a44bcb4222e5bb84d470f2d44
Instruction Fuzzy Hash: B0519F22A0968286FE20BB11B4403BAB2B5FF84794FEC41B5EE4D87795EF3CE5458750

Function 00007FF75A11F9C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF75A11FD5A,?,?,-00000018,00007FF75A11BB0B,?,?,?,00007FF75A11BA02,?,?,?,00007FF75A11698E), ref: 00007FF75A11FB3C
GetProcAddress.KERNEL32(?,?,?,00007FF75A11FD5A,?,?,-00000018,00007FF75A11BB0B,?,?,?,00007FF75A11BA02,?,?,?,00007FF75A11698E), ref: 00007FF75A11FB48

Strings

ext-ms-, xrefs: 00007FF75A11FA99
api-ms-, xrefs: 00007FF75A11FA86

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 92e1c6cccb7ec25b4476ca22e51d2624e921c13e1215ab17a1d429f3080250c2
Instruction ID: 4dc8cf60db08c0cfd0725c8d396f2fc4638653b39cdce550ff57666b8f719f77
Opcode Fuzzy Hash: 92e1c6cccb7ec25b4476ca22e51d2624e921c13e1215ab17a1d429f3080250c2
Instruction Fuzzy Hash: 6E41F235B19A0281FE16EB16B9106B5A3B2BF44BD0F8D4176DD0E97784EE3DE8448364

Function 00007FF75A11C80C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A11CC39

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2632b5e71481f962a6be5ecaceb1e66e49b379a3d4ec77b5f5b6bf13a841888b
Instruction ID: 19961ea47541ebc009def06f25cc2b8d8023ee2e2d10c5b161a97c2b886c52e4
Opcode Fuzzy Hash: 2632b5e71481f962a6be5ecaceb1e66e49b379a3d4ec77b5f5b6bf13a841888b
Instruction Fuzzy Hash: ACC1B122A0C68691FE61AB15B4402BDF7B5EF80BD0F9D41B1DA4E07791EE7CE845C3A0

Function 00007FF75A108860 Relevance: 10.6, APIs: 7, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF75A108880
OpenProcessToken.ADVAPI32 ref: 00007FF75A108891
GetTokenInformation.KERNELBASE ref: 00007FF75A1088B6
GetLastError.KERNEL32 ref: 00007FF75A1088C0
GetTokenInformation.KERNELBASE ref: 00007FF75A108900
ConvertSidToStringSidW.ADVAPI32 ref: 00007FF75A10891C
CloseHandle.KERNEL32 ref: 00007FF75A108934

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID:
API String ID: 995526605-0
Opcode ID: 0a78fddd52e4a4b47c0abd3b9ff92470e3f80b7b026c685fad37238cb9e723cb
Instruction ID: 34dd290ae6a11064918019a8e79161a1dd6aaa9f709c63101f15578ad132bf71
Opcode Fuzzy Hash: 0a78fddd52e4a4b47c0abd3b9ff92470e3f80b7b026c685fad37238cb9e723cb
Instruction Fuzzy Hash: CF214F35A0CA4282FE10AB55F54016AF7B1FFC57A0FA80275EAAD43AE4DF6CE4548724

Function 00007FF75A108B80 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF75A108860: GetCurrentProcess.KERNEL32 ref: 00007FF75A108880
Part of subcall function 00007FF75A108860: OpenProcessToken.ADVAPI32 ref: 00007FF75A108891
Part of subcall function 00007FF75A108860: GetTokenInformation.KERNELBASE ref: 00007FF75A1088B6
Part of subcall function 00007FF75A108860: GetLastError.KERNEL32 ref: 00007FF75A1088C0
Part of subcall function 00007FF75A108860: GetTokenInformation.KERNELBASE ref: 00007FF75A108900
Part of subcall function 00007FF75A108860: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF75A10891C
Part of subcall function 00007FF75A108860: CloseHandle.KERNEL32 ref: 00007FF75A108934

LocalFree.KERNEL32(00000000,00007FF75A103B4E), ref: 00007FF75A108C0C
LocalFree.KERNEL32 ref: 00007FF75A108C15

Strings

S-1-3-4, xrefs: 00007FF75A108BC1
D:(A;;FA;;;%s)(A;;FA;;;%s), xrefs: 00007FF75A108BE2
D:(A;;FA;;;%s), xrefs: 00007FF75A108BF7
Security descriptor string length exceeds PATH_MAX!, xrefs: 00007FF75A108C23

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PATH_MAX!
API String ID: 6828938-1817031585
Opcode ID: b6111afcc3eeb0b408ea35522252114c0c7814765020da058c7306c730e1b11f
Instruction ID: 6773af77c00df76d75b36ff76d426720ffdeea3dc4dcec17ec235b448915b955
Opcode Fuzzy Hash: b6111afcc3eeb0b408ea35522252114c0c7814765020da058c7306c730e1b11f
Instruction Fuzzy Hash: DE218C22A0CA4682FE10BB21F5056EAB671BF88380FD805B2E94D57696DF3CE9058760

Function 00007FF75A103F00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00007FF75A1039CA), ref: 00007FF75A103F34

Part of subcall function 00007FF75A1029C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF75A108AF2,?,?,?,?,?,?,?,?,?,?,?,00007FF75A10101D), ref: 00007FF75A1029F4
Part of subcall function 00007FF75A1029C0: MessageBoxW.USER32 ref: 00007FF75A102AD0

Strings

Failed to get executable path., xrefs: 00007FF75A103F3E
GetModuleFileNameW, xrefs: 00007FF75A103F45
Failed to convert executable path to UTF-8., xrefs: 00007FF75A103F70

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ErrorFileLastMessageModuleName
String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
API String ID: 2581892565-1977442011
Opcode ID: 7ef307d93855c796adb502a26685baad3249a75f128fd8c4618b636fbd62cd4f
Instruction ID: 6efe5969028a8a7c3972ee19e09041124a803053c4cdbe1d8519591d140a4396
Opcode Fuzzy Hash: 7ef307d93855c796adb502a26685baad3249a75f128fd8c4618b636fbd62cd4f
Instruction Fuzzy Hash: 37116325B1854382FE21B721F8513FAF274BF487C4FE80472E94E8A699EE6CE5448731

Function 00007FF75A11DD10 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF75A11DCFB), ref: 00007FF75A11DE2C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF75A11DCFB), ref: 00007FF75A11DEB7

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: e5bc4118b78d7803f2849d3b40dbb6165d02ed41efd1a206ffcb3739746c0941
Instruction ID: b131783489e39117a03cbef428e029fb7397b7f5d92f30894dc74c351b4881e8
Opcode Fuzzy Hash: e5bc4118b78d7803f2849d3b40dbb6165d02ed41efd1a206ffcb3739746c0941
Instruction Fuzzy Hash: 0991C572F08A5285FF50AF65A4406BDABB1AF50BC8F9841B5DE0E57684DF38D442C3B0

Function 00007FF75A1204DC Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF75A1205CC
_get_daylight.LIBCMT ref: 00007FF75A1205DD
_get_daylight.LIBCMT ref: 00007FF75A1205EE
_isindst.LIBCMT ref: 00007FF75A1206B9

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _get_daylight$_isindst
String ID:
API String ID: 4170891091-0
Opcode ID: a806384fd3dbc637569f566945d79e9d0f9a49a7dde5cce1babac435a7d8ed95
Instruction ID: 06ca83cbb515f68ef3987cb4b78a579d43f210a6327c05b35db0ce11672f93a5
Opcode Fuzzy Hash: a806384fd3dbc637569f566945d79e9d0f9a49a7dde5cce1babac435a7d8ed95
Instruction Fuzzy Hash: D7510272F05212CAFF14EF75A9456BCA6B1AF40398F980275ED1F52AE4DE39E8428710

Function 00007FF75A116044 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE ref: 00007FF75A116077
GetFileInformationByHandle.KERNELBASE ref: 00007FF75A1160D9
GetLastError.KERNEL32 ref: 00007FF75A11616A
PeekNamedPipe.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,?,00007FF75A115F7C), ref: 00007FF75A1161B6

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: File$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 2780335769-0
Opcode ID: bf9e299d8a19087a057b397dc8e4afdf64a098b67ef913149ee4b49067ca2483
Instruction ID: bde70c4c866aa82894dfc3ec51560325790ac76a9ab3fe6e0cc296d01b3742a2
Opcode Fuzzy Hash: bf9e299d8a19087a057b397dc8e4afdf64a098b67ef913149ee4b49067ca2483
Instruction Fuzzy Hash: 4C519F22E086418AFB10EFB1E8403BDB3B5AF84B98F588575DE1D47689DF39D54187A0

Function 00007FF75A115EF0 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A115F1D
CreateFileW.KERNELBASE ref: 00007FF75A115F5C
CloseHandle.KERNEL32 ref: 00007FF75A115F91

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: 83590a85ef91dfeaaf5391bcb7c84269641a6271a066e8b030d9dbe54c1e2ad9
Instruction ID: 2036547937735f1708089b41ce64d38f08f41e6b9674902ab49d7fd43f87cb7a
Opcode Fuzzy Hash: 83590a85ef91dfeaaf5391bcb7c84269641a6271a066e8b030d9dbe54c1e2ad9
Instruction Fuzzy Hash: 1241A122D1878283FB54AB21A5003B9A270FF947A4F549374E69C07AD5DF7CE5E48790

Function 00007FF75A10C3CC Relevance: 4.6, APIs: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF75A10C59C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF75A10C5B0

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF75A10C3F0
__scrt_release_startup_lock.LIBCMT ref: 00007FF75A10C45E
__scrt_get_show_window_mode.LIBCMT ref: 00007FF75A10C4B1

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: 938979ff9ac9d44dbfab48857d59c896d8492b2b8f443a18d798d15505071169
Instruction ID: 94e693a06e9bbc00ba2298d1805a705328ed39e03d8db27a9274f04d112597e9
Opcode Fuzzy Hash: 938979ff9ac9d44dbfab48857d59c896d8492b2b8f443a18d798d15505071169
Instruction Fuzzy Hash: 75311B21E0C25242FE64B765B4513BAB2F1BF41384FEC50B5EA4E8B2D7DE2CA4058B70

Function 00007FF75A11A7E4 Relevance: 4.5, APIs: 3, Instructions: 14COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF75A11A7E0), ref: 00007FF75A11A7F5
TerminateProcess.KERNEL32(?,?,?,00007FF75A11A7E0), ref: 00007FF75A11A800
ExitProcess.KERNEL32 ref: 00007FF75A11A80F

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: a9ca9fd944998b9103efb0079ab816177775b60747cbceda43ee2d2e97830e0f
Instruction ID: 92f90639b89c256d4ef944a2f74a4c7dfa2a1f6cf4fed3a8dea789876dc35a59
Opcode Fuzzy Hash: a9ca9fd944998b9103efb0079ab816177775b60747cbceda43ee2d2e97830e0f
Instruction Fuzzy Hash: E6D09E10F1871286FF143B72789507996319F58B42F9854B8C90B06393CD6DE84E83A5

Function 00007FF75A108D80 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE ref: 00007FF75A108DC0

Part of subcall function 00007FF75A102C30: MessageBoxW.USER32 ref: 00007FF75A102D05

Strings

Security descriptor is not initialized!, xrefs: 00007FF75A108D90

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: CreateDirectoryMessage
String ID: Security descriptor is not initialized!
API String ID: 73271072-986317556
Opcode ID: cb4d7abd45f9f406bb8e9fa743bd3ea339ce9ab77a45f8f760c2574a3479da4c
Instruction ID: b204d2953101e19e1eef29c7f732d2633ff3ec9718b0d11196e12a50eea8e7ab
Opcode Fuzzy Hash: cb4d7abd45f9f406bb8e9fa743bd3ea339ce9ab77a45f8f760c2574a3479da4c
Instruction Fuzzy Hash: 7BE06D71A18B46C2FE50AB24F805269B3B0BF61354FD80374E54C8A3E4DF3CD2098B00

Function 00007FF75A110A6C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A110AB0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A110BA7

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: cf177395047abfa4e851662a110b86e3e3c378c626585af56caf23d5c147307d
Instruction ID: ba7869cf057a15a75e168b966117217b4a55a8f8a6cf123b45fa7f8f45946f6f
Opcode Fuzzy Hash: cf177395047abfa4e851662a110b86e3e3c378c626585af56caf23d5c147307d
Instruction Fuzzy Hash: C251E561F0964186FE28BE35B54077AE2A1AF44BE8F9C4770DD6D077C9CE3CE44186A0

Function 00007FF75A11B910 Relevance: 3.1, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF75A11B78D,?,?,00000000,00007FF75A11B842), ref: 00007FF75A11B97E
GetLastError.KERNEL32(?,?,?,00007FF75A11B78D,?,?,00000000,00007FF75A11B842), ref: 00007FF75A11B988

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ChangeCloseErrorFindLastNotification
String ID:
API String ID: 1687624791-0
Opcode ID: 3fd0f83af0628cda6e58ba1b17cfc613668cd8d43ebee099ac9aff2e4f27651a
Instruction ID: 26403dce43bf9e267e4072e4625599e491bc11b78f830670891018e0f5b3b3ba
Opcode Fuzzy Hash: 3fd0f83af0628cda6e58ba1b17cfc613668cd8d43ebee099ac9aff2e4f27651a
Instruction Fuzzy Hash: 4F21F661F0C64641FE907725B59027896A35F84BA4F8C43F5DA2E473D2EE2CE44683A0

Function 00007FF75A11CEE4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF75A11D07D), ref: 00007FF75A11CF30
GetLastError.KERNEL32(?,?,?,?,?,00007FF75A11D07D), ref: 00007FF75A11CF3A

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 5a688e03e61d2ba522e05303caa220c229835d3c67e189c94220df843fa187e3
Instruction ID: 5f5e4a6a733d1227fd59b04c7710730dbfe35efc66768127f8c1b4ef84ef42f0
Opcode Fuzzy Hash: 5a688e03e61d2ba522e05303caa220c229835d3c67e189c94220df843fa187e3
Instruction Fuzzy Hash: 1F11B265708A8281EE20AB29B404169F371AF45BF4F984371EA7D0B7D9CF3CD0548780

Function 00007FF75A1161EC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF75A116101), ref: 00007FF75A11621F
SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF75A116101), ref: 00007FF75A116235

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Time$System$FileLocalSpecific
String ID:
API String ID: 1707611234-0
Opcode ID: 94d9743ddc59f1ec6d0c8066f19f46560215df41a9b86dc953b2c7251607b198
Instruction ID: 75c684d84f6b0cb3b3d0d1d126741eb4297cd5a2bd8a740d873e2427071583c4
Opcode Fuzzy Hash: 94d9743ddc59f1ec6d0c8066f19f46560215df41a9b86dc953b2c7251607b198
Instruction Fuzzy Hash: 18119172A0C64282FF54AB55F40113AF7B4FF84761F940275EAAE819E8EF2DD044CB60

Function 00007FF75A1188E0 Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF75A11875D), ref: 00007FF75A118903
SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF75A11875D), ref: 00007FF75A118919

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Time$System$FileLocalSpecific
String ID:
API String ID: 1707611234-0
Opcode ID: 4ed2e9fa1167940cfa5aca87292fc65ce3ac60374052c1fe1dcdfc496945e827
Instruction ID: 5a167b0b0a03ff8bb279bdc0855d18d80f40c07dd5e4849b9bc561317efacb0e
Opcode Fuzzy Hash: 4ed2e9fa1167940cfa5aca87292fc65ce3ac60374052c1fe1dcdfc496945e827
Instruction Fuzzy Hash: 4601823250C256C2FB606B15B40123AF7B2FF81761FA44276E7A9015D8EF3DD000DB20

Function 00007FF75A11B700 Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF75A123B72,?,?,?,00007FF75A123BAF,?,?,00000000,00007FF75A124075,?,?,00000000,00007FF75A123FA7), ref: 00007FF75A11B716
GetLastError.KERNEL32(?,?,?,00007FF75A123B72,?,?,?,00007FF75A123BAF,?,?,00000000,00007FF75A124075,?,?,00000000,00007FF75A123FA7), ref: 00007FF75A11B720

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ErrorLanguagesLastPreferredRestoreThread
String ID:
API String ID: 588628887-0
Opcode ID: c0904582055235206b637bb6fb630becad907d152bf6a94a3ba36ee294329771
Instruction ID: c9a17ef89d7d1d24db96ebc9eb8478611826938293cc16293f96209898ccaecc
Opcode Fuzzy Hash: c0904582055235206b637bb6fb630becad907d152bf6a94a3ba36ee294329771
Instruction Fuzzy Hash: DBE0CD14F0D20283FF147BF274D557592B14F84750FCC04B0DA0D4A3A1DE3CA88582B4

Function 00007FF75A118648 Relevance: 3.0, APIs: 2, Instructions: 12COMMON

Download Yara Rule

APIs

RemoveDirectoryW.KERNELBASE ref: 00007FF75A11864C
GetLastError.KERNEL32 ref: 00007FF75A118656

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: DirectoryErrorLastRemove
String ID:
API String ID: 377330604-0
Opcode ID: 37b4a7e4d00d01a0eafeac234b577e395ecf372998b901b949fd5718f631df3e
Instruction ID: 95b8201d3bcce5d3045bd5553701c61d8f55a0bf0d1e4d38e324b209646bc348
Opcode Fuzzy Hash: 37b4a7e4d00d01a0eafeac234b577e395ecf372998b901b949fd5718f631df3e
Instruction Fuzzy Hash: 72D0A904E08102C1FE1037B6284003894B02F40774FE806B0C11D801D0DE2CA04685A2

Function 00007FF75A118ECC Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE ref: 00007FF75A118ED0
GetLastError.KERNEL32 ref: 00007FF75A118EDA

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID:
API String ID: 2018770650-0
Opcode ID: b1319888d58344e1d146038dbe51c945b0a95c66f9246088a0a26429922302e0
Instruction ID: 9da458623ee49cbd2d82fa1892235bebcc2d95e54937f39c797ebadccd22093c
Opcode Fuzzy Hash: b1319888d58344e1d146038dbe51c945b0a95c66f9246088a0a26429922302e0
Instruction Fuzzy Hash: 8AD0C918E2950382FE1437B6288557995B82F44760FE807F0D12D811D0DE1CA09501A5

Function 00007FF75A107F50 Relevance: 1.6, APIs: 1, Instructions: 141COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF75A108DE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF75A102A9B), ref: 00007FF75A108E1A

_findclose.LIBCMT ref: 00007FF75A1081A9

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ByteCharMultiWide_findclose
String ID:
API String ID: 2772937645-0
Opcode ID: aa2a36deec39c3a11ec2b62d31fe43dc86d3decf01d493f1b5c8a3539a39b282
Instruction ID: a0f12c88b8164171e8b6c49ac95a648ae00eb969757a9386e41b63f312ef5d25
Opcode Fuzzy Hash: aa2a36deec39c3a11ec2b62d31fe43dc86d3decf01d493f1b5c8a3539a39b282
Instruction Fuzzy Hash: 5E716152E18AC581EA11DB2CD5052FDB370FBA9B48F98E331DB9C12596EF28E2D5C710

Function 00007FF75A11CC5C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A11CC84

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 23588c1d4a76148e9b0b46970dab15bc80394bd809d2a1daf00a983cf625f788
Instruction ID: 6f5979850b8e6305f1f60ad3842ee44f627c55deb7f1fd95d5b5f53fdf9f7269
Opcode Fuzzy Hash: 23588c1d4a76148e9b0b46970dab15bc80394bd809d2a1daf00a983cf625f788
Instruction Fuzzy Hash: E141C53290964187FE24AB29F54027EB7B0EF56790F9801B1D68D83690CF2DE403C7E1

Function 00007FF75A1084C0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF75A10856A

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: abb0a441ba213b71513b42266341038178bc818bc484ec2583296a54737cf4fb
Instruction ID: e9a77bc96eac20fa7aac7fe4f2594fd56c88efaa21608c8f2deb2f130a95f380
Opcode Fuzzy Hash: abb0a441ba213b71513b42266341038178bc818bc484ec2583296a54737cf4fb
Instruction Fuzzy Hash: 09216D21B0D69686FE50BE12B9047FAFAA1BF45BD4FDC4470EE0D46786DE3CE0418614

Function 00007FF75A11C6EC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A11C772

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 9d46e4dc1c7706e1baa247f93764384ede75e9bcf433252d370e5f4900f7c3d5
Instruction ID: 0b17efb34f098afe35eec14cda30471aa666926f1c5c22fafd64da37a0bc85d9
Opcode Fuzzy Hash: 9d46e4dc1c7706e1baa247f93764384ede75e9bcf433252d370e5f4900f7c3d5
Instruction Fuzzy Hash: AF31AE22E1865285FF11BF15A881378E6B0AF40BE1F8902B5DA5D073D2DFBCA44287B1

Function 00007FF75A11A715 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF75A11A743

Part of subcall function 00007FF75A11A83C: GetModuleHandleExW.KERNEL32 ref: 00007FF75A11A861
Part of subcall function 00007FF75A11A83C: GetProcAddress.KERNEL32 ref: 00007FF75A11A877
Part of subcall function 00007FF75A11A83C: FreeLibrary.KERNEL32 ref: 00007FF75A11A89E

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 9c0127de50016242ddc74074b6af7f5d0c7ecdfc40d630aae62ff1a96a90ed2f
Instruction ID: 249153f79fa7a78f222170309f033ed2655a47cadbc28a4a95aa0e998224447f
Opcode Fuzzy Hash: 9c0127de50016242ddc74074b6af7f5d0c7ecdfc40d630aae62ff1a96a90ed2f
Instruction Fuzzy Hash: F0216B36A04B0589FF24AF64E4806FC7BB0EF44718F88067AD65D06AD5DF39D585C7A0

Function 00007FF75A1169E4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A116949

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: a12511eb413a20500788068782fa49ddb1fe92b02a1e7189881bce5d81ea64e9
Instruction ID: 0adafb8713a0e3926ffee04c9123f2335a9740f3e95b0f39caa2380eafb22bd7
Opcode Fuzzy Hash: a12511eb413a20500788068782fa49ddb1fe92b02a1e7189881bce5d81ea64e9
Instruction Fuzzy Hash: 3111C321A0D28586FE60BF11F500279E2B5AF84B80FCC0071EA8C07B86EF3DE40087A0

Function 00007FF75A12748C Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A1274AF

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 14b88cdde8f100e0c11df9c25968cfa6048feb9caeb9ba24198eb79990a08c61
Instruction ID: 40e2d0ac497bbe461b145c660a8e48b8d876a0da6332b502ae196ac419459911
Opcode Fuzzy Hash: 14b88cdde8f100e0c11df9c25968cfa6048feb9caeb9ba24198eb79990a08c61
Instruction Fuzzy Hash: B8218332A18A8186EF61AF19F45037AB7B1EF84BA4F984234E65D476D5EF3DD4018B10

Function 00007FF75A110CEC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A110D40

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: cb4a28c9cfe68d4bf5caf65282be0dfe2d74942f75b7edef78e8fd4dc80d0569
Instruction ID: db68b17f1f3e80877c4b841feb2e0165bd3a0c6e31bb81c75f728ae21fad6def
Opcode Fuzzy Hash: cb4a28c9cfe68d4bf5caf65282be0dfe2d74942f75b7edef78e8fd4dc80d0569
Instruction Fuzzy Hash: 0D015E61E0874141FE04AB62A9001A9E6B5AF95FE0F8C46B1EE6C5BBDADE3CE5018350

Function 00007FF75A11F948 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,00007FF75A11C196,?,?,?,00007FF75A11B35B,?,?,00000000,00007FF75A11B5F6), ref: 00007FF75A11F99D

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 83da86fcac40c5efe6be46efa8cccb7ed61db28345aee0e9c2556edc7e0339ef
Instruction ID: a6f2697eea1bab539364d18201cdc887384877d5c97adc3a9ecc855b3c86318f
Opcode Fuzzy Hash: 83da86fcac40c5efe6be46efa8cccb7ed61db28345aee0e9c2556edc7e0339ef
Instruction Fuzzy Hash: 24F0C200B0930A91FE14776274503B5C2B24F88B80FCC40B1DD0F463C5FE1CE4808271

Function 00007FF75A11E3AC Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,?,?,00007FF75A111514,?,?,?,00007FF75A112A26,?,?,?,?,?,00007FF75A114019), ref: 00007FF75A11E3EA

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d8b55510c5610d80ab4c44b86d687719a9e038cf882b555fd49ed5282eff217e
Instruction ID: e61b7a10a8a88fd6e10c6fd4435542a22e43e31766ebcf6773f97e38998a6775
Opcode Fuzzy Hash: d8b55510c5610d80ab4c44b86d687719a9e038cf882b555fd49ed5282eff217e
Instruction Fuzzy Hash: F9F05E10F2D28285FE2576A27850679D2B04F447A0FCC06B0DD2E866C1DE2CE48182BA

Function 00007FF75A115B00 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF75A11FF54: DeleteCriticalSection.KERNEL32 ref: 00007FF75A11FFC7

DeleteCriticalSection.KERNEL32 ref: 00007FF75A115B31

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: CriticalDeleteSection
String ID:
API String ID: 166494926-0
Opcode ID: 70cb572a17e4ae51ee1f214201d3cf8466319a562858284c45fcaed274c90f17
Instruction ID: cbba573be03c590b8d9d8a6a52c32806ed4c61848d2661cbd2567ef06f73030d
Opcode Fuzzy Hash: 70cb572a17e4ae51ee1f214201d3cf8466319a562858284c45fcaed274c90f17
Instruction Fuzzy Hash: D0F03055E8890A81FF00BBAAF89137493F0EFD8755FC800B2C94E062629D5CA0848271

Function 00007FF75A1085F0 Relevance: 1.3, APIs: 1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: DirectoryErrorLastRemove
String ID:
API String ID: 377330604-0
Opcode ID: e140006c7abab774a19e08411b5018998d542d9efd9fe9fe0f362e7ec3b7c894
Instruction ID: 803dc91678461e8f63667ae6f8fa894c2556b6fd6854dca2aa57c30754d75b90
Opcode Fuzzy Hash: e140006c7abab774a19e08411b5018998d542d9efd9fe9fe0f362e7ec3b7c894
Instruction Fuzzy Hash: 45419A16D1CAC542FB11AB24A5012FDB770FF95784F999272DB8D42297EF28A5D8C320

Non-executed Functions

Function 00007FF75A1053F0 Relevance: 233.1, APIs: 44, Strings: 89, Instructions: 363libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,?,00000000,00007FF75A10344E), ref: 00007FF75A105400
GetProcAddress.KERNEL32(?,?,00000000,00007FF75A10344E), ref: 00007FF75A10543A
GetProcAddress.KERNEL32(?,?,00000000,00007FF75A10344E), ref: 00007FF75A10545F
GetProcAddress.KERNEL32(?,?,00000000,00007FF75A10344E), ref: 00007FF75A105484
GetProcAddress.KERNEL32(?,?,00000000,00007FF75A10344E), ref: 00007FF75A1054AC
GetProcAddress.KERNEL32(?,?,00000000,00007FF75A10344E), ref: 00007FF75A1054D4
GetProcAddress.KERNEL32(?,?,00000000,00007FF75A10344E), ref: 00007FF75A1054FC
GetProcAddress.KERNEL32(?,?,00000000,00007FF75A10344E), ref: 00007FF75A105524
GetProcAddress.KERNEL32(?,?,00000000,00007FF75A10344E), ref: 00007FF75A10554C
GetProcAddress.KERNEL32(?,?,00000000,00007FF75A10344E), ref: 00007FF75A105574

Strings

PySys_SetObject, xrefs: 00007FF75A1059A2
Failed to get address for PyStatus_Exception, xrefs: 00007FF75A10596E
PyList_Append, xrefs: 00007FF75A10579A
PyErr_Clear, xrefs: 00007FF75A10560A
Failed to get address for PyConfig_SetString, xrefs: 00007FF75A1055D6
Failed to get address for PyObject_CallFunction, xrefs: 00007FF75A105856
Failed to get address for PyUnicode_Join, xrefs: 00007FF75A105AAE
PyObject_CallFunctionObjArgs, xrefs: 00007FF75A105862
Py_InitializeFromConfig, xrefs: 00007FF75A1054A2
Failed to get address for PyList_Append, xrefs: 00007FF75A1057B6
Failed to get address for PyErr_Occurred, xrefs: 00007FF75A10569E
PyConfig_SetBytesString, xrefs: 00007FF75A105592
Failed to get address for PyImport_AddModule, xrefs: 00007FF75A10573E
PyErr_Fetch, xrefs: 00007FF75A105632
Failed to get address for PyUnicode_Replace, xrefs: 00007FF75A105AD6
Failed to get address for PyObject_CallFunctionObjArgs, xrefs: 00007FF75A10587E
PyImport_ImportModule, xrefs: 00007FF75A105772
PyImport_AddModule, xrefs: 00007FF75A105722
Py_Finalize, xrefs: 00007FF75A10547A
PyConfig_InitIsolatedConfig, xrefs: 00007FF75A105542
Failed to get address for PyImport_ImportModule, xrefs: 00007FF75A10578E
Failed to get address for PySys_SetObject, xrefs: 00007FF75A1059BE
Failed to get address for PyObject_SetAttrString, xrefs: 00007FF75A1058CE
Failed to get address for PySys_GetObject, xrefs: 00007FF75A105996
Failed to get address for PyErr_Fetch, xrefs: 00007FF75A10564E
Failed to get address for PyUnicode_Decode, xrefs: 00007FF75A105A0E
PyObject_Str, xrefs: 00007FF75A1058DA
Failed to get address for PyUnicode_FromString, xrefs: 00007FF75A105A86
PyUnicode_DecodeFSDefault, xrefs: 00007FF75A105A1A
PyObject_SetAttrString, xrefs: 00007FF75A1058B2
PyUnicode_Join, xrefs: 00007FF75A105A92
Failed to get address for PyRun_SimpleStringFlags, xrefs: 00007FF75A105946
GetProcAddress, xrefs: 00007FF75A105419
PyUnicode_FromFormat, xrefs: 00007FF75A105A42
Failed to get address for PyUnicode_FromFormat, xrefs: 00007FF75A105A5E
PyPreConfig_InitIsolatedConfig, xrefs: 00007FF75A105902
Py_PreInitialize, xrefs: 00007FF75A1054F2
PyConfig_SetString, xrefs: 00007FF75A1055BA
PyObject_GetAttrString, xrefs: 00007FF75A10588A
PyUnicode_Decode, xrefs: 00007FF75A1059F2
Failed to get address for PyErr_Clear, xrefs: 00007FF75A105626
PyConfig_Clear, xrefs: 00007FF75A10551A
Failed to get address for Py_DecRef, xrefs: 00007FF75A105412
Failed to get address for PyImport_ExecCodeModule, xrefs: 00007FF75A105766
PyConfig_SetWideStringList, xrefs: 00007FF75A1055E2
PyModule_GetDict, xrefs: 00007FF75A105812
Failed to get address for PyUnicode_DecodeFSDefault, xrefs: 00007FF75A105A36
PyMarshal_ReadObjectFromString, xrefs: 00007FF75A1057C2
Failed to get address for PyObject_GetAttrString, xrefs: 00007FF75A1058A6
PyImport_ExecCodeModule, xrefs: 00007FF75A10574A
PyUnicode_AsUTF8, xrefs: 00007FF75A1059CA
PyEval_EvalCode, xrefs: 00007FF75A1056FA
PyConfig_Read, xrefs: 00007FF75A10556A
Failed to get address for Py_Finalize, xrefs: 00007FF75A105496
Failed to get address for PyMarshal_ReadObjectFromString, xrefs: 00007FF75A1057DE
Failed to get address for PyMem_RawFree, xrefs: 00007FF75A105806
Py_DecRef, xrefs: 00007FF75A1053F6
PyMem_RawFree, xrefs: 00007FF75A1057EA
Failed to get address for Py_PreInitialize, xrefs: 00007FF75A10550E
PyErr_NormalizeException, xrefs: 00007FF75A10565A
PyObject_CallFunction, xrefs: 00007FF75A10583A
Failed to get address for Py_DecodeLocale, xrefs: 00007FF75A10544C
Failed to get address for Py_IsInitialized, xrefs: 00007FF75A1054E6
Failed to get address for Py_ExitStatusException, xrefs: 00007FF75A105471
Failed to get address for PyConfig_SetWideStringList, xrefs: 00007FF75A1055FE
Failed to get address for PyUnicode_AsUTF8, xrefs: 00007FF75A1059E6
PyStatus_Exception, xrefs: 00007FF75A105952
PyRun_SimpleStringFlags, xrefs: 00007FF75A10592A
Failed to get address for PyConfig_Read, xrefs: 00007FF75A105586
Failed to get address for PyConfig_Clear, xrefs: 00007FF75A105536
Failed to get address for PyConfig_InitIsolatedConfig, xrefs: 00007FF75A10555E
PySys_GetObject, xrefs: 00007FF75A10597A
Py_ExitStatusException, xrefs: 00007FF75A105455
PyErr_Occurred, xrefs: 00007FF75A105682
Failed to get address for PyErr_Restore, xrefs: 00007FF75A1056EE
PyUnicode_Replace, xrefs: 00007FF75A105ABA
PyErr_Restore, xrefs: 00007FF75A1056D2
Failed to get address for PyObject_Str, xrefs: 00007FF75A1058F6
Failed to get address for Py_InitializeFromConfig, xrefs: 00007FF75A1054BE
Failed to get address for PyErr_NormalizeException, xrefs: 00007FF75A105676
Failed to get address for PyErr_Print, xrefs: 00007FF75A1056C6
Failed to get address for PyConfig_SetBytesString, xrefs: 00007FF75A1055AE
Failed to get address for PyPreConfig_InitIsolatedConfig, xrefs: 00007FF75A10591E
PyUnicode_FromString, xrefs: 00007FF75A105A6A
PyErr_Print, xrefs: 00007FF75A1056AA
Py_IsInitialized, xrefs: 00007FF75A1054CA
Failed to get address for PyModule_GetDict, xrefs: 00007FF75A10582E
Failed to get address for PyEval_EvalCode, xrefs: 00007FF75A105716
Py_DecodeLocale, xrefs: 00007FF75A105430

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: AddressProc
String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
API String ID: 190572456-4266016200
Opcode ID: 849092ee313d90182648ac5091f6841dd271f5938a0293141bcf3cafd9cdb4f6
Instruction ID: c52efdb00596baf695e5516e65e3b7ab6f76e167c591ffd8047a03ecb02dff42
Opcode Fuzzy Hash: 849092ee313d90182648ac5091f6841dd271f5938a0293141bcf3cafd9cdb4f6
Instruction Fuzzy Hash: CF129064A4AB03D1FE55AB06F894174B3B1BF447A5BEC90B5D80E062A4FF7EE5488331

Function 00007FF75A124EFC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF75A124F4A
_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A1255B6
_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A12572C
_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A1259EA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A125C0A
_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A125E47
memcpy_s.LIBCPMT ref: 00007FF75A125F22
memcpy_s.LIBCPMT ref: 00007FF75A125FCD
memcpy_s.LIBCPMT ref: 00007FF75A12609C

Strings

1#SNAN, xrefs: 00007FF75A12505A
1#INF, xrefs: 00007FF75A125073
1#IND, xrefs: 00007FF75A125037
1#QNAN, xrefs: 00007FF75A125063

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: c804c22466df2b92b362f5d1d066b057dea08e8c29dc99d8cb90910c2247e431
Instruction ID: d29e3ae7dc5879983afdba2e78372958fca9da0bc18cb2242c0ce810b37d007e
Opcode Fuzzy Hash: c804c22466df2b92b362f5d1d066b057dea08e8c29dc99d8cb90910c2247e431
Instruction Fuzzy Hash: 67B2D572E18282CBFB249E66E5807FDB7B2FF44394F885175DA0957A84DB3DE9008B50

Function 00007FF75A108770 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,00007FF75A102A3E,?,?,?,?,?,?,?,?,?,?,?,00007FF75A10101D), ref: 00007FF75A108797
FormatMessageW.KERNEL32 ref: 00007FF75A1087C6
WideCharToMultiByte.KERNEL32 ref: 00007FF75A10881C

Part of subcall function 00007FF75A1029C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF75A108AF2,?,?,?,?,?,?,?,?,?,?,?,00007FF75A10101D), ref: 00007FF75A1029F4
Part of subcall function 00007FF75A1029C0: MessageBoxW.USER32 ref: 00007FF75A102AD0

Strings

PyInstaller: FormatMessageW failed., xrefs: 00007FF75A1087E3
FormatMessageW, xrefs: 00007FF75A1087D7
No error messages generated., xrefs: 00007FF75A1087D0
WideCharToMultiByte, xrefs: 00007FF75A10882D
Failed to encode wchar_t as UTF-8., xrefs: 00007FF75A108826
PyInstaller: pyi_win32_utils_to_utf8 failed., xrefs: 00007FF75A108839

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ErrorLastMessage$ByteCharFormatMultiWide
String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
API String ID: 2920928814-2573406579
Opcode ID: 71548051bea7547f5d5b972cb2661fdb12455c7e02de19cea235076eba1ea75f
Instruction ID: b2e0f4b6ab87501c30c18888f4135d7ccac2c2ffdb2535431347fcd36e598088
Opcode Fuzzy Hash: 71548051bea7547f5d5b972cb2661fdb12455c7e02de19cea235076eba1ea75f
Instruction Fuzzy Hash: 36216031A0CA46C2FF60AB15F8442BAB675BF88744FD80175D68D866A8EF3CE5458720

Function 00007FF75A10C8BC Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF75A10C8D8
RtlCaptureContext.KERNEL32 ref: 00007FF75A10C905
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF75A10C91F
RtlVirtualUnwind.KERNEL32 ref: 00007FF75A10C960
IsDebuggerPresent.KERNEL32 ref: 00007FF75A10C9B4
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF75A10C9D1
UnhandledExceptionFilter.KERNEL32 ref: 00007FF75A10C9DC

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 4f1605a870b3ab58307638b90f69401c730c876d9dfa7ce500e329c816792819
Instruction ID: 9004442e32a62a54efd60926787bec7722a49e306ca61dbe7c0dcaf9b3f482e5
Opcode Fuzzy Hash: 4f1605a870b3ab58307638b90f69401c730c876d9dfa7ce500e329c816792819
Instruction Fuzzy Hash: D0310C72609A81C6FB60AF61E8403A9B3B5FF84744F48403ADA4D57B95DF39D648CB24

Function 00007FF75A11B3CC Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF75A11B445
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF75A11B45D
RtlVirtualUnwind.KERNEL32 ref: 00007FF75A11B498
IsDebuggerPresent.KERNEL32 ref: 00007FF75A11B4D1
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF75A11B4DB
UnhandledExceptionFilter.KERNEL32 ref: 00007FF75A11B4E6

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: f3d77d60e417bce1f0fe908812719be64cab24703666754eed0168e01bd0a785
Instruction ID: 678b81de19107b9b10af175471a2d3cf45759201dc7435742cd1b6a44f09b738
Opcode Fuzzy Hash: f3d77d60e417bce1f0fe908812719be64cab24703666754eed0168e01bd0a785
Instruction Fuzzy Hash: B3315E36608B8186EB60DF25E8402AEB3B4FF88758F980176EA8D43B55EF38C545CB50

Function 00007FF75A1226C4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A122710
FindFirstFileExW.KERNEL32 ref: 00007FF75A12281A

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: 62c56db1a939844cd1187580cc39da8c2b13d784ec33e52841a564721c35b8dc
Instruction ID: 3b11f20d814e19c069dc77faf1a7365121f02c2841b70da66258149bd430d151
Opcode Fuzzy Hash: 62c56db1a939844cd1187580cc39da8c2b13d784ec33e52841a564721c35b8dc
Instruction Fuzzy Hash: 3FB1B626B1869681FE61AB26B5001BDE3B1EF54BE4F8C5171EA9D0BBC5DE3DE441C310

Function 00007FF75A10C7A0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF75A10C7CC
GetCurrentThreadId.KERNEL32 ref: 00007FF75A10C7DA
GetCurrentProcessId.KERNEL32 ref: 00007FF75A10C7E6
QueryPerformanceCounter.KERNEL32 ref: 00007FF75A10C7F6

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 9121cd0992376079c28b7b15cfb2bb882a77f2b3c78bb4ce64e2c22522254d02
Instruction ID: 3356a9dcdba81c9f42cfea9d7988c386b37a6d735a8da9d96f27cd3dcfbf6059
Opcode Fuzzy Hash: 9121cd0992376079c28b7b15cfb2bb882a77f2b3c78bb4ce64e2c22522254d02
Instruction Fuzzy Hash: ED114826B14B058AFF00AF61F8442A873B4FF58758F880E31DA2D867A4DF78D5548390

Function 00007FF75A124A60 Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF75A124AC6
memcpy_s.LIBCPMT ref: 00007FF75A124AF1

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction ID: 5efd7a936edd0d5b3394029fb73d6396d7bb2e66562e27887d74201cfd10c366
Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction Fuzzy Hash: 10C1D472B18685C7FB24DF1AB04466AB7A1FF94784F898135DB4A43744DB3EE801CB40

Function 00007FF75A12A7D8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF75A12AA27
RaiseException.KERNEL32 ref: 00007FF75A12AA38

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 107d115b060fbd35a116a220a90c3f58689526778be32960ff8b0eb29206904d
Instruction ID: 29131ffae83376f22204fca49f69388514e285a8eb3212984ab09218402abf2e
Opcode Fuzzy Hash: 107d115b060fbd35a116a220a90c3f58689526778be32960ff8b0eb29206904d
Instruction Fuzzy Hash: 3BB14A73A04B85CAEB15CF2AE846368BBB0FF44B48F598971DA5D837A4CB3AD451C710

Function 00007FF75A1142D4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON

Download Yara Rule

Strings

, xrefs: 00007FF75A114442
, xrefs: 00007FF75A114684

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: a4155c6fffaecf52a824239c2b6f37dbc1b24f1087258a4a4fa2a9ab421e67c4
Instruction ID: 5e06d41ca5af27faa77d2b8ce1faf0781e43aa63df73eb4344d13de25940121f
Opcode Fuzzy Hash: a4155c6fffaecf52a824239c2b6f37dbc1b24f1087258a4a4fa2a9ab421e67c4
Instruction Fuzzy Hash: E6E1C2B6A1865282FF68EE29A05013DB3B0FF45F48F9C4275CB4E07694DF29E851C7A0

Function 00007FF75A11ECA0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON

Download Yara Rule

Strings

e+000, xrefs: 00007FF75A11EDAD
gfff, xrefs: 00007FF75A11EE2A

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: b0eb00ec9cc72bcbd25ebaa9050c7cd18c6ed420f4824bc0d073d86035fcaeec
Instruction ID: 861586ad15ef14fbd6dd60dd3ae9be27f03148eede71d36181fc32382b32707b
Opcode Fuzzy Hash: b0eb00ec9cc72bcbd25ebaa9050c7cd18c6ed420f4824bc0d073d86035fcaeec
Instruction Fuzzy Hash: FC517822B182C186FF209E75B900779EBA1EB84B94F8C9671CB9C47AC5CF3DE4048750

Function 00007FF75A121720 Relevance: 2.0, APIs: 1, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor
String ID:
API String ID: 1010374628-0
Opcode ID: 66766e13358cd5f4de93a3d461a286b1618a0db40b5e27b20b34ea7eab166179
Instruction ID: 9f195536f6ae6fcc3cdd22a23b1dd5e67ebe52d812d3076e3b9ed96e53a40aef
Opcode Fuzzy Hash: 66766e13358cd5f4de93a3d461a286b1618a0db40b5e27b20b34ea7eab166179
Instruction Fuzzy Hash: 91028825E0D64A80FE55FB22B50027DE6F5AF41BA0FCC46B5DD6D462D2EE3EE4018360

Function 00007FF75A11E80C Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF75A11EB4E

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: ce984bed762576d5ac079d260fe98dbb5d2c0c9497d8241e3c95b971abe0b5e7
Instruction ID: af13ba85dee7d22f6118a8b308e9f342a9e721a8d9941ea2f9965c908512aafb
Opcode Fuzzy Hash: ce984bed762576d5ac079d260fe98dbb5d2c0c9497d8241e3c95b971abe0b5e7
Instruction Fuzzy Hash: 7DA15522A0878A86FF21DB65B0407B9BBA1AF50B84F488072DE8E477C1EE3DD501C795

Function 00007FF75A118EF4 Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

TMP, xrefs: 00007FF75A118F13

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: TMP
API String ID: 3215553584-3125297090
Opcode ID: 8ec06a2b4782e0689436fe5663854b321090610fcf5247d2cfa23e18c307cdc4
Instruction ID: 5a40bb6e5be48ca83a0095cc72be67d73dfa6fcf37e3d2fbb2b3bf0b1a5931fe
Opcode Fuzzy Hash: 8ec06a2b4782e0689436fe5663854b321090610fcf5247d2cfa23e18c307cdc4
Instruction Fuzzy Hash: 9D51C119F0874741FE64BB267A0117AD6B66F84B94FCC80B5DE1E4B7C5EE3CE44282A4

Function 00007FF75A1242D0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF75A1242D4

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: ed995d9d252c3e0c61107ed1ba5c48f1392176915e7fcf845d28b2722b2e2d45
Instruction ID: 613fbd4094f3fbd50d5bbcf705a1ee74eda56d1c539e9704d846e95209bdecb0
Opcode Fuzzy Hash: ed995d9d252c3e0c61107ed1ba5c48f1392176915e7fcf845d28b2722b2e2d45
Instruction Fuzzy Hash: D9B09220E07A02C6FE083B2A7C8221462B87F48710FD840B8C10D45320EE2C24E58721

Function 00007FF75A113ED0 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca9df69fd1c27fd416770dca946a20fccf44885df857cf64186a4c680355c85b
Instruction ID: 5294616239eb2abddc87c3463ed44ea3759c9bed6c923af1b8cba225b330c95e
Opcode Fuzzy Hash: ca9df69fd1c27fd416770dca946a20fccf44885df857cf64186a4c680355c85b
Instruction Fuzzy Hash: BAD1C3AAA0864286FF68EA25A54027DA7B0EF45F58F9C4275CF0D07695DF3DE841C3E0

Function 00007FF75A1092D0 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6d76246942c46f132312ebc4a4bc27c309f6729675ee6fb805fd22939f347a0
Instruction ID: 4d40a2764a5e1dafca055b88e4257dcfadedddcdebcf3a045b7c3aaf712319b5
Opcode Fuzzy Hash: a6d76246942c46f132312ebc4a4bc27c309f6729675ee6fb805fd22939f347a0
Instruction Fuzzy Hash: 5DC1A6721141E14BD6C9EB29E46957A77E1FB8934DBD4403AEB8B47B8AC63CA014DB10

Function 00007FF75A113540 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa501f5897fa8170c1c3089a9165536d111e8d2735d862654f88cabfcab8bd87
Instruction ID: c36a2b942b2a78c9b8d70814e8d4da7dee5b384ab75cfffb75f11177796304df
Opcode Fuzzy Hash: fa501f5897fa8170c1c3089a9165536d111e8d2735d862654f88cabfcab8bd87
Instruction Fuzzy Hash: 29B1A176E0875585FBA4AF29E05413CBBB0EB45F48FA84275CA4D47399CF39D841C7A0

Function 00007FF75A11F320 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde3b387bb0edac5d3a7572aaf71fcdce3ba0ac9d1c4353072e234eccf42a557
Instruction ID: 21da3020fe8f7fd970dc97c20fae79394b40346dc6f4c7f00371081543d1e152
Opcode Fuzzy Hash: dde3b387bb0edac5d3a7572aaf71fcdce3ba0ac9d1c4353072e234eccf42a557
Instruction Fuzzy Hash: 4981F472A0C78146FBB4DF19B14037AEAA1FF85794F988276DA8D43B99CE3CD4008B50

Function 00007FF75A127550 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 0545a2559c330c3b8b837ff60ad1fca552f4247d75f95da319e64bf11632f5cd
Instruction ID: 1eb2af711db3db762604a0b87ff36296debb4c3ac62634f6fd8d0d026d44703c
Opcode Fuzzy Hash: 0545a2559c330c3b8b837ff60ad1fca552f4247d75f95da319e64bf11632f5cd
Instruction Fuzzy Hash: 6C610E21E1C182C7FF64B92EB45427BE6A1AF50360F9D06B9D65D476D1EE6ED8008720

Function 00007FF75A112A94 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 431273df7c005eff8b086499786a7f8af66af839407972891033f6f8b32510fa
Instruction ID: bf216baa2d0a82810b619fa45a8d22712e777eee982eae8381a8a0e0bee30328
Opcode Fuzzy Hash: 431273df7c005eff8b086499786a7f8af66af839407972891033f6f8b32510fa
Instruction Fuzzy Hash: 8D517276A18A5186FB249F29E140238B3B0EF55BA8F6C4171CE4D0B794CB3AE843C7D4

Function 00007FF75A112274 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3986d2e28db3ad4c814196551e744b7f12e089580c78501851383343d29f5119
Instruction ID: 1dccf27d1679fcdc32252fe1651a5fac60efed78c79df38fc2d14bac22b9a523
Opcode Fuzzy Hash: 3986d2e28db3ad4c814196551e744b7f12e089580c78501851383343d29f5119
Instruction Fuzzy Hash: CC519436A2865186FB249B29E04023CB3B0EF59B58F684171CE4D1B794CB3AE843C7D0

Function 00007FF75A112684 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a7def00a57181835e1b5755574f212d41c435eb46ac8bcc91c00ca4f50edce3
Instruction ID: 22d3bfa39e469415b329e97dfdb6480393f27932c4353d8512a997af8106a661
Opcode Fuzzy Hash: 0a7def00a57181835e1b5755574f212d41c435eb46ac8bcc91c00ca4f50edce3
Instruction Fuzzy Hash: 65517376A1865186FB249B29E040239B7F0EF65B68F684171CE8D4B7D4CB3AEC53C790

Function 00007FF75A112480 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b37b721d2520797c932084b48cf8e5c5b4bbfd8b4955e3aae9fbd8879836657
Instruction ID: e2c5a9fd44459be72bea95bdc44e110de2886b267a20b1ef744ea1b0f640626a
Opcode Fuzzy Hash: 5b37b721d2520797c932084b48cf8e5c5b4bbfd8b4955e3aae9fbd8879836657
Instruction Fuzzy Hash: 0C519332B1865186FF749B29E054678A7B0EF54F58FA84171CE4C1BB94CB3AE843C790

Function 00007FF75A112890 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56eab1984f79c1160248cb97b5e30aec2666dd062f10dae5dc3084fdbc1595d5
Instruction ID: 410e0fb9d874c5998332b90855d7bb00bd90982ec8406488098bf259c583d723
Opcode Fuzzy Hash: 56eab1984f79c1160248cb97b5e30aec2666dd062f10dae5dc3084fdbc1595d5
Instruction Fuzzy Hash: 1D517136A1866586FB349B29E04023CB7B1EF45F58F6C4171CA8D5B798DB3AE842C790

Function 00007FF75A112070 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4a792dd5f357ba9ab053cb868b8428acf2d0115ad083e523ed5123ef832f09c
Instruction ID: 1fb95bb7699e7e6fd5925455447be2edcee02fc2208a06294aa0899f1565887d
Opcode Fuzzy Hash: e4a792dd5f357ba9ab053cb868b8428acf2d0115ad083e523ed5123ef832f09c
Instruction Fuzzy Hash: D251B036A1865186FB249B28E44023CA7B1EF44B68FA84171CE4C5B798DB3AEC53C790

Function 00007FF75A116750 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction ID: d1fc4db623e93702d800237c53aa8787cc0ff943f1864e7b62d27e47207d2309
Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction Fuzzy Hash: DD41B552C0D77A44FD959A18D9046B4A6E1EF227A0DDC52F4DDFA133C3CE0FA586C2A1

Function 00007FF75A11AC50 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ErrorLanguagesLastPreferredRestoreThread
String ID:
API String ID: 588628887-0
Opcode ID: 99727cf8dcdef6607af11556971c3c56195fb28ad07658d2c7e33bae879bdea0
Instruction ID: eb7918071c15eb4ea4afc56a4d999346a8b47ae0c832baefed7e75329d87c412
Opcode Fuzzy Hash: 99727cf8dcdef6607af11556971c3c56195fb28ad07658d2c7e33bae879bdea0
Instruction Fuzzy Hash: F641D366B14A5982FF04DF2AF914169A7B2BF48FD0B89A033DE4D97B64DE3CD4428340

Function 00007FF75A1184BC Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2714c3464e659e090bf3abd2c253a69a04ee01bde06b43bc588b46e6b5aa8fb
Instruction ID: aac759dd5948116142d886a39adead45ffabee8627e2e30a91ea5a9f75837a9a
Opcode Fuzzy Hash: d2714c3464e659e090bf3abd2c253a69a04ee01bde06b43bc588b46e6b5aa8fb
Instruction Fuzzy Hash: 5A319132A08B4281FB64EF26744016EAAE5EF84BE4F584279EA9957BD5DF3CD0028254

Function 00007FF75A12A620 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3f3f1020485e8a41a296fc930dbc96221e618d45f39aaa63d951921bdf06b5a
Instruction ID: 4cb68e3d21aa497106b56552870c2c9f1dd90743a503388617b05f3387057464
Opcode Fuzzy Hash: c3f3f1020485e8a41a296fc930dbc96221e618d45f39aaa63d951921bdf06b5a
Instruction Fuzzy Hash: D8F06871B182558AEF989F2DB40262977F0FF08380F848479D58D87B04D67C90649F14

Function 00007FF75A10CA9C Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b04046989d87c8dc885ed01c2b3f2aaa9c0b13633c97905e42662c4d2108a614
Instruction ID: 4f4a0671e2f0c380105d967261da330af1deb3049d9014d1a93fbf76f56a8de5
Opcode Fuzzy Hash: b04046989d87c8dc885ed01c2b3f2aaa9c0b13633c97905e42662c4d2108a614
Instruction Fuzzy Hash: 4BA00161908943D2FA44AB01F852021A270BF61308BA904B2D11E514A1AE3DA8408620

Function 00007FF75A107100 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 263libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF75A107117
GetProcAddress.KERNEL32 ref: 00007FF75A107156
GetProcAddress.KERNEL32 ref: 00007FF75A10717B
GetProcAddress.KERNEL32 ref: 00007FF75A1071A0
GetProcAddress.KERNEL32 ref: 00007FF75A1071C8
GetProcAddress.KERNEL32 ref: 00007FF75A1071F0
GetProcAddress.KERNEL32 ref: 00007FF75A107218
GetProcAddress.KERNEL32 ref: 00007FF75A107240
GetProcAddress.KERNEL32 ref: 00007FF75A107268

Strings

Failed to get address for Tcl_FindExecutable, xrefs: 00007FF75A10718D
Failed to get address for Tcl_GetString, xrefs: 00007FF75A107432
Tcl_FinalizeThread, xrefs: 00007FF75A1071E6
Failed to get address for Tcl_Finalize, xrefs: 00007FF75A1071DA
Failed to get address for Tcl_MutexLock, xrefs: 00007FF75A1072A2
Tcl_MutexUnlock, xrefs: 00007FF75A1072AE
Tcl_GetObjResult, xrefs: 00007FF75A1074B6
Tcl_NewStringObj, xrefs: 00007FF75A10743E
Failed to get address for Tcl_EvalEx, xrefs: 00007FF75A107522
Failed to get address for Tcl_CreateInterp, xrefs: 00007FF75A107168
Failed to get address for Tcl_CreateThread, xrefs: 00007FF75A107252
Failed to get address for Tcl_EvalObjv, xrefs: 00007FF75A10754A
Tcl_DeleteInterp, xrefs: 00007FF75A10720E
Tcl_Finalize, xrefs: 00007FF75A1071BE
Tcl_DoOneEvent, xrefs: 00007FF75A107196
Failed to get address for Tcl_ThreadAlert, xrefs: 00007FF75A107392
Failed to get address for Tcl_ThreadQueueEvent, xrefs: 00007FF75A10736A
Tcl_GetCurrentThread, xrefs: 00007FF75A10725E
Failed to get address for Tcl_DoOneEvent, xrefs: 00007FF75A1071B2
Failed to get address for Tcl_ConditionWait, xrefs: 00007FF75A107342
Tcl_MutexLock, xrefs: 00007FF75A107286
Failed to get address for Tcl_NewByteArrayObj, xrefs: 00007FF75A107482
Tcl_EvalEx, xrefs: 00007FF75A107506
GetProcAddress, xrefs: 00007FF75A107130
Failed to get address for Tcl_Free, xrefs: 00007FF75A10759A
Tcl_ThreadQueueEvent, xrefs: 00007FF75A10734E
Tcl_FindExecutable, xrefs: 00007FF75A107171
Failed to get address for Tk_Init, xrefs: 00007FF75A1075C2
Tcl_GetString, xrefs: 00007FF75A107416
Tcl_ConditionWait, xrefs: 00007FF75A107326
Tcl_SetVar2, xrefs: 00007FF75A1073C6
Tcl_EvalObjv, xrefs: 00007FF75A10752E
Tcl_CreateInterp, xrefs: 00007FF75A10714C
Failed to get address for Tcl_FinalizeThread, xrefs: 00007FF75A107202
Failed to get address for Tcl_SetVar2Ex, xrefs: 00007FF75A1074AA
Tk_GetNumMainWindows, xrefs: 00007FF75A1075CE
Failed to get address for Tcl_ConditionNotify, xrefs: 00007FF75A10731A
Tcl_GetVar2, xrefs: 00007FF75A10739E
Tcl_CreateObjCommand, xrefs: 00007FF75A1073EE
Failed to get address for Tcl_MutexUnlock, xrefs: 00007FF75A1072CA
Tcl_Alloc, xrefs: 00007FF75A107556
Tcl_ConditionNotify, xrefs: 00007FF75A1072FE
Tcl_NewByteArrayObj, xrefs: 00007FF75A107466
Failed to get address for Tcl_GetCurrentThread, xrefs: 00007FF75A10727A
Tcl_ConditionFinalize, xrefs: 00007FF75A1072D6
Tcl_Free, xrefs: 00007FF75A10757E
Failed to get address for Tcl_SetVar2, xrefs: 00007FF75A1073E2
Tk_Init, xrefs: 00007FF75A1075A6
Failed to get address for Tcl_NewStringObj, xrefs: 00007FF75A10745A
Failed to get address for Tk_GetNumMainWindows, xrefs: 00007FF75A1075EA
Failed to get address for Tcl_Alloc, xrefs: 00007FF75A107572
Tcl_SetVar2Ex, xrefs: 00007FF75A10748E
Failed to get address for Tcl_GetVar2, xrefs: 00007FF75A1073BA
Failed to get address for Tcl_GetObjResult, xrefs: 00007FF75A1074D2
Tcl_ThreadAlert, xrefs: 00007FF75A107376
Tcl_EvalFile, xrefs: 00007FF75A1074DE
Failed to get address for Tcl_CreateObjCommand, xrefs: 00007FF75A10740A
Failed to get address for Tcl_DeleteInterp, xrefs: 00007FF75A10722A
Failed to get address for Tcl_ConditionFinalize, xrefs: 00007FF75A1072F2
Failed to get address for Tcl_EvalFile, xrefs: 00007FF75A1074FA
Tcl_Init, xrefs: 00007FF75A107110
Failed to get address for Tcl_Init, xrefs: 00007FF75A107129
Tcl_CreateThread, xrefs: 00007FF75A107236

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: AddressProc
String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
API String ID: 190572456-2208601799
Opcode ID: e7edea845a9f5d5bc22b5b56991a1be592abbf01ed24a972618679d5ebca8c04
Instruction ID: f02dc9a28456974b392a974ff0ad0ecb95cb923c1e0fd21bd45d1fd4b9a51180
Opcode Fuzzy Hash: e7edea845a9f5d5bc22b5b56991a1be592abbf01ed24a972618679d5ebca8c04
Instruction Fuzzy Hash: 32E1B165A19F03D2FE59AB06B884174A7B6BF18740FEC54B5D80E0A2E4FF7EE5448324

Function 00007FF75A1012A0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF75A102B10: MessageBoxW.USER32 ref: 00007FF75A102BE5

_fread_nolock.LIBCMT ref: 00007FF75A101489

Strings

\, xrefs: 00007FF75A1013E5
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF75A10131B
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF75A1014AF
fread, xrefs: 00007FF75A1014B6
malloc, xrefs: 00007FF75A101367
%s%c%s, xrefs: 00007FF75A1013DE
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF75A101360
Failed to extract %s: failed to open archive file!, xrefs: 00007FF75A1012EE
fseek, xrefs: 00007FF75A101322

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Message_fread_nolock
String ID: %s%c%s$Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$\$fread$fseek$malloc
API String ID: 3065259568-2316137593
Opcode ID: 718a224fae024f93ce7bf74aff3224364058c8fe7df8cac81bb70fe635893a84
Instruction ID: 662b7e9cc1973c740ce655369c5f125e01c6755085683be16602a384deb8cd0d
Opcode Fuzzy Hash: 718a224fae024f93ce7bf74aff3224364058c8fe7df8cac81bb70fe635893a84
Instruction Fuzzy Hash: 2F519E61B0868686FE20B721B4512FAB2B4FF447D4FE84071EE4D87B96EE7CE4418760

Function 00007FF75A1023D0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF75A1023FB
SelectObject.GDI32 ref: 00007FF75A102442
DrawTextW.USER32 ref: 00007FF75A102465
SelectObject.GDI32 ref: 00007FF75A10247B
ReleaseDC.USER32 ref: 00007FF75A10248B
MoveWindow.USER32 ref: 00007FF75A1024DB
MoveWindow.USER32 ref: 00007FF75A10251B
MoveWindow.USER32 ref: 00007FF75A10256E
MoveWindow.USER32 ref: 00007FF75A1025B6

Strings

P%, xrefs: 00007FF75A10244F

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: MoveWindow$ObjectSelect$DrawReleaseText
String ID: P%
API String ID: 2147705588-2959514604
Opcode ID: 5b6577cad5280a8981d528861e2ae7c646745b175b361903b18278a3a03fe9da
Instruction ID: cbc0143c425aa8ebfbd370d0653d88456210a59b550e81fd6aca5e740a34f341
Opcode Fuzzy Hash: 5b6577cad5280a8981d528861e2ae7c646745b175b361903b18278a3a03fe9da
Instruction Fuzzy Hash: C251C326614BA187EA34AF26B4181BAF7B1FF98B65F044135EBCE43694DF3CD045DA20

Function 00007FF75A116CE0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A116D23
_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A117110
_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A1173AC

Strings

p, xrefs: 00007FF75A116DD5
:, xrefs: 00007FF75A116EDC
-, xrefs: 00007FF75A116DB9
f, xrefs: 00007FF75A116E45
p, xrefs: 00007FF75A116E4D

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$:$f$p$p
API String ID: 3215553584-2013873522
Opcode ID: d41d3ed49e0df0b37e7753a00fe59ce424ede8ed11cb6504f669504b003b63f2
Instruction ID: 3330e501d74191952ea599ec3fcde057b6c2ac7ed0c2bcc5b5afae7bc8431cc3
Opcode Fuzzy Hash: d41d3ed49e0df0b37e7753a00fe59ce424ede8ed11cb6504f669504b003b63f2
Instruction Fuzzy Hash: 96128B36A1C24386FF21AA14F0446B9F6B1EF40750FDC4575EA9A46BC4EB3DE5808FA4

Function 00007FF75A1118F8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A111938
_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A111D00
_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A111F9F

Strings

f, xrefs: 00007FF75A111B85
p, xrefs: 00007FF75A1119DD
f, xrefs: 00007FF75A111A3A
f, xrefs: 00007FF75A1119D0
p, xrefs: 00007FF75A111A42

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: d738f100ea2c585e80d131aafbe2a69e2e0acbd3b76fe5cf90b2b638373c2978
Instruction ID: 0fc75d74846e8f56ca965e7b906b2dc1c4b5bde427620551751be401176afde8
Opcode Fuzzy Hash: d738f100ea2c585e80d131aafbe2a69e2e0acbd3b76fe5cf90b2b638373c2978
Instruction Fuzzy Hash: D7127162E0D18786FF24BA15F0446B9E6F2FF80750FDC4179E69946AC4DB7CE4808BA1

Function 00007FF75A101590 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 99COMMON

Download Yara Rule

Strings

Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF75A1015F9
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF75A1016B2
fread, xrefs: 00007FF75A1016B9
malloc, xrefs: 00007FF75A101630
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF75A101629
Failed to extract %s: failed to open archive file!, xrefs: 00007FF75A1015C3
fseek, xrefs: 00007FF75A101600

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Message
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2030045667-3659356012
Opcode ID: bdc32a4528e991bdae992ceab6fe4be4df97f0d6b6e5334dd80a4d48d71d7056
Instruction ID: 07eacdd96bd7e0011abd22b7aba9b1c58309f5503214048004b09684e7cf1083
Opcode Fuzzy Hash: bdc32a4528e991bdae992ceab6fe4be4df97f0d6b6e5334dd80a4d48d71d7056
Instruction Fuzzy Hash: 56316D21B0865286FE24BB12B8405BAE3B1BF44BD4FEC4072DF4E07A95EE7DE5458720

Function 00007FF75A10F330 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 312COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF75A10F38C

Part of subcall function 00007FF75A1102EC: __GetUnwindTryBlock.LIBCMT ref: 00007FF75A11032F
Part of subcall function 00007FF75A1102EC: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF75A110354

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF75A10F464
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF75A10F6B3
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF75A10F7BF

Strings

csm, xrefs: 00007FF75A10F40D
csm, xrefs: 00007FF75A10F487
csm, xrefs: 00007FF75A10F3A6

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: 0e2dbf0607b23b863384daf6af73d36f13a88af7ca772ada99fba3557138c94c
Instruction ID: 74547b1192eefee1eff9080c98779af6bc81c7d66e7605407b4a7ce195996458
Opcode Fuzzy Hash: 0e2dbf0607b23b863384daf6af73d36f13a88af7ca772ada99fba3557138c94c
Instruction Fuzzy Hash: C3D1AF32A087428AFF20AF25A4412ADB7B0FF45788FA80175EE8D57B95DF38E190C751

Function 00007FF75A1089B0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF75A10101D), ref: 00007FF75A108A47
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF75A10101D), ref: 00007FF75A108A9E

Strings

Out of memory., xrefs: 00007FF75A108ACF
Failed to get UTF-8 buffer size., xrefs: 00007FF75A108ADF
WideCharToMultiByte, xrefs: 00007FF75A108AE6
win32_utils_to_utf8, xrefs: 00007FF75A108AD6
Failed to encode wchar_t as UTF-8., xrefs: 00007FF75A108AC6

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ByteCharMultiWide
String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
API String ID: 626452242-27947307
Opcode ID: 400f0bdcbd62a4a5536486c2f7426be13d95d078f8c38135e0fc09a91e7db9c0
Instruction ID: 1e45c14afffb5acb8e81ee901c94e1b45cae760b021d5ee007cc353e67ca7c53
Opcode Fuzzy Hash: 400f0bdcbd62a4a5536486c2f7426be13d95d078f8c38135e0fc09a91e7db9c0
Instruction Fuzzy Hash: 42416B32A0CB82C2FA20EF16B84016AFAB5FF84B90FAC4575DA8D47B94DF38D4518710

Function 00007FF75A108EF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(?,00007FF75A1039CA), ref: 00007FF75A108F31

Part of subcall function 00007FF75A1029C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF75A108AF2,?,?,?,?,?,?,?,?,?,?,?,00007FF75A10101D), ref: 00007FF75A1029F4
Part of subcall function 00007FF75A1029C0: MessageBoxW.USER32 ref: 00007FF75A102AD0

WideCharToMultiByte.KERNEL32(?,00007FF75A1039CA), ref: 00007FF75A108FA5

Strings

Out of memory., xrefs: 00007FF75A108F6B
Failed to get UTF-8 buffer size., xrefs: 00007FF75A108F3E
WideCharToMultiByte, xrefs: 00007FF75A108F45, 00007FF75A108FB6
win32_utils_to_utf8, xrefs: 00007FF75A108F72
Failed to encode wchar_t as UTF-8., xrefs: 00007FF75A108FAF

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLastMessage
String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
API String ID: 3723044601-27947307
Opcode ID: 4b8f80f614b111e99d886447c0377d3fa2ad0085ce50da6436ff273b72e0facb
Instruction ID: 14926b68615ffda289b53af8a715225aff0cbcfc276b5f144ba535a00fc33577
Opcode Fuzzy Hash: 4b8f80f614b111e99d886447c0377d3fa2ad0085ce50da6436ff273b72e0facb
Instruction Fuzzy Hash: E8214821A09B46D6FF10AB26B940069FAB2FF84B90FAC4575DA4D4B794EF3CE5418324

Function 00007FF75A1077B0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 136COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF75A107926

Part of subcall function 00007FF75A110A40: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A110A54

Part of subcall function 00007FF75A110A14: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A110A28

Strings

WARNING: file already exists but should not: %s, xrefs: 00007FF75A1078A8
ERROR: file already exists but should not: %s, xrefs: 00007FF75A10788C
\, xrefs: 00007FF75A1077FC
%s%c%s, xrefs: 00007FF75A1077F5
PYINSTALLER_STRICT_UNPACK_MODE, xrefs: 00007FF75A107842

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo$_fread_nolock
String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
API String ID: 3231891352-3501660386
Opcode ID: dd694ad439c35d913334a449757dc7393a4369ae598e4bb01d0977f4e6123465
Instruction ID: 6df4b0da9814a6d7f68668fd7119cf80e916e2011782e44ca8af8c19bcc5237c
Opcode Fuzzy Hash: dd694ad439c35d913334a449757dc7393a4369ae598e4bb01d0977f4e6123465
Instruction Fuzzy Hash: 6E518221E0DA5246FE50BB25B5546B9F2B2AF84BD0FEC00B1E94D866D6EE2CE4008370

Function 00007FF75A10E3C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF75A10E67A,?,?,?,00007FF75A10D5AC,?,?,?,00007FF75A10D1A1), ref: 00007FF75A10E44D
GetLastError.KERNEL32(?,?,?,00007FF75A10E67A,?,?,?,00007FF75A10D5AC,?,?,?,00007FF75A10D1A1), ref: 00007FF75A10E45B
LoadLibraryExW.KERNEL32(?,?,?,00007FF75A10E67A,?,?,?,00007FF75A10D5AC,?,?,?,00007FF75A10D1A1), ref: 00007FF75A10E485
FreeLibrary.KERNEL32(?,?,?,00007FF75A10E67A,?,?,?,00007FF75A10D5AC,?,?,?,00007FF75A10D1A1), ref: 00007FF75A10E4F3
GetProcAddress.KERNEL32(?,?,?,00007FF75A10E67A,?,?,?,00007FF75A10D5AC,?,?,?,00007FF75A10D1A1), ref: 00007FF75A10E4FF

Strings

api-ms-, xrefs: 00007FF75A10E46D

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 5cef7e97cf10635b7adbe76254dad29ae16abfe91812266f9aed7336451ff82a
Instruction ID: 2be089584d92c508a3985fda1d51a7d98b3e515b2960101a80a7ab5015af485a
Opcode Fuzzy Hash: 5cef7e97cf10635b7adbe76254dad29ae16abfe91812266f9aed7336451ff82a
Instruction Fuzzy Hash: 8431B025B1A642D6FE21EB17B4006B5B3B4BF44BA0FAD0575DE5D867D0EE3CE4808328

Function 00007FF75A107630 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF75A108DE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF75A102A9B), ref: 00007FF75A108E1A

ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF75A107BB1,00000000,?,00000000,00000000,?,00007FF75A10153F), ref: 00007FF75A10768F

Part of subcall function 00007FF75A102B10: MessageBoxW.USER32 ref: 00007FF75A102BE5

Strings

LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF75A107666
LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF75A1076EA
LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF75A1076A3

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
API String ID: 1662231829-3498232454
Opcode ID: 9bfcf0b62ea921097bc7abb589b6718567d9e6fafddd2668cb98e057143b44d0
Instruction ID: 6fa6069a9df1a75c7650e9d17b0880500a52ae55415ca9ed7c540cc5e796563c
Opcode Fuzzy Hash: 9bfcf0b62ea921097bc7abb589b6718567d9e6fafddd2668cb98e057143b44d0
Instruction Fuzzy Hash: A2315411F1CA4282FE64B725F5592BAF6B1BF987C0FDC0471DA4E467D6EE2CE5048620

Function 00007FF75A108DE0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF75A102A9B), ref: 00007FF75A108E1A

Part of subcall function 00007FF75A1029C0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF75A108AF2,?,?,?,?,?,?,?,?,?,?,?,00007FF75A10101D), ref: 00007FF75A1029F4
Part of subcall function 00007FF75A1029C0: MessageBoxW.USER32 ref: 00007FF75A102AD0

MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF75A102A9B), ref: 00007FF75A108EA0

Strings

MultiByteToWideChar, xrefs: 00007FF75A108E2E, 00007FF75A108EB1
Out of memory., xrefs: 00007FF75A108E62
win32_utils_from_utf8, xrefs: 00007FF75A108E69
Failed to decode wchar_t from UTF-8, xrefs: 00007FF75A108EAA
Failed to get wchar_t buffer size., xrefs: 00007FF75A108E27

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLastMessage
String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
API String ID: 3723044601-876015163
Opcode ID: 7f97f1849ec178b0ff8ea583991b98c80d8c160445cd7602e716bcd8403426a8
Instruction ID: e827d9c1fde35947ab8d0eec03f24601fa3b65e2abfbb782d29f22b06f053553
Opcode Fuzzy Hash: 7f97f1849ec178b0ff8ea583991b98c80d8c160445cd7602e716bcd8403426a8
Instruction Fuzzy Hash: CB212F22B08A5282FE50EB2AF840069E7B1FF84784BAC4571DB5C47AA9EE2DD5518714

Function 00007FF75A11BF00 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF75A11BF0F
FlsGetValue.KERNEL32 ref: 00007FF75A11BF24
FlsSetValue.KERNEL32 ref: 00007FF75A11BF45
FlsSetValue.KERNEL32 ref: 00007FF75A11BF72
FlsSetValue.KERNEL32 ref: 00007FF75A11BF83
FlsSetValue.KERNEL32 ref: 00007FF75A11BF94
SetLastError.KERNEL32 ref: 00007FF75A11BFAF

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: c01302f85cdeeb858ba32c7622f1245fb1706a6e326da58101f8c405cd0a3d75
Instruction ID: c31a6eabf4ae7aae7e34a6b555d02973bf3c1c1909026b9a9f09a6990584fcd1
Opcode Fuzzy Hash: c01302f85cdeeb858ba32c7622f1245fb1706a6e326da58101f8c405cd0a3d75
Instruction Fuzzy Hash: 9B216A24A0C60742FE687721B751179E1728F887B0F9C06B5E92E8B6C6DE2CA40086E0

Function 00007FF75A128D9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF75A128DCD
GetLastError.KERNEL32 ref: 00007FF75A128DD9
CloseHandle.KERNEL32 ref: 00007FF75A128DF1
CreateFileW.KERNEL32 ref: 00007FF75A128E1C
WriteConsoleW.KERNEL32 ref: 00007FF75A128E3B

Strings

CONOUT$, xrefs: 00007FF75A128DFD

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 56c47cfc8464f7969a639e7ce3d60490623cf8b9b00151c5924cedcf2ef07519
Instruction ID: 4549e74c66e5f4a1b7ef04e720701f9efeb13b08ebf9711e0b5832a8d216b294
Opcode Fuzzy Hash: 56c47cfc8464f7969a639e7ce3d60490623cf8b9b00151c5924cedcf2ef07519
Instruction Fuzzy Hash: F111BB21A18A45C6FB50AB06F844729A6B0FF88FE0F880275EA1D877A4DF3DE9448754

Function 00007FF75A11C078 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF75A115CBD,?,?,?,?,00007FF75A11F9AF,?,?,00000000,00007FF75A11C196,?,?,?), ref: 00007FF75A11C087
FlsSetValue.KERNEL32(?,?,?,00007FF75A115CBD,?,?,?,?,00007FF75A11F9AF,?,?,00000000,00007FF75A11C196,?,?,?), ref: 00007FF75A11C0BD
FlsSetValue.KERNEL32(?,?,?,00007FF75A115CBD,?,?,?,?,00007FF75A11F9AF,?,?,00000000,00007FF75A11C196,?,?,?), ref: 00007FF75A11C0EA
FlsSetValue.KERNEL32(?,?,?,00007FF75A115CBD,?,?,?,?,00007FF75A11F9AF,?,?,00000000,00007FF75A11C196,?,?,?), ref: 00007FF75A11C0FB
FlsSetValue.KERNEL32(?,?,?,00007FF75A115CBD,?,?,?,?,00007FF75A11F9AF,?,?,00000000,00007FF75A11C196,?,?,?), ref: 00007FF75A11C10C
SetLastError.KERNEL32(?,?,?,00007FF75A115CBD,?,?,?,?,00007FF75A11F9AF,?,?,00000000,00007FF75A11C196,?,?,?), ref: 00007FF75A11C127

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 97e8c960414e67f8d23f279029ca4c66914050bce4c56b8eca9853fdb1f2f743
Instruction ID: 20628a099158dfb37532b7b72df2bf2f31c88982dae13e0c3ac290908c61cfce
Opcode Fuzzy Hash: 97e8c960414e67f8d23f279029ca4c66914050bce4c56b8eca9853fdb1f2f743
Instruction Fuzzy Hash: A7116028F0C64642FE54B735BA51179E1729F847B0F9C07B5E92E476D6DE2CA44183A0

Function 00007FF75A1025E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00007FF75A1027CF), ref: 00007FF75A102618
DialogBoxIndirectParamW.USER32 ref: 00007FF75A1026DC
DeleteObject.GDI32 ref: 00007FF75A10270F
DestroyIcon.USER32 ref: 00007FF75A102721

Strings

Unhandled exception in script, xrefs: 00007FF75A102648

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
String ID: Unhandled exception in script
API String ID: 3081866767-2699770090
Opcode ID: 035139a28c932b525dc7cac8fcdac5569ee169202821a797d5d04823a4addf63
Instruction ID: 3b66732e50bfb98df3b38e4a8c4fe64ca9c3d036249f992e28f7618d11ddbcd1
Opcode Fuzzy Hash: 035139a28c932b525dc7cac8fcdac5569ee169202821a797d5d04823a4addf63
Instruction Fuzzy Hash: 8D314B76A09A8285FF20EB21F9551E9B3A0FF88784F980175EA4D4BB59DF3CD544C710

Function 00007FF75A1029C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,00000000,00000000,00007FF75A108AF2,?,?,?,?,?,?,?,?,?,?,?,00007FF75A10101D), ref: 00007FF75A1029F4

Part of subcall function 00007FF75A108770: GetLastError.KERNEL32(00000000,00007FF75A102A3E,?,?,?,?,?,?,?,?,?,?,?,00007FF75A10101D), ref: 00007FF75A108797
Part of subcall function 00007FF75A108770: FormatMessageW.KERNEL32 ref: 00007FF75A1087C6

Part of subcall function 00007FF75A108DE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF75A102A9B), ref: 00007FF75A108E1A

MessageBoxW.USER32 ref: 00007FF75A102AD0
MessageBoxA.USER32 ref: 00007FF75A102AEC

Strings

Fatal error detected, xrefs: 00007FF75A102AA6, 00007FF75A102ADE
%s%s: %s, xrefs: 00007FF75A102A4B

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Message$ErrorLast$ByteCharFormatMultiWide
String ID: %s%s: %s$Fatal error detected
API String ID: 2806210788-2410924014
Opcode ID: e540fe95cbcf3c4f9a9ac735379b1c9e9ae60ded60aea03e9d716fb219e4d584
Instruction ID: 2b98e48ba1e2be6a908ac571cf01cb93da187edb5635bd596240561350773976
Opcode Fuzzy Hash: e540fe95cbcf3c4f9a9ac735379b1c9e9ae60ded60aea03e9d716fb219e4d584
Instruction Fuzzy Hash: 26315272628A8182FA30AB11F4516EAB3B4FF847C4F844176E78D46A99DF3CD645CB50

Function 00007FF75A11A83C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF75A11A861
GetProcAddress.KERNEL32 ref: 00007FF75A11A877
FreeLibrary.KERNEL32 ref: 00007FF75A11A89E

Strings

mscoree.dll, xrefs: 00007FF75A11A858
CorExitProcess, xrefs: 00007FF75A11A870

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 2230a043baf354bfbc53885d3c0454218b923bdff90d2529a0827c645eda448d
Instruction ID: ef664e5f4ece0f31e8301afb8860dc8bbf1ba0dc2c265865b003dfbe92ab34a2
Opcode Fuzzy Hash: 2230a043baf354bfbc53885d3c0454218b923bdff90d2529a0827c645eda448d
Instruction Fuzzy Hash: 0FF0AF21A09B06C1FE20AB25B445339A330EF88761F980675D66E452E4DF3DD449C360

Function 00007FF75A12A420 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF75A12A448
_set_statfp.LIBCMT ref: 00007FF75A12A463
_set_statfp.LIBCMT ref: 00007FF75A12A47F
_set_statfp.LIBCMT ref: 00007FF75A12A4BB

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
Instruction ID: 3f221d371697295569dd44df61a4fcaa85f6aec6768ec656886d319e0652126b
Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
Instruction Fuzzy Hash: E111E322E1CA83C1FE543167F56A375E1616F55371FDC06B4E96E066D7CE2EE8408324

Function 00007FF75A11C140 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF75A11B35B,?,?,00000000,00007FF75A11B5F6,?,?,?,?,?,00007FF75A1138BC), ref: 00007FF75A11C15F
FlsSetValue.KERNEL32(?,?,?,00007FF75A11B35B,?,?,00000000,00007FF75A11B5F6,?,?,?,?,?,00007FF75A1138BC), ref: 00007FF75A11C17E
FlsSetValue.KERNEL32(?,?,?,00007FF75A11B35B,?,?,00000000,00007FF75A11B5F6,?,?,?,?,?,00007FF75A1138BC), ref: 00007FF75A11C1A6
FlsSetValue.KERNEL32(?,?,?,00007FF75A11B35B,?,?,00000000,00007FF75A11B5F6,?,?,?,?,?,00007FF75A1138BC), ref: 00007FF75A11C1B7
FlsSetValue.KERNEL32(?,?,?,00007FF75A11B35B,?,?,00000000,00007FF75A11B5F6,?,?,?,?,?,00007FF75A1138BC), ref: 00007FF75A11C1C8

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: d401bd37ec188e315503392ed63ccf632f8c61640092dd5db52b3d7bfa38192e
Instruction ID: 12dd5a689bdc89b645af18a9d9cce7ea8ad17aabada20a0ee9ceab966ddde483
Opcode Fuzzy Hash: d401bd37ec188e315503392ed63ccf632f8c61640092dd5db52b3d7bfa38192e
Instruction Fuzzy Hash: 50118120F4C64681FE59B725BA41179D2B25F843B0F9C47B6E93E867C6DE2CE8018760

Function 00007FF75A11BFD4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF75A11BFE5
FlsSetValue.KERNEL32 ref: 00007FF75A11C004
FlsSetValue.KERNEL32 ref: 00007FF75A11C02C
FlsSetValue.KERNEL32 ref: 00007FF75A11C03D
FlsSetValue.KERNEL32 ref: 00007FF75A11C04E

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 3823dbcb479d85c60c076d8b46b677394c7e488c7711611a7772ecc805d169e6
Instruction ID: d000f44032dc58f1d62511272a3753402db76de2516c0863623673382c5d18d1
Opcode Fuzzy Hash: 3823dbcb479d85c60c076d8b46b677394c7e488c7711611a7772ecc805d169e6
Instruction Fuzzy Hash: 07110C18E0C60741FD69B731B551679D1B24F85774FDC0BB6E93E4A2D2DD2CB44192B0

Function 00007FF75A1169F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A116A2C
_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A116B56
_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A116C0C

Strings

verbose, xrefs: 00007FF75A116A00

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: verbose
API String ID: 3215553584-579935070
Opcode ID: 0e1375701995164762774767e6acc307974a31e0cd050619d1c211530d762839
Instruction ID: bec8b5c17107f68dcaa4b7934f04be381beec70297cd9c223a8e64c2b49529cc
Opcode Fuzzy Hash: 0e1375701995164762774767e6acc307974a31e0cd050619d1c211530d762839
Instruction Fuzzy Hash: DC91D322A08A4685FF60AE24E95037DB7B1EF40B94FCC4176DA6D473C5DE3EE40683A0

Function 00007FF75A120AA0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A120D7F

Part of subcall function 00007FF75A1271A4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A1271C1

Strings

UTF-8, xrefs: 00007FF75A120CFE
UTF-16LEUNICODE, xrefs: 00007FF75A120D1D
ccs, xrefs: 00007FF75A120CBA

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: de4b53a7bd72cc9a75fc72bdb9aa8b7520de62a16ef0f4afa2e89dc7587c8b22
Instruction ID: 21485f721fd9d86d2ab2c8583d119911533b3bc8905d281b12313e7c6c0ac624
Opcode Fuzzy Hash: de4b53a7bd72cc9a75fc72bdb9aa8b7520de62a16ef0f4afa2e89dc7587c8b22
Instruction Fuzzy Hash: C281A575D08242C9FE756E36A550278B6B0AF51B88FDD82B1CA0B57298DB3EFC119221

Function 00007FF75A10CF80 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF75A10CFAB
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF75A10D042
RtlUnwindEx.KERNEL32 ref: 00007FF75A10D09C

Strings

csm, xrefs: 00007FF75A10D029

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 81dbbe3a269521ccb6618414f5b7d9ba6a400a48ab9a514a04d3b64c82b69e43
Instruction ID: 5138e5d11dc63239dbcaf6d5caec9c761875b797e8690428435198176209ec20
Opcode Fuzzy Hash: 81dbbe3a269521ccb6618414f5b7d9ba6a400a48ab9a514a04d3b64c82b69e43
Instruction Fuzzy Hash: BD51BD2AA196028BEF14AB15F404679B3B1FF54BC8FA88171DA4E47788DF7DE841C720

Function 00007FF75A10F800 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF75A10F85F
_CallSETranslator.LIBVCRUNTIME ref: 00007FF75A10F8AB

Strings

RCC, xrefs: 00007FF75A10F87B
MOC, xrefs: 00007FF75A10F873

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 93010d95ed42164ec617659bf15c462d53d81a38e330ec23f798dc78275aa1b2
Instruction ID: c6b8c1e46343c086c406fabca2aeb3fc867d8cb7fe878ce8bf623c3fabd14258
Opcode Fuzzy Hash: 93010d95ed42164ec617659bf15c462d53d81a38e330ec23f798dc78275aa1b2
Instruction Fuzzy Hash: 76619032908B8586EB60AB15F4413AAB7A0FF84B94F584275EB8D43B95DF3CE190CB10

Function 00007FF75A10FBB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF75A10FBD8
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF75A10FCC0

Strings

csm, xrefs: 00007FF75A10FD12
csm, xrefs: 00007FF75A10FBFA

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: 7fe73a2a5521307b3718a11731218a5d657cd704d90c9c291f237acf2a87c54e
Instruction ID: 0b09e348a11d2a0ec8b770274ab7252a69ca9347eb3be9ee2d0d4b7b1108d1df
Opcode Fuzzy Hash: 7fe73a2a5521307b3718a11731218a5d657cd704d90c9c291f237acf2a87c54e
Instruction Fuzzy Hash: D4517A3290828287FE64AB21A546368B7B0FF54B94FAC8176DA8D47BC5CF3CE651C750

Function 00007FF75A102870 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF75A108DE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF75A102A9B), ref: 00007FF75A108E1A

MessageBoxW.USER32 ref: 00007FF75A10297B
MessageBoxA.USER32 ref: 00007FF75A102997

Strings

Fatal error detected, xrefs: 00007FF75A102951, 00007FF75A102989
%s%s: %s, xrefs: 00007FF75A1028F6

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Message$ByteCharMultiWide
String ID: %s%s: %s$Fatal error detected
API String ID: 1878133881-2410924014
Opcode ID: bd3b1ec170c9362c6821fd135409a0077202d763314442d1f4ebee1409f7e8bb
Instruction ID: 3c9c73ac2741c67e40b6f63b9ca65dc636c6a65f63c61ce96e87d14bb13b195d
Opcode Fuzzy Hash: bd3b1ec170c9362c6821fd135409a0077202d763314442d1f4ebee1409f7e8bb
Instruction Fuzzy Hash: 8931217262868282FA20AB11F4516EAF3B5FF847C4F844176E78D46A99DF3CD605CB50

Function 00007FF75A104340 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF75A108DE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF75A102A9B), ref: 00007FF75A108E1A

CreateFileW.KERNEL32(00000000,?,?,00007FF75A103FB9,?,00007FF75A1039CA), ref: 00007FF75A1043A8
GetFinalPathNameByHandleW.KERNEL32(?,?,00007FF75A103FB9,?,00007FF75A1039CA), ref: 00007FF75A1043C8
CloseHandle.KERNEL32(?,?,00007FF75A103FB9,?,00007FF75A1039CA), ref: 00007FF75A1043D3

Strings

\\?\, xrefs: 00007FF75A1043F7

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Handle$ByteCharCloseCreateFileFinalMultiNamePathWide
String ID: \\?\
API String ID: 2226452419-4282027825
Opcode ID: 73aa29fffb20bf18054ec36f2ff632c499c886adceaf3567ccea49c9f56a016a
Instruction ID: f9ea3b3b884c35ca69b86bb2861bd90ea84f1d8b0574474ccce63e9f8f51e172
Opcode Fuzzy Hash: 73aa29fffb20bf18054ec36f2ff632c499c886adceaf3567ccea49c9f56a016a
Instruction Fuzzy Hash: 2121D072B0865186FA20AB21F5407AAB261FF887D4F980231DF4E83A94DE3DD548CB14

Function 00007FF75A11D350 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF75A11D3CF
WriteFile.KERNEL32 ref: 00007FF75A11D697
WriteFile.KERNEL32 ref: 00007FF75A11D6DD
GetLastError.KERNEL32 ref: 00007FF75A11D793

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: f3307fa9b22cd1c245fea77c51432e5876b76cda8032067fabe2ab74fde9908f
Instruction ID: bfba8f2d1e0eebeaedc58d3e60f49d198420fd731cef0698c0df4c184ebde365
Opcode Fuzzy Hash: f3307fa9b22cd1c245fea77c51432e5876b76cda8032067fabe2ab74fde9908f
Instruction Fuzzy Hash: 6ED1F072B08A818AFB10DF65E4402ACB7B1FF447D8B984275DE5D97B99DE38D406C3A0

Function 00007FF75A102310 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EndDialog.USER32 ref: 00007FF75A102344
SetWindowLongPtrW.USER32 ref: 00007FF75A102366
GetWindowLongPtrW.USER32 ref: 00007FF75A102390
InvalidateRect.USER32 ref: 00007FF75A1023B0

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: LongWindow$DialogInvalidateRect
String ID:
API String ID: 1956198572-0
Opcode ID: c8ffd58409c2a817e2eafc26a907e7367a815fa90807bfabd45e1aee5e5800ec
Instruction ID: f2b2d5ce01e15fcddc4cf4691f3d160b698c7390e9a29843eb86dff1880b1102
Opcode Fuzzy Hash: c8ffd58409c2a817e2eafc26a907e7367a815fa90807bfabd45e1aee5e5800ec
Instruction Fuzzy Hash: 4A118621A0814283FF54A76AF5442BAA2A1FF88B80FDC8071DB490EB99CD7DE4854618

Function 00007FF75A126A6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF75A1225B0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75A1225E3

_get_daylight.LIBCMT ref: 00007FF75A126B84
_get_daylight.LIBCMT ref: 00007FF75A126B95

Strings

?, xrefs: 00007FF75A126B15

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 570d5f3b0804fc1bd63e9e9f01e21d80b98fc361e039fa890ee5aecba24efca4
Instruction ID: 9fa89638e2e559d2230d5b3917166dc1e26f7c74e25e1bd16750b9c1637ace31
Opcode Fuzzy Hash: 570d5f3b0804fc1bd63e9e9f01e21d80b98fc361e039fa890ee5aecba24efca4
Instruction Fuzzy Hash: 0041FB12B0C28685FF64AB16B90137AE670EF907A4F9C4275EE6C06AD9DE3ED441C710

Function 00007FF75A119DC8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A119DFA

Part of subcall function 00007FF75A11B700: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF75A123B72,?,?,?,00007FF75A123BAF,?,?,00000000,00007FF75A124075,?,?,00000000,00007FF75A123FA7), ref: 00007FF75A11B716
Part of subcall function 00007FF75A11B700: GetLastError.KERNEL32(?,?,?,00007FF75A123B72,?,?,?,00007FF75A123BAF,?,?,00000000,00007FF75A124075,?,?,00000000,00007FF75A123FA7), ref: 00007FF75A11B720

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF75A10C335), ref: 00007FF75A119E18

Strings

C:\Users\user\Desktop\file.exe, xrefs: 00007FF75A119E06

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ErrorFileLanguagesLastModuleNamePreferredRestoreThread_invalid_parameter_noinfo
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2553983749-3695852857
Opcode ID: e0d695942eba2bcfb51646a7552b4669bf5246a03867fd8a1a2782b76189e0f6
Instruction ID: 1bece5407257436a71e44eb5b9fe24882e911671c9a08fdb10e407366812ac07
Opcode Fuzzy Hash: e0d695942eba2bcfb51646a7552b4669bf5246a03867fd8a1a2782b76189e0f6
Instruction Fuzzy Hash: F8418C36A09B5285FF14AF25F8800B8A7B5EF44BD4B984076E94E47B85DE3CE58183A0

Function 00007FF75A11D9E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF75A11DAFF
GetLastError.KERNEL32 ref: 00007FF75A11DB21

Strings

U, xrefs: 00007FF75A11DAAB

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 76bc1a38fdffd9ebe3e6e71a83b0ba687688a06d9a48e83c019cb8b3d6fff0c8
Instruction ID: 773181727912526ac3a5ef5a76436ef638e89d49a2aee0a111d45c8fee58d259
Opcode Fuzzy Hash: 76bc1a38fdffd9ebe3e6e71a83b0ba687688a06d9a48e83c019cb8b3d6fff0c8
Instruction Fuzzy Hash: 1B418122A18A4586EB20DF25F4443AAA7B1FF847D4F984131EA4E87758EF3CD541C764

Function 00007FF75A120108 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF75A120148
GetCurrentDirectoryW.KERNEL32 ref: 00007FF75A12019A

Strings

:, xrefs: 00007FF75A12015E

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: 35556daf5145d8784e59f7b9df70c51bbab9d42ea7e8088415664c6c83ecb765
Instruction ID: 1746a4f761aed5e10b91d8b1a893b49acd29635c74ace6a8230e719ceae0f2a8
Opcode Fuzzy Hash: 35556daf5145d8784e59f7b9df70c51bbab9d42ea7e8088415664c6c83ecb765
Instruction Fuzzy Hash: 7621E626B08681C1FF20AB26E44426DB3B2FF84B84FC94275DA8E47284DF7DD945C761

Function 00007FF75A102C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF75A108DE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF75A102A9B), ref: 00007FF75A108E1A

MessageBoxW.USER32 ref: 00007FF75A102D05
MessageBoxA.USER32 ref: 00007FF75A102D21

Strings

Error detected, xrefs: 00007FF75A102CDB, 00007FF75A102D13

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Message$ByteCharMultiWide
String ID: Error detected
API String ID: 1878133881-3513342764
Opcode ID: 339977713d7da472da6bf6cde3ee098e7c711e0ac5788cc03ff0aed866900f2e
Instruction ID: a221743ded5554ba091b9d9b05da0eba797ae2a6d594d59bc95a57644cc0d072
Opcode Fuzzy Hash: 339977713d7da472da6bf6cde3ee098e7c711e0ac5788cc03ff0aed866900f2e
Instruction Fuzzy Hash: DA216072628A8182FB20AB11F4516EAF364FF94784FC41136EB8D47AA9DF3CD605CB50

Function 00007FF75A102B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF75A108DE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF75A102A9B), ref: 00007FF75A108E1A

MessageBoxW.USER32 ref: 00007FF75A102BE5
MessageBoxA.USER32 ref: 00007FF75A102C01

Strings

Fatal error detected, xrefs: 00007FF75A102BBB, 00007FF75A102BF3

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: Message$ByteCharMultiWide
String ID: Fatal error detected
API String ID: 1878133881-4025702859
Opcode ID: cc7983d7ddd1ca4fe6b0e820e7fb498cdab092a0274b8afa64f738c4e3f04b3b
Instruction ID: e0552247e6cdb4aa349d0f3c8d22c10d099f584cd62c3bde54bb2f870ea2cc50
Opcode Fuzzy Hash: cc7983d7ddd1ca4fe6b0e820e7fb498cdab092a0274b8afa64f738c4e3f04b3b
Instruction Fuzzy Hash: 4321627262868182FB20AB11F4516EAF364FF84784FC41136E78D47A69DF3CD205CB10

Function 00007FF75A110678 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF75A1106C8
RaiseException.KERNEL32 ref: 00007FF75A110709

Strings

csm, xrefs: 00007FF75A1106F6

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: fd7208e01f832ae2c3cc6aa9bb96c2aefef2cc6e58d8a602234d9daac72df826
Instruction ID: ea2404fb15315dc5fe081b0b6a23239582cc9b971655ac1b537d33281c103baf
Opcode Fuzzy Hash: fd7208e01f832ae2c3cc6aa9bb96c2aefef2cc6e58d8a602234d9daac72df826
Instruction Fuzzy Hash: CA111932A18B8582EB219B25F44026AB7E5FF88B94FA84270DB8D07765DF3DD551CB40

Function 00007FF75A121594 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF75A1215C4
GetDriveTypeW.KERNEL32 ref: 00007FF75A121604

Strings

:, xrefs: 00007FF75A1215ED

Memory Dump Source

Source File: 00000000.00000002.2129130780.00007FF75A101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75A100000, based on PE: true

Associated: 00000000.00000002.2129105783.00007FF75A100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129162475.00007FF75A12C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A13F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129190865.00007FF75A141000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2129237922.00007FF75A143000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff75a100000_file.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: b3a001ff98c302286219bbad5be65c90682500455353c0d2fccc423422cbb122
Instruction ID: 3dc66860a4f68beb1380e1afa66f1de9bebf1251ac4c5be4819be5ec45b46f1f
Opcode Fuzzy Hash: b3a001ff98c302286219bbad5be65c90682500455353c0d2fccc423422cbb122
Instruction Fuzzy Hash: D201BC21A1C602C6FF20FF61B4612BEA3F0EF44784FC801B5E94E46295EE2CE504CB20

Analysis Process: file.exePID: 5804, Parent PID: 7100COMMON

Execution Graph

Execution Coverage:	0.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	50
Total number of Limit Nodes:	2

Executed Functions

Function 00007FFDA46E1610 Relevance: 331.1, APIs: 94, Strings: 95, Instructions: 393
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PyModule_AddStringConstant.PYTHON311 ref: 00007FFDA46E1627
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E163D
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1653
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1669
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E167F
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1695
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E16AB
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E16C1
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E16D7
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E16ED
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1700
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1716
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E172C
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E173F
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1755
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E176B
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1781
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1797
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E17AD
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E17C3
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E17D6
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E17EC
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1802
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1818
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E182E
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1844
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E185A
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1870
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1886
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E189C
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E18B2
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E18C8
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E18DE
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E18F4
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E190A
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1920
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1936
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E194C
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1962
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1978
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E198E
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E19A4
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E19BA
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E19D0
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E19E6
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E19FC
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1A12
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1A28
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1A3E
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1A54
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1A6A
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1A80
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1A96
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1AAC
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1AC2
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1AD5
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1AEB
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1B01
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1B17
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1B2D
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1B43
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1B59
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1B6C
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1B82
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1B95
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1BAB
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1BC1
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1BD7
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1BED
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1C03
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1C19
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1C2F
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1C45
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1C5B
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1C71
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1C87
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1C9D
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1CB3
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1CC9
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1CDF
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1CF5
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1D0B
PyModule_AddIntConstant.PYTHON311 ref: 00007FFDA46E1D21
PyModule_AddObject.PYTHON311 ref: 00007FFDA46E1D3B
PyModule_AddObject.PYTHON311 ref: 00007FFDA46E1D55
PyModule_AddObject.PYTHON311 ref: 00007FFDA46E1D6F
PyModule_AddObject.PYTHON311 ref: 00007FFDA46E1D89
PyModule_AddObject.PYTHON311 ref: 00007FFDA46E1DA3
PyModule_AddObject.PYTHON311 ref: 00007FFDA46E1DBD
PyModule_AddObject.PYTHON311 ref: 00007FFDA46E1DD7
PyModule_AddObject.PYTHON311 ref: 00007FFDA46E1DF1
PyModule_AddObject.PYTHON311 ref: 00007FFDA46E1E0B
PyModule_AddObject.PYTHON311 ref: 00007FFDA46E1E25
PyModule_AddObject.PYTHON311 ref: 00007FFDA46E1E3F

Strings

ALERT_DESCRIPTION_CERTIFICATE_EXPIRED, xrefs: 00007FFDA46E1892
OP_ALL, xrefs: 00007FFDA46E1AB8
HOSTFLAG_NO_WILDCARDS, xrefs: 00007FFDA46E1C0F
VERIFY_X509_STRICT, xrefs: 00007FFDA46E1777
HAS_TLS_UNIQUE, xrefs: 00007FFDA46E1D48
HAS_TLSv1, xrefs: 00007FFDA46E1DE4
ALERT_DESCRIPTION_BAD_RECORD_MAC, xrefs: 00007FFDA46E17F8
ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE, xrefs: 00007FFDA46E1866
ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION, xrefs: 00007FFDA46E199A
ALERT_DESCRIPTION_DECRYPT_ERROR, xrefs: 00007FFDA46E1916
_DEFAULT_CIPHERS, xrefs: 00007FFDA46E1620
PROTO_SSLv3, xrefs: 00007FFDA46E1CBF
CERT_OPTIONAL, xrefs: 00007FFDA46E170C
HAS_SNI, xrefs: 00007FFDA46E1D2E
OP_NO_TLSv1_2, xrefs: 00007FFDA46E1B23
ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN, xrefs: 00007FFDA46E18A8
ENCODING_DER, xrefs: 00007FFDA46E1C7D
OP_NO_TLSv1_3, xrefs: 00007FFDA46E1B39
HAS_TLSv1_3, xrefs: 00007FFDA46E1E32
HAS_ALPN, xrefs: 00007FFDA46E1D96
HAS_ECDH, xrefs: 00007FFDA46E1D62
SSL_ERROR_WANT_READ, xrefs: 00007FFDA46E1649
SSL_ERROR_EOF, xrefs: 00007FFDA46E16CD
HAS_TLSv1_1, xrefs: 00007FFDA46E1DFE
PROTO_MINIMUM_SUPPORTED, xrefs: 00007FFDA46E1C93
OP_NO_TICKET, xrefs: 00007FFDA46E1B78
OP_NO_SSLv2, xrefs: 00007FFDA46E1ACB
OP_NO_COMPRESSION, xrefs: 00007FFDA46E1BA1
ALERT_DESCRIPTION_ACCESS_DENIED, xrefs: 00007FFDA46E18EA
ALERT_DESCRIPTION_USER_CANCELLED, xrefs: 00007FFDA46E196E
HOSTFLAG_NEVER_CHECK_SUBJECT, xrefs: 00007FFDA46E1BF9
ALERT_DESCRIPTION_DECOMPRESSION_FAILURE, xrefs: 00007FFDA46E1824
OP_ENABLE_MIDDLEBOX_COMPAT, xrefs: 00007FFDA46E1BB7
PROTOCOL_TLSv1_1, xrefs: 00007FFDA46E1A8C
OP_CIPHER_SERVER_PREFERENCE, xrefs: 00007FFDA46E1B4F
ALERT_DESCRIPTION_INTERNAL_ERROR, xrefs: 00007FFDA46E1958
ALERT_DESCRIPTION_UNKNOWN_CA, xrefs: 00007FFDA46E18D4
ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE, xrefs: 00007FFDA46E19B0
SSL_ERROR_INVALID_ERROR_CODE, xrefs: 00007FFDA46E16E3
HAS_NPN, xrefs: 00007FFDA46E1D7C
PROTOCOL_SSLv23, xrefs: 00007FFDA46E1A1E
PROTO_TLSv1_2, xrefs: 00007FFDA46E1D01
VERIFY_X509_PARTIAL_CHAIN, xrefs: 00007FFDA46E17B9
PROTOCOL_TLS_SERVER, xrefs: 00007FFDA46E1A60
SSL_ERROR_WANT_CONNECT, xrefs: 00007FFDA46E16B7
ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE, xrefs: 00007FFDA46E19F2
SSL_ERROR_WANT_WRITE, xrefs: 00007FFDA46E165F
OP_NO_SSLv3, xrefs: 00007FFDA46E1AE1
HOSTFLAG_MULTI_LABEL_WILDCARDS, xrefs: 00007FFDA46E1C3B
PROTO_TLSv1, xrefs: 00007FFDA46E1CD5
HAS_SSLv2, xrefs: 00007FFDA46E1DB0
CERT_NONE, xrefs: 00007FFDA46E16F6
ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY, xrefs: 00007FFDA46E1A08
ALERT_DESCRIPTION_HANDSHAKE_FAILURE, xrefs: 00007FFDA46E183A
SSL_ERROR_ZERO_RETURN, xrefs: 00007FFDA46E1633
@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM, xrefs: 00007FFDA46E1616
HOSTFLAG_SINGLE_LABEL_SUBDOMAINS, xrefs: 00007FFDA46E1C51
HAS_SSLv3, xrefs: 00007FFDA46E1DCA
OP_SINGLE_DH_USE, xrefs: 00007FFDA46E1B62
HOSTFLAG_NO_PARTIAL_WILDCARDS, xrefs: 00007FFDA46E1C25
ALERT_DESCRIPTION_INSUFFICIENT_SECURITY, xrefs: 00007FFDA46E1942
VERIFY_CRL_CHECK_LEAF, xrefs: 00007FFDA46E174B
PROTO_TLSv1_3, xrefs: 00007FFDA46E1D17
OP_NO_RENEGOTIATION, xrefs: 00007FFDA46E1BCD
PROTO_MAXIMUM_SUPPORTED, xrefs: 00007FFDA46E1CA9
ALERT_DESCRIPTION_CLOSE_NOTIFY, xrefs: 00007FFDA46E17CC
VERIFY_CRL_CHECK_CHAIN, xrefs: 00007FFDA46E1761
OP_NO_TLSv1_1, xrefs: 00007FFDA46E1B0D
ALERT_DESCRIPTION_DECODE_ERROR, xrefs: 00007FFDA46E1900
ALERT_DESCRIPTION_UNEXPECTED_MESSAGE, xrefs: 00007FFDA46E17E2
VERIFY_DEFAULT, xrefs: 00007FFDA46E1735
PROTOCOL_TLSv1, xrefs: 00007FFDA46E1A76
VERIFY_X509_TRUSTED_FIRST, xrefs: 00007FFDA46E17A3
SSL_ERROR_WANT_X509_LOOKUP, xrefs: 00007FFDA46E1675
ENCODING_PEM, xrefs: 00007FFDA46E1C67
OP_NO_TLSv1, xrefs: 00007FFDA46E1AF7
SSL_ERROR_SSL, xrefs: 00007FFDA46E16A1
ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE, xrefs: 00007FFDA46E19DC
ALERT_DESCRIPTION_PROTOCOL_VERSION, xrefs: 00007FFDA46E192C
ALERT_DESCRIPTION_CERTIFICATE_REVOKED, xrefs: 00007FFDA46E187C
ALERT_DESCRIPTION_BAD_CERTIFICATE, xrefs: 00007FFDA46E1850
PROTOCOL_TLSv1_2, xrefs: 00007FFDA46E1AA2
OP_SINGLE_ECDH_USE, xrefs: 00007FFDA46E1B8B
ALERT_DESCRIPTION_ILLEGAL_PARAMETER, xrefs: 00007FFDA46E18BE
ALERT_DESCRIPTION_NO_RENEGOTIATION, xrefs: 00007FFDA46E1984
HAS_TLSv1_2, xrefs: 00007FFDA46E1E18
HOSTFLAG_ALWAYS_CHECK_SUBJECT, xrefs: 00007FFDA46E1BE3
CERT_REQUIRED, xrefs: 00007FFDA46E1722
ALERT_DESCRIPTION_RECORD_OVERFLOW, xrefs: 00007FFDA46E180E
ALERT_DESCRIPTION_UNRECOGNIZED_NAME, xrefs: 00007FFDA46E19C6
PROTOCOL_TLS, xrefs: 00007FFDA46E1A34
SSL_ERROR_SYSCALL, xrefs: 00007FFDA46E168B
VERIFY_ALLOW_PROXY_CERTS, xrefs: 00007FFDA46E178D
PROTOCOL_TLS_CLIENT, xrefs: 00007FFDA46E1A4A
PROTO_TLSv1_1, xrefs: 00007FFDA46E1CEB

Memory Dump Source

Source File: 00000002.00000002.2126916665.00007FFDA46E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFDA46E0000, based on PE: true

Associated: 00000002.00000002.2126888921.00007FFDA46E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2126938285.00007FFDA46ED000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2126967457.00007FFDA46FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2126987636.00007FFDA46FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2127008102.00007FFDA4704000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000002.00000002.2127027976.00007FFDA4705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda46e0000_file.jbxd

Similarity

API ID: Module_$Constant$Object$String
String ID: @SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM$ALERT_DESCRIPTION_ACCESS_DENIED$ALERT_DESCRIPTION_BAD_CERTIFICATE$ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE$ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE$ALERT_DESCRIPTION_BAD_RECORD_MAC$ALERT_DESCRIPTION_CERTIFICATE_EXPIRED$ALERT_DESCRIPTION_CERTIFICATE_REVOKED$ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN$ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE$ALERT_DESCRIPTION_CLOSE_NOTIFY$ALERT_DESCRIPTION_DECODE_ERROR$ALERT_DESCRIPTION_DECOMPRESSION_FAILURE$ALERT_DESCRIPTION_DECRYPT_ERROR$ALERT_DESCRIPTION_HANDSHAKE_FAILURE$ALERT_DESCRIPTION_ILLEGAL_PARAMETER$ALERT_DESCRIPTION_INSUFFICIENT_SECURITY$ALERT_DESCRIPTION_INTERNAL_ERROR$ALERT_DESCRIPTION_NO_RENEGOTIATION$ALERT_DESCRIPTION_PROTOCOL_VERSION$ALERT_DESCRIPTION_RECORD_OVERFLOW$ALERT_DESCRIPTION_UNEXPECTED_MESSAGE$ALERT_DESCRIPTION_UNKNOWN_CA$ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY$ALERT_DESCRIPTION_UNRECOGNIZED_NAME$ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE$ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION$ALERT_DESCRIPTION_USER_CANCELLED$CERT_NONE$CERT_OPTIONAL$CERT_REQUIRED$ENCODING_DER$ENCODING_PEM$HAS_ALPN$HAS_ECDH$HAS_NPN$HAS_SNI$HAS_SSLv2$HAS_SSLv3$HAS_TLS_UNIQUE$HAS_TLSv1$HAS_TLSv1_1$HAS_TLSv1_2$HAS_TLSv1_3$HOSTFLAG_ALWAYS_CHECK_SUBJECT$HOSTFLAG_MULTI_LABEL_WILDCARDS$HOSTFLAG_NEVER_CHECK_SUBJECT$HOSTFLAG_NO_PARTIAL_WILDCARDS$HOSTFLAG_NO_WILDCARDS$HOSTFLAG_SINGLE_LABEL_SUBDOMAINS$OP_ALL$OP_CIPHER_SERVER_PREFERENCE$OP_ENABLE_MIDDLEBOX_COMPAT$OP_NO_COMPRESSION$OP_NO_RENEGOTIATION$OP_NO_SSLv2$OP_NO_SSLv3$OP_NO_TICKET$OP_NO_TLSv1$OP_NO_TLSv1_1$OP_NO_TLSv1_2$OP_NO_TLSv1_3$OP_SINGLE_DH_USE$OP_SINGLE_ECDH_USE$PROTOCOL_SSLv23$PROTOCOL_TLS$PROTOCOL_TLS_CLIENT$PROTOCOL_TLS_SERVER$PROTOCOL_TLSv1$PROTOCOL_TLSv1_1$PROTOCOL_TLSv1_2$PROTO_MAXIMUM_SUPPORTED$PROTO_MINIMUM_SUPPORTED$PROTO_SSLv3$PROTO_TLSv1$PROTO_TLSv1_1$PROTO_TLSv1_2$PROTO_TLSv1_3$SSL_ERROR_EOF$SSL_ERROR_INVALID_ERROR_CODE$SSL_ERROR_SSL$SSL_ERROR_SYSCALL$SSL_ERROR_WANT_CONNECT$SSL_ERROR_WANT_READ$SSL_ERROR_WANT_WRITE$SSL_ERROR_WANT_X509_LOOKUP$SSL_ERROR_ZERO_RETURN$VERIFY_ALLOW_PROXY_CERTS$VERIFY_CRL_CHECK_CHAIN$VERIFY_CRL_CHECK_LEAF$VERIFY_DEFAULT$VERIFY_X509_PARTIAL_CHAIN$VERIFY_X509_STRICT$VERIFY_X509_TRUSTED_FIRST$_DEFAULT_CIPHERS
API String ID: 435332665-2778531764
Opcode ID: 024234832900f10642a9de085ad6faf44d500e50331fea0c541e4cc1c1cdef31
Instruction ID: ec410d591fa2252394cd51fb84ed61b62f553bd9d4b8ceceaa29d8a0e0c7fca4
Opcode Fuzzy Hash: 024234832900f10642a9de085ad6faf44d500e50331fea0c541e4cc1c1cdef31
Instruction Fuzzy Hash: 5F2212A4B1AB1391E6049F16E8A52E623B5AF47FD1F487031CC0E0A776DE6DD18CC758

Function 00007FFDA3C18382 Relevance: 18.1, APIs: 12, Instructions: 107
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFDA3C14110: PyUnicode_FromStringAndSize.PYTHON311 ref: 00007FFDA3C1420C
Part of subcall function 00007FFDA3C14110: PyUnicode_InternInPlace.PYTHON311 ref: 00007FFDA3C14225

_Py_Dealloc.PYTHON311 ref: 00007FFDA3C183E6
_Py_Dealloc.PYTHON311 ref: 00007FFDA3C1841A
_Py_Dealloc.PYTHON311 ref: 00007FFDA3C1842E
_Py_Dealloc.PYTHON311 ref: 00007FFDA3C1844D
_Py_Dealloc.PYTHON311 ref: 00007FFDA3C1846C
_Py_Dealloc.PYTHON311 ref: 00007FFDA3C1848B
_Py_Dealloc.PYTHON311 ref: 00007FFDA3C184AA
_Py_Dealloc.PYTHON311 ref: 00007FFDA3C184C9
_Py_Dealloc.PYTHON311 ref: 00007FFDA3C184E8
_Py_Dealloc.PYTHON311 ref: 00007FFDA3C18507
_Py_Dealloc.PYTHON311 ref: 00007FFDA3C18526
_Py_Dealloc.PYTHON311 ref: 00007FFDA3C18545

Memory Dump Source

Source File: 00000002.00000002.2126792473.00007FFDA3C11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFDA3C10000, based on PE: true

Associated: 00000002.00000002.2126772534.00007FFDA3C10000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000002.00000002.2126822537.00007FFDA3C24000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000002.00000002.2126845192.00007FFDA3C2A000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000002.00000002.2126871176.00007FFDA3C2E000.00000002.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3c10000_file.jbxd

Similarity

API ID: Dealloc$Unicode_$FromInternPlaceSizeString
String ID:
API String ID: 2745024575-0
Opcode ID: 9280ec3cdcc7626997776a9e16dcb55bba6354dcabd47e52aff5645139c6f96c
Instruction ID: 35743f70a7a7575ffea1617dea501c0f0830af4974680aa601941fd748cb5a23
Opcode Fuzzy Hash: 9280ec3cdcc7626997776a9e16dcb55bba6354dcabd47e52aff5645139c6f96c
Instruction Fuzzy Hash: E451DA35F0FB0281FA55ABA5AD7823C73E6AF54B50F184134C95D227A3CE2FB540939A

Function 00007FFDA34E2B58 Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TlsFree.KERNEL32 ref: 00007FFDA36D955F

Memory Dump Source

Source File: 00000002.00000002.2126187999.00007FFDA34E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDA34E0000, based on PE: true

Associated: 00000002.00000002.2126164014.00007FFDA34E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126187999.00007FFDA34ED000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126187999.00007FFDA3545000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126187999.00007FFDA3559000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126187999.00007FFDA3569000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126187999.00007FFDA357D000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126187999.00007FFDA372D000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126503167.00007FFDA372F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126503167.00007FFDA375A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126503167.00007FFDA378C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126503167.00007FFDA37B1000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126660587.00007FFDA37FF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126682852.00007FFDA3800000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126709512.00007FFDA3807000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126709512.00007FFDA3824000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000002.00000002.2126709512.00007FFDA3828000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda34e0000_file.jbxd

Similarity

API ID: Free
String ID:
API String ID: 3978063606-0
Opcode ID: 99c7829f09a5c78c67ae0b713d3d91cb04d237d0367d97be12d496e7a1f6d673
Instruction ID: 9b29f457576b028ca2cd8b581fbef75e0be5d620a040f0b8c36cd249f9b776d9
Opcode Fuzzy Hash: 99c7829f09a5c78c67ae0b713d3d91cb04d237d0367d97be12d496e7a1f6d673
Instruction Fuzzy Hash: 1FC01226F074028BF788273CC8762B911A25F48710FA08038F40ED2B92ED0EA8998B09

Non-executed Functions

Function 00007FFDA3431410 Relevance: 75.5, APIs: 3, Strings: 40, Instructions: 244
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA344D057
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344D07F

Strings

..\s\ssl\ssl_ciph.c, xrefs: 00007FFDA344D047, 00007FFDA344D064
SRP, xrefs: 00007FFDA344D16E
ECDHEPSK, xrefs: 00007FFDA344D15C
RC4(128), xrefs: 00007FFDA344D23B
AEAD, xrefs: 00007FFDA344D422
GOST, xrefs: 00007FFDA344D12E
AESCCM(128), xrefs: 00007FFDA344D352
RSAPSK, xrefs: 00007FFDA344D165
RSA, xrefs: 00007FFDA344D0DF
3DES(168), xrefs: 00007FFDA344D244
AESCCM8(128), xrefs: 00007FFDA344D33A
unknown, xrefs: 00007FFDA344D0D5
SEED(128), xrefs: 00007FFDA344D2FF
CHACHA20/POLY1305(256), xrefs: 00007FFDA344D3C6
DHEPSK, xrefs: 00007FFDA344D153
None, xrefs: 00007FFDA344D17A
SHA256, xrefs: 00007FFDA344D2CF
PSK, xrefs: 00007FFDA344D105
AES(256), xrefs: 00007FFDA344D2ED
IDEA(128), xrefs: 00007FFDA344D229
AESCCM8(256), xrefs: 00007FFDA344D376
GOST2012, xrefs: 00007FFDA344D410
RC2(128), xrefs: 00007FFDA344D232
ARIAGCM(128), xrefs: 00007FFDA344D3BA
ECDH, xrefs: 00007FFDA344D10E
AESGCM(128), xrefs: 00007FFDA344D36A
DES(56), xrefs: 00007FFDA344D24D
MD5, xrefs: 00007FFDA344D3E4
AESGCM(256), xrefs: 00007FFDA344D35E
AES(128), xrefs: 00007FFDA344D2F6
Camellia(256), xrefs: 00007FFDA344D2DB
ARIAGCM(256), xrefs: 00007FFDA344D3AE
SHA1, xrefs: 00007FFDA344D3DB
any, xrefs: 00007FFDA344D125
SHA384, xrefs: 00007FFDA344D3ED
GOST89, xrefs: 00007FFDA344D419
AESCCM(256), xrefs: 00007FFDA344D346
GOST94, xrefs: 00007FFDA344D3D2
GOST89(256), xrefs: 00007FFDA344D284
Camellia(128), xrefs: 00007FFDA344D2E4

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_mallocR_put_error
String ID: ..\s\ssl\ssl_ciph.c$3DES(168)$AEAD$AES(128)$AES(256)$AESCCM(128)$AESCCM(256)$AESCCM8(128)$AESCCM8(256)$AESGCM(128)$AESGCM(256)$ARIAGCM(128)$ARIAGCM(256)$CHACHA20/POLY1305(256)$Camellia(128)$Camellia(256)$DES(56)$DHEPSK$ECDH$ECDHEPSK$GOST$GOST2012$GOST89$GOST89(256)$GOST94$IDEA(128)$MD5$None$PSK$RC2(128)$RC4(128)$RSA$RSAPSK$SEED(128)$SHA1$SHA256$SHA384$SRP$any$unknown
API String ID: 2513334388-3318204952
Opcode ID: 4adb48f84b4924d141d5bdbe785b0068ae35efe4cb104e0f7c3573dfabd82022
Instruction ID: 9a6ed0b286bad8e41d7420c1cb020d8fe176b1777571b3fc920daa807162f17e
Opcode Fuzzy Hash: 4adb48f84b4924d141d5bdbe785b0068ae35efe4cb104e0f7c3573dfabd82022
Instruction Fuzzy Hash: 79B13E61F0EF8692F2A48B54A4745B86663BB47340F910532E84DB27E78FBFF944D248

Function 00007FFDA34310FF Relevance: 61.5, APIs: 32, Strings: 3, Instructions: 276COMMON

Download Yara Rule

APIs

CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 00007FFDA344B983
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344B9AB
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344BA23
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA344BA38

Strings

..\s\ssl\ssl_cert.c, xrefs: 00007FFDA344B97C, 00007FFDA344B990, 00007FFDA344BA08, 00007FFDA344BA2E, 00007FFDA344BADD, 00007FFDA344BB3B, 00007FFDA344BB95, 00007FFDA344BBFF, 00007FFDA344BC2D, 00007FFDA344BC46, 00007FFDA344BC5F, 00007FFDA344BC9C, 00007FFDA344BCC0, 00007FFDA344BD10, 00007FFDA344BD78, 00007FFDA344BE5D
~, xrefs: 00007FFDA344BCEC
gfffffff, xrefs: 00007FFDA344B9C3

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$O_freeO_zalloc
String ID: ..\s\ssl\ssl_cert.c$gfffffff$~
API String ID: 3565116557-3298543876
Opcode ID: 4f039a7254eafe91479a0f43595177cbf2583de0e40de7fbaf93f6fecf9e5042
Instruction ID: 5947b48cba1aefde75f83dc4ad70d58f9a288e8622d6f1f5b26b8f51b097948b
Opcode Fuzzy Hash: 4f039a7254eafe91479a0f43595177cbf2583de0e40de7fbaf93f6fecf9e5042
Instruction Fuzzy Hash: BED18131B06B8693EA68DB61E4602E973A2FF44740F444435DB9D97786DFBEE1A0C704

Function 00007FFDA34320B3 Relevance: 56.4, APIs: 30, Strings: 2, Instructions: 377COMMON

Download Yara Rule

APIs

EVP_CIPHER_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA3493039
COMP_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA349308B
COMP_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA34930A4
EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA3493180
EVP_CIPHER_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA349319E
EVP_CIPHER_CTX_reset.LIBCRYPTO-1_1 ref: 00007FFDA3493278
EVP_CIPHER_key_length.LIBCRYPTO-1_1 ref: 00007FFDA3493298
EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FFDA34932AA

Strings

..\s\ssl\t1_enc.c, xrefs: 00007FFDA349357E
x, xrefs: 00007FFDA349304A

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: X_new$R_flagsR_key_lengthX_freeX_reset
String ID: ..\s\ssl\t1_enc.c$x
API String ID: 3297287953-3671953471
Opcode ID: 2d914469476260751de1d5d47814c82ef4c0af32f3bd050d7e00b15e39510e60
Instruction ID: ce9b7f90321ba59655baae799a5a6ab00f971104d41080276e07492a02220f3a
Opcode Fuzzy Hash: 2d914469476260751de1d5d47814c82ef4c0af32f3bd050d7e00b15e39510e60
Instruction Fuzzy Hash: 5DF1E032B0A74285EB70DB12D4617B92792FB8AB88F444034EE4DA7796DF7EE445C708

Function 00007FFDA348E730 Relevance: 53.2, APIs: 27, Strings: 3, Instructions: 724COMMON

Download Yara Rule

APIs

OPENSSL_sk_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FFDA348FB25), ref: 00007FFDA348E7D5
OPENSSL_sk_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FFDA348FB25), ref: 00007FFDA348E7DE
CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FFDA348FB25), ref: 00007FFDA348E7F3
CRYPTO_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FFDA348FB25), ref: 00007FFDA348E808
memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFDA348FB25), ref: 00007FFDA348EA0F
OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FFDA348FB25), ref: 00007FFDA348EADF
OPENSSL_sk_value.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FFDA348FB25), ref: 00007FFDA348EAF6
OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,?,?,?,?,?,?,?,?,00007FFDA348FB25), ref: 00007FFDA348EB52

Strings

@, xrefs: 00007FFDA348EDF4
..\s\ssl\statem\statem_srvr.c, xrefs: 00007FFDA348E754, 00007FFDA348F3A2
P, xrefs: 00007FFDA348E765

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_freeL_sk_numO_free$L_sk_valuememcmp
String ID: ..\s\ssl\statem\statem_srvr.c$@$P
API String ID: 1579232405-1224705267
Opcode ID: 2a70b182a8d067ad67b4936308b03b2b550e428d95b36450b0de4587e2cb5c90
Instruction ID: cb1acecde3256cff0bb603fa64581b2b80a9e9df434e0056f1e71525b121e6d1
Opcode Fuzzy Hash: 2a70b182a8d067ad67b4936308b03b2b550e428d95b36450b0de4587e2cb5c90
Instruction Fuzzy Hash: B4728232B0A68286EB649F25D4607BD37A2FB44B88F144175DE4DA7786CFBEE580C704

Function 00007FFDA3431398 Relevance: 46.1, APIs: 24, Strings: 2, Instructions: 561COMMON

Download Yara Rule

APIs

EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA348DBC5
EVP_PKEY_new.LIBCRYPTO-1_1 ref: 00007FFDA348DC7E
EVP_PKEY_assign.LIBCRYPTO-1_1 ref: 00007FFDA348DC9B
EVP_PKEY_security_bits.LIBCRYPTO-1_1 ref: 00007FFDA348DCA6
DH_free.LIBCRYPTO-1_1 ref: 00007FFDA348DCE1
EVP_PKEY_get0_DH.LIBCRYPTO-1_1 ref: 00007FFDA348DDE1
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA348DDFE
DH_get0_key.LIBCRYPTO-1_1 ref: 00007FFDA348DE20
EVP_PKEY_get1_tls_encodedpoint.LIBCRYPTO-1_1 ref: 00007FFDA348DF1F
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA348DFC5
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA348DFD7
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA348DFDF

Strings

g, xrefs: 00007FFDA348DFEB
..\s\ssl\statem\statem_srvr.c, xrefs: 00007FFDA348DBE1, 00007FFDA348DD02, 00007FFDA348DE27, 00007FFDA348DFBB, 00007FFDA348E072, 00007FFDA348E1FE, 00007FFDA348E23D, 00007FFDA348E270

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: Y_free$H_freeH_get0_keyO_freeX_freeX_newY_assignY_get0_Y_get1_tls_encodedpointY_newY_security_bits
String ID: ..\s\ssl\statem\statem_srvr.c$g
API String ID: 2527737224-1154185083
Opcode ID: 2b769fa9366c267ee1c862e0bef853748302bc4ea84cfd79cf4f4ff89a962623
Instruction ID: ffaca575c9b192c442f3f5f4d95639456f2d51e58702a2e6ea55ed4c44ee9cc9
Opcode Fuzzy Hash: 2b769fa9366c267ee1c862e0bef853748302bc4ea84cfd79cf4f4ff89a962623
Instruction Fuzzy Hash: 0932B161B0AB4286FB24DB51D4203BD67A2EF45B88F044535DE4DABB86CFBEE5418708

Function 00007FFDA34315B4 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 207COMMON

Download Yara Rule

APIs

OBJ_nid2sn.LIBCRYPTO-1_1 ref: 00007FFDA3451101
EVP_get_cipherbyname.LIBCRYPTO-1_1 ref: 00007FFDA3451109
OBJ_nid2sn.LIBCRYPTO-1_1 ref: 00007FFDA3451147
EVP_get_digestbyname.LIBCRYPTO-1_1 ref: 00007FFDA345114F
EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA345116E
EVP_PKEY_asn1_find_str.LIBCRYPTO-1_1 ref: 00007FFDA34511D1
EVP_PKEY_asn1_get0_info.LIBCRYPTO-1_1 ref: 00007FFDA34511F1
ENGINE_finish.LIBCRYPTO-1_1 ref: 00007FFDA3451205
EVP_PKEY_asn1_find_str.LIBCRYPTO-1_1 ref: 00007FFDA3451243
EVP_PKEY_asn1_get0_info.LIBCRYPTO-1_1 ref: 00007FFDA3451263
ENGINE_finish.LIBCRYPTO-1_1 ref: 00007FFDA3451277
EVP_PKEY_asn1_find_str.LIBCRYPTO-1_1 ref: 00007FFDA34512B8
EVP_PKEY_asn1_get0_info.LIBCRYPTO-1_1 ref: 00007FFDA34512D8
ENGINE_finish.LIBCRYPTO-1_1 ref: 00007FFDA34512EC
EVP_PKEY_asn1_find_str.LIBCRYPTO-1_1 ref: 00007FFDA3451318
EVP_PKEY_asn1_get0_info.LIBCRYPTO-1_1 ref: 00007FFDA3451338
ENGINE_finish.LIBCRYPTO-1_1 ref: 00007FFDA345134C
EVP_PKEY_asn1_find_str.LIBCRYPTO-1_1 ref: 00007FFDA3451378
EVP_PKEY_asn1_get0_info.LIBCRYPTO-1_1 ref: 00007FFDA3451398
ENGINE_finish.LIBCRYPTO-1_1 ref: 00007FFDA34513AC

Strings

gost-mac, xrefs: 00007FFDA34511B9
gost2001, xrefs: 00007FFDA34512AA
gost-mac-12, xrefs: 00007FFDA3451235
`, xrefs: 00007FFDA345118D
gost2012_256, xrefs: 00007FFDA345130A
gost2012_512, xrefs: 00007FFDA345136A

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: E_finishY_asn1_find_strY_asn1_get0_info$J_nid2sn$D_sizeP_get_cipherbynameP_get_digestbyname
String ID: `$gost-mac$gost-mac-12$gost2001$gost2012_256$gost2012_512
API String ID: 3257371973-344903700
Opcode ID: 12aa17bb1e1add8f025077da12bd69ef49e8b4f7806767d609dbfba498f52ab9
Instruction ID: 7d70f2332948bbc69aeef8d6aaf4d31ebc72a753f0632219d763a0d63e84a9a2
Opcode Fuzzy Hash: 12aa17bb1e1add8f025077da12bd69ef49e8b4f7806767d609dbfba498f52ab9
Instruction Fuzzy Hash: CAA14372F0AB5286FB209F24E8606A936A6FB4875CF010235E54DD3B96DFBDE451C708

Function 00007FFDA343220C Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 212COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3454DED
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3454E3F
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3454E64

Strings

ssl3-md5, xrefs: 00007FFDA3455007
ALL:!COMPLEMENTOFDEFAULT:!eNULL, xrefs: 00007FFDA3454FC7
ssl3-sha1, xrefs: 00007FFDA345502F
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256, xrefs: 00007FFDA3454F95
..\s\ssl\ssl_lib.c, xrefs: 00007FFDA3454DE3, 00007FFDA3454E2F, 00007FFDA3454E4F, 00007FFDA3454E8E, 00007FFDA3454EEE, 00007FFDA3454F14, 00007FFDA34550A3

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error
String ID: ..\s\ssl\ssl_lib.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256$ssl3-md5$ssl3-sha1
API String ID: 1767461275-1115027282
Opcode ID: d31de0c650af1bc453eac0a99e941c3a8bbcb35e6f65d6d5bdd2af1ab64f44e3
Instruction ID: 00ed01568b5b17802a14f7c180ee2acb0435de87e119f4c0e13a38240b254221
Opcode Fuzzy Hash: d31de0c650af1bc453eac0a99e941c3a8bbcb35e6f65d6d5bdd2af1ab64f44e3
Instruction Fuzzy Hash: AEA14C31B4AB8285FB549F21D4613B93292EF44B48F440135DA4DAB397EFBEE944C718

Function 00007FFDA3432153 Relevance: 36.8, APIs: 20, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3454980
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34549A4
CRYPTO_free_ex_data.LIBCRYPTO-1_1 ref: 00007FFDA34549DB
OPENSSL_LH_free.LIBCRYPTO-1_1 ref: 00007FFDA34549E4
X509_STORE_free.LIBCRYPTO-1_1 ref: 00007FFDA34549ED
CTLOG_STORE_free.LIBCRYPTO-1_1 ref: 00007FFDA34549F9
OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 00007FFDA3454A02
OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 00007FFDA3454A0B
OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 00007FFDA3454A14
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA3454A33
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA3454A46
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA3454A59
OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 00007FFDA3454A70
ENGINE_finish.LIBCRYPTO-1_1 ref: 00007FFDA3454A84
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3454A9D
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3454AB6
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3454ACF
CRYPTO_secure_free.LIBCRYPTO-1_1 ref: 00007FFDA3454AE8
CRYPTO_THREAD_lock_free.LIBCRYPTO-1_1 ref: 00007FFDA3454AF4
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3454B09

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA3454973, 00007FFDA345498C, 00007FFDA3454A90, 00007FFDA3454AA9, 00007FFDA3454AC2, 00007FFDA3454ADB, 00007FFDA3454AFF

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$L_sk_free$L_sk_pop_free$E_free$D_lock_freeE_finishH_freeO_free_ex_dataO_secure_freeX509_
String ID: ..\s\ssl\ssl_lib.c
API String ID: 4271332762-1080266419
Opcode ID: 1bb6b90b65bbddc8b251f82ba10e2ef704219c5c8985f6425e8117cd6d9d9a32
Instruction ID: 2d3dec5ffc6b66e8b73dff8ed6e096deea26cad7e6078755727ed5ff28533d26
Opcode Fuzzy Hash: 1bb6b90b65bbddc8b251f82ba10e2ef704219c5c8985f6425e8117cd6d9d9a32
Instruction Fuzzy Hash: B9411221B1AA4281EB50AF31D8767F82322EF85B48F045132E90DEB39BCEAFD545C354

Function 00007FFDA34315E6 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 338COMMON

Download Yara Rule

APIs

EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA3487EE3
X509_get0_pubkey.LIBCRYPTO-1_1 ref: 00007FFDA3487F43
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA34883F4
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA348840E
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA348841F

Strings

..\s\ssl\statem\statem_lib.c, xrefs: 00007FFDA3487EF0, 00007FFDA3487F21, 00007FFDA3487F5D, 00007FFDA3487F84, 00007FFDA3488017, 00007FFDA348814D, 00007FFDA348817A, 00007FFDA34881C1, 00007FFDA3488360, 00007FFDA348838B, 00007FFDA34883B7, 00007FFDA34883D7

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$X509_get0_pubkeyX_freeX_new
String ID: ..\s\ssl\statem\statem_lib.c
API String ID: 1476775391-2839845709
Opcode ID: e76683827f435abca87562a79174e61183915a5f7e253666586ca727483a72ef
Instruction ID: 8e554211a1636a5d00780fc557bcce9a6e297d817a543527eb6c9fa61e856f6a
Opcode Fuzzy Hash: e76683827f435abca87562a79174e61183915a5f7e253666586ca727483a72ef
Instruction Fuzzy Hash: 6EE19F31B0A74282E7249B12D4603BD77A2FB85B84F444035DA4DA7B9BDFBEE545C708

Function 00007FFDA3432554 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 296COMMON

Download Yara Rule

APIs

BIO_s_file.LIBCRYPTO-1_1 ref: 00007FFDA34611B7
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA34611BF
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA34611EC
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3461524
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA346153A
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3461550
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3461566
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA346157C
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA3461584

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FFDA34613AF, 00007FFDA346140A, 00007FFDA3461423, 00007FFDA346143D, 00007FFDA3461513, 00007FFDA346152D, 00007FFDA3461543, 00007FFDA3461559, 00007FFDA346156F

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$O_ctrlO_newO_s_fileR_put_error
String ID: ..\s\ssl\ssl_rsa.c
API String ID: 775051240-2723262194
Opcode ID: 5cc81ffaed0b9ae9af558c7c0ec09825c838d42e43cf024dd1d6977fda48320e
Instruction ID: 9ef2f8f6cc9c11f3bf45450dfbc725fa25ee9fd8af2d5b8557cc74cc36a835eb
Opcode Fuzzy Hash: 5cc81ffaed0b9ae9af558c7c0ec09825c838d42e43cf024dd1d6977fda48320e
Instruction Fuzzy Hash: A1C1F662F196568AFB20CF61D4706BC36A2BB45788F400135DE4EE7B86CFBED1558348

Function 00007FFDA343114F Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 289COMMON

Download Yara Rule

APIs

EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA3469B2A
EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA3469C09
EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFDA3469C23
EVP_DigestFinal_ex.LIBCRYPTO-1_1 ref: 00007FFDA3469C3E
EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FFDA3469CCA
OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 00007FFDA3469F62
OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 00007FFDA3469F74
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA3469F7E
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA3469F86

Strings

res binder, xrefs: 00007FFDA3469BB7
..\s\ssl\statem\extensions.c, xrefs: 00007FFDA3469B39, 00007FFDA3469F23
ext binder, xrefs: 00007FFDA3469BBE

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: Digest$Init_exL_cleanse$D_sizeFinal_exX_freeX_newY_free
String ID: ..\s\ssl\statem\extensions.c$ext binder$res binder
API String ID: 3409567581-999040457
Opcode ID: ad398bd95705d5654f3f80e6eda14f3b796389c0bb73dd50416db110d31f1df1
Instruction ID: 60c923016f529b788f015b34d44928de192ff70466755f192e4c013501b5be82
Opcode Fuzzy Hash: ad398bd95705d5654f3f80e6eda14f3b796389c0bb73dd50416db110d31f1df1
Instruction Fuzzy Hash: 66C1A33270A78285EB749F11E4643BA6396FB84784F440036DA4DA7B9ADFFED150CB08

Function 00007FFDA34340BA Relevance: 29.8, APIs: 15, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

BIO_get_data.LIBCRYPTO-1_1 ref: 00007FFDA34340CB
BIO_get_init.LIBCRYPTO-1_1 ref: 00007FFDA34340EF
BIO_clear_flags.LIBCRYPTO-1_1 ref: 00007FFDA3434108
BIO_set_init.LIBCRYPTO-1_1 ref: 00007FFDA3434112

Part of subcall function 00007FFDA34316DB: ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345B635

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3434127
CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 00007FFDA343413D
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3434163
BIO_set_init.LIBCRYPTO-1_1 ref: 00007FFDA3434174
BIO_clear_flags.LIBCRYPTO-1_1 ref: 00007FFDA343418C
BIO_get_data.LIBCRYPTO-1_1 ref: 00007FFDA3434194
BIO_set_shutdown.LIBCRYPTO-1_1 ref: 00007FFDA34341A1
BIO_push.LIBCRYPTO-1_1 ref: 00007FFDA34341C4
BIO_set_next.LIBCRYPTO-1_1 ref: 00007FFDA34341CF
BIO_up_ref.LIBCRYPTO-1_1 ref: 00007FFDA34341D7
BIO_set_init.LIBCRYPTO-1_1 ref: 00007FFDA34341E1

Strings

..\s\ssl\bio_ssl.c, xrefs: 00007FFDA343411D, 00007FFDA3434132, 00007FFDA343414A
=, xrefs: 00007FFDA3434151

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_set_init$O_clear_flagsO_get_dataR_put_error$O_freeO_get_initO_pushO_set_nextO_set_shutdownO_up_refO_zalloc
String ID: ..\s\ssl\bio_ssl.c$=
API String ID: 2608601196-3341019427
Opcode ID: 9f8a5afc2c3a4201c34a94a68da72c78de737977bd8e18c9460f781fc46890a1
Instruction ID: b04eaa12b0c0178f92543eecc7ce69ebe63419302f0b1bdcee5960275fee4e88
Opcode Fuzzy Hash: 9f8a5afc2c3a4201c34a94a68da72c78de737977bd8e18c9460f781fc46890a1
Instruction Fuzzy Hash: 97317C10B0FA1642FA18F66795361BD56835F82BD0F004135EC1DABBCBDEAEE542830C

Function 00007FFDA343247D Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 141COMMON

Download Yara Rule

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA34937B2
memcpy.VCRUNTIME140 ref: 00007FFDA34937D9
memcpy.VCRUNTIME140 ref: 00007FFDA3493854
memcmp.VCRUNTIME140 ref: 00007FFDA3493869
memcmp.VCRUNTIME140 ref: 00007FFDA3493886
memcmp.VCRUNTIME140 ref: 00007FFDA34938C5
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3493978
CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FFDA3493992

Strings

server finished, xrefs: 00007FFDA349387C
master s, xrefs: 00007FFDA3493893
extended master secret, xrefs: 00007FFDA34938BB
client finished, xrefs: 00007FFDA349385F
..\s\ssl\t1_enc.c, xrefs: 00007FFDA34937A8, 00007FFDA3493967, 00007FFDA3493985
n, xrefs: 00007FFDA34938EA
key expa, xrefs: 00007FFDA34938D2
nsio, xrefs: 00007FFDA34938E1

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: memcmp$memcpy$O_clear_freeO_mallocR_put_error
String ID: ..\s\ssl\t1_enc.c$client finished$extended master secret$key expa$master s$n$nsio$server finished
API String ID: 1314788138-2209449699
Opcode ID: a62c89e45f9aae1aa45b5aa0e64a944a779c13e5e019ddb20736eb6dd076abf3
Instruction ID: e89b6923669dbcb29314750762a5b07c2edbf5e82b0b883737ff09079e61091e
Opcode Fuzzy Hash: a62c89e45f9aae1aa45b5aa0e64a944a779c13e5e019ddb20736eb6dd076abf3
Instruction Fuzzy Hash: CD51F922B0978185E760CF16E8103A9B7A6FB55BC4F048135EE8C93B56DFBDD184C704

Function 00007FFDA343177B Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 445COMMON

Download Yara Rule

APIs

EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA347341B
EVP_PKEY_new_raw_private_key.LIBCRYPTO-1_1 ref: 00007FFDA347343C
EVP_sha256.LIBCRYPTO-1_1 ref: 00007FFDA347345F
EVP_DigestSignInit.LIBCRYPTO-1_1 ref: 00007FFDA3473474
EVP_DigestSign.LIBCRYPTO-1_1 ref: 00007FFDA3473495
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA34734B1
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA34734B9
CRYPTO_memcmp.LIBCRYPTO-1_1 ref: 00007FFDA34734CB
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA3473A6F
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA3473A77
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA3473A92
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA3473A9A

Strings

..\s\ssl\statem\extensions_srvr.c, xrefs: 00007FFDA3473ACD
, xrefs: 00007FFDA34734A2

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: X_freeY_free$DigestSign$InitO_memcmpP_sha256X_newY_new_raw_private_key
String ID: $..\s\ssl\statem\extensions_srvr.c
API String ID: 1001666065-1533168471
Opcode ID: 3a3098dfb846c9c121a9c1ce49b31b97a850979f605987c42cedba07d40a0cf7
Instruction ID: 60d72d3c7b9f7d072a246aa2a22ce150c413a649b87d0a67c77fe409f982cc1e
Opcode Fuzzy Hash: 3a3098dfb846c9c121a9c1ce49b31b97a850979f605987c42cedba07d40a0cf7
Instruction Fuzzy Hash: F412F56271A28242EB209B21D4653BD7792EB80784F444031EA9DF77C7DFBEE644CB48

Function 00007FFDA34317BE Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 399COMMON

Download Yara Rule

APIs

OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 00007FFDA349127E
d2i_X509.LIBCRYPTO-1_1 ref: 00007FFDA3491429
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA3491640
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA349164F

Strings

..\s\ssl\statem\statem_srvr.c, xrefs: 00007FFDA34912A2, 00007FFDA34913C0, 00007FFDA3491908

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_new_nullL_sk_pop_freeX509X509_freed2i_
String ID: ..\s\ssl\statem\statem_srvr.c
API String ID: 1068509327-348624464
Opcode ID: 047c664a130ff2571797c587888e675e27d8cbdbf6d03dff3244928dbb089734
Instruction ID: 5dad75a381e0b6da7e25ba80c31111aaa15d9f28381dceb769907c65089e571f
Opcode Fuzzy Hash: 047c664a130ff2571797c587888e675e27d8cbdbf6d03dff3244928dbb089734
Instruction Fuzzy Hash: 1D02F532B0E68186E764CB21E4647B977A2FB84B88F044035DA8DE7B96DFBED540C704

Function 00007FFDA34597F0 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 268COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3459822
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3459852

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA3459814, 00007FFDA3459842, 00007FFDA3459864, 00007FFDA34598A9, 00007FFDA34598D1, 00007FFDA3459B6F, 00007FFDA3459BBA, 00007FFDA3459C13

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1767461275-1080266419
Opcode ID: bf047813b576c522cd4c32d7226736ccf2e9ab922e80ea57f9722168430ad6f3
Instruction ID: fb9cb105a5dae020957ca79fef7a74f438a2bc6e1f55ac2f1266e4558197bc45
Opcode Fuzzy Hash: bf047813b576c522cd4c32d7226736ccf2e9ab922e80ea57f9722168430ad6f3
Instruction Fuzzy Hash: C6E10836B06B8196EB488F25D5903E973A6FB48B88F080139DF5C9B356DF79E4A0C714

Function 00007FFDA34315C8 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 214COMMON

Download Yara Rule

APIs

EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA3486D62
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3486FF6
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA3486FFE

Strings

..\s\ssl\statem\statem_lib.c, xrefs: 00007FFDA3486CF6

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeX_freeX_new
String ID: ..\s\ssl\statem\statem_lib.c
API String ID: 419883019-2839845709
Opcode ID: 1e3e695176e06fffc797113366f58f9a72a185ed1cb01f87ade92c30fcb11fed
Instruction ID: 7b5584d421e3d8105f9b034bc55a1089ce65c326f4054d3e58856f5d8540e453
Opcode Fuzzy Hash: 1e3e695176e06fffc797113366f58f9a72a185ed1cb01f87ade92c30fcb11fed
Instruction Fuzzy Hash: 1D91933170E64642FAA49B12E4216BA6692EF84BD8F040031EF4DA7B97DFBED5458708

Function 00007FFDA34316F4 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA3465A88
CRYPTO_THREAD_lock_new.LIBCRYPTO-1_1 ref: 00007FFDA3465BAC
X509_up_ref.LIBCRYPTO-1_1 ref: 00007FFDA3465BE8
X509_chain_up_ref.LIBCRYPTO-1_1 ref: 00007FFDA3465C0F
CRYPTO_strdup.LIBCRYPTO-1_1 ref: 00007FFDA3465C3D
CRYPTO_strdup.LIBCRYPTO-1_1 ref: 00007FFDA3465C6B
CRYPTO_dup_ex_data.LIBCRYPTO-1_1 ref: 00007FFDA3465C8F
CRYPTO_strdup.LIBCRYPTO-1_1 ref: 00007FFDA3465CB1
CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA3465CE6
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3465D14
CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA3465D6C
CRYPTO_strdup.LIBCRYPTO-1_1 ref: 00007FFDA3465D9A
CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA3465DCF

Strings

..\s\ssl\ssl_sess.c, xrefs: 00007FFDA3465A7C, 00007FFDA3465C36, 00007FFDA3465C64, 00007FFDA3465CAA, 00007FFDA3465CD9, 00007FFDA3465D04, 00007FFDA3465D5F, 00007FFDA3465D93, 00007FFDA3465DC2

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_strdup$O_memdup$D_lock_newO_dup_ex_dataO_mallocR_put_errorX509_chain_up_refX509_up_ref
String ID: ..\s\ssl\ssl_sess.c
API String ID: 101854310-2868363209
Opcode ID: 620caea816c0786f603f172eae432855e06785533cb4aa23b9074fd5e8f499ac
Instruction ID: a9e2db6f1f2cf713bcbc0b8d5e3dd337aaddd6c9d28d0533db2b7ec5a53cf291
Opcode Fuzzy Hash: 620caea816c0786f603f172eae432855e06785533cb4aa23b9074fd5e8f499ac
Instruction Fuzzy Hash: DDA11A32B0ABC282EA558F2499603F833A1FF54784F085635DE8C66797DFB9E1A4D314

Function 00007FFDA34311B3 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA344C013
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA344C027
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA344C034
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA344C047
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA344C060
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA344C08B
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA344C0A4
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA344C0BD
X509_STORE_free.LIBCRYPTO-1_1 ref: 00007FFDA344C0C9
X509_STORE_free.LIBCRYPTO-1_1 ref: 00007FFDA344C0D5
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA344C0FA
CRYPTO_THREAD_lock_free.LIBCRYPTO-1_1 ref: 00007FFDA344C106
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA344C11B

Strings

..\s\ssl\ssl_cert.c, xrefs: 00007FFDA344C050, 00007FFDA344C07E, 00007FFDA344C097, 00007FFDA344C0B0, 00007FFDA344C0ED, 00007FFDA344C111

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$E_freeX509_Y_free$D_lock_freeL_sk_pop_freeX509_free
String ID: ..\s\ssl\ssl_cert.c
API String ID: 3478116879-349359282
Opcode ID: 5f8a3736d984fe00c60a7365bfcee0a976a29e4624aee41000a6f567bb983a88
Instruction ID: 939a7c62e50cb9513c6b27ed17c10f3556d9f8184d8cbfbeef063812a9d54f54
Opcode Fuzzy Hash: 5f8a3736d984fe00c60a7365bfcee0a976a29e4624aee41000a6f567bb983a88
Instruction Fuzzy Hash: 2A319131F0AB42D5EB54AB61D4A12B86322FF81B84F440031EE5DE7797CFAEE5908704

Function 00007FFDA34313F2 Relevance: 24.3, APIs: 16, Instructions: 287COMMON

Download Yara Rule

APIs

OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA34458E4
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA34458F2
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA3445903
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA3445915
OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 00007FFDA34459CF
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA34459E5
OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 00007FFDA34459F9
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA3445A0B
OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 00007FFDA3445A1F
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA3445A86
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA3445AA5
OPENSSL_sk_find.LIBCRYPTO-1_1 ref: 00007FFDA3445BCB
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA3445C1D
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA3445C2C
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA3445C5E
OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 00007FFDA3445C7A

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_value$L_sk_num$L_sk_push$L_sk_findL_sk_free
String ID:
API String ID: 3834244297-0
Opcode ID: e820d05d0a6482de85e4642c40771d14cb3a8fe6c7d2814c95ac8d24c6e8fb40
Instruction ID: 35e9bfb2e47c447bb1f46ac2b19e6d7414f9ecd9d7ac5b68ad863d0d9360d3a2
Opcode Fuzzy Hash: e820d05d0a6482de85e4642c40771d14cb3a8fe6c7d2814c95ac8d24c6e8fb40
Instruction Fuzzy Hash: 86B10521B0A25287EF649A1590A177E62D3FF84B88F544074DE4EE7787CFBEE4858708

Function 00007FFDA3431393 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 346COMMON

Download Yara Rule

APIs

OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 00007FFDA347EDC7
d2i_X509.LIBCRYPTO-1_1 ref: 00007FFDA347EED9
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA347F33B
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA347F34A

Strings

..\s\ssl\statem\statem_clnt.c, xrefs: 00007FFDA347EE7B, 00007FFDA347F316

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_new_nullL_sk_pop_freeX509X509_freed2i_
String ID: ..\s\ssl\statem\statem_clnt.c
API String ID: 1068509327-1507966698
Opcode ID: 417162d400591d561de6587a29aeb4b4f9203539dd162e8af69dbb0b36e84f8f
Instruction ID: ae04883a000994cd2a8318c553e6c73677135635a566c7a6b8be37245e5a5bc7
Opcode Fuzzy Hash: 417162d400591d561de6587a29aeb4b4f9203539dd162e8af69dbb0b36e84f8f
Instruction Fuzzy Hash: 70E1F63270A68186E720DB15D4603BD7792FB84B84F444136DE8CABB86CFBEE591C704

Function 00007FFDA3432572 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 313COMMON

Download Yara Rule

APIs

EVP_CIPHER_CTX_iv_length.LIBCRYPTO-1_1 ref: 00007FFDA3442536

Strings

M, xrefs: 00007FFDA3442920
..\s\ssl\record\ssl3_record_tls13.c, xrefs: 00007FFDA34424B2, 00007FFDA34428FD, 00007FFDA344292D

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: X_iv_length
String ID: ..\s\ssl\record\ssl3_record_tls13.c$M
API String ID: 507009519-1371881060
Opcode ID: cbbd41ce0271423c3d369916ae0a8edbf8c7d68b7c4bdce82aecd0230584fbc8
Instruction ID: 2e54761ca4bb69899c3849ade116935776e0b2f1651e2fcfe461a0f0163f3536
Opcode Fuzzy Hash: cbbd41ce0271423c3d369916ae0a8edbf8c7d68b7c4bdce82aecd0230584fbc8
Instruction Fuzzy Hash: 1DE1D226B0A6828AFB648B25E4203BD77A2FB44788F044135DE4DE7B96DF7ED450C708

Function 00007FFDA34314B5 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 263COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3457359

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA3457349, 00007FFDA34574CB

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1767461275-1080266419
Opcode ID: 285e1bb05ba7f520ab97df2fc0e47dcc5496a50c8059dd24c577624064e1d214
Instruction ID: bec170d062a9c6823e0c0dfdabb1c71c304b216d2eedfd9321291962f9929d4d
Opcode Fuzzy Hash: 285e1bb05ba7f520ab97df2fc0e47dcc5496a50c8059dd24c577624064e1d214
Instruction Fuzzy Hash: A3D18B32B06B8286EBA89F25D5603AD77A2FB44B54F084035DF1D97386DF79E8A0C714

Function 00007FFDA3447690 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDA3431CBC: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FFDA34443D4

EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA34476CB
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA34476F0
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3447722
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA344773C
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA344775C
CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FFDA3447783
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34477A3
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34477C3

Part of subcall function 00007FFDA34320A4: BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA3444A60
Part of subcall function 00007FFDA34320A4: EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA3444A85

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34477EB
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA344780B
CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FFDA3447831

Strings

..\s\ssl\s3_lib.c, xrefs: 00007FFDA34476FC, 00007FFDA3447748, 00007FFDA3447768, 00007FFDA344778F, 00007FFDA34477AF, 00007FFDA34477D7, 00007FFDA34477F7, 00007FFDA344781F

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$O_clear_free$Y_free$L_sk_pop_freeX_free
String ID: ..\s\ssl\s3_lib.c
API String ID: 3200038428-4238427508
Opcode ID: 7de7a4fa8b5b23e8bb9570483213105eaef60e70f7ecbfcd5133edc4a2017182
Instruction ID: fc1f541f40bdccd1ae96aa5096fffd1d0f3d074205a05e94c368a5d7420c34a0
Opcode Fuzzy Hash: 7de7a4fa8b5b23e8bb9570483213105eaef60e70f7ecbfcd5133edc4a2017182
Instruction Fuzzy Hash: 49413225B06B8695EB40EF16D4B57E82322EF81F88F044036DD4D9F3A7CEAED5468354

Function 00007FFDA34321C1 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 355COMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDA347E894
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA347E8C0
CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA347E8E7
EVP_sha256.LIBCRYPTO-1_1 ref: 00007FFDA347EA62
EVP_Digest.LIBCRYPTO-1_1 ref: 00007FFDA347EA8E
EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA347EB1A
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA347EBA5
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA347EC01

Strings

resumption, xrefs: 00007FFDA347EB49
..\s\ssl\statem\statem_clnt.c, xrefs: 00007FFDA347E89A, 00007FFDA347EBD6
&, xrefs: 00007FFDA347EBCA

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$D_sizeDigestO_mallocP_sha256_time64
String ID: &$..\s\ssl\statem\statem_clnt.c$resumption
API String ID: 1034084170-1441847574
Opcode ID: ccdf85ddf26547665e31e6571dd1f93e08b7acb0ad1d4dc524410b283e9881f3
Instruction ID: 25b88092fd446b5ee8c336aae3522d8661d10d34cdf3a1a837adda3bad133332
Opcode Fuzzy Hash: ccdf85ddf26547665e31e6571dd1f93e08b7acb0ad1d4dc524410b283e9881f3
Instruction Fuzzy Hash: 25F1D37270A68185E724CF15E4643BDBBA2FB84B84F048235DA8D97796CFBED590C704

Function 00007FFDA34310F5 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 328COMMON

Download Yara Rule

APIs

EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA347DFC1
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA347E089
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA347E4CE

Strings

D:\a\1\s\ssl\packet_local.h, xrefs: 00007FFDA347E0A7, 00007FFDA347E0B7
y, xrefs: 00007FFDA347E48B
..\s\ssl\statem\statem_clnt.c, xrefs: 00007FFDA347DFCD, 00007FFDA347E061, 00007FFDA347E0E1, 00007FFDA347E102

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeX_freeY_free
String ID: ..\s\ssl\statem\statem_clnt.c$D:\a\1\s\ssl\packet_local.h$y
API String ID: 392469334-141503021
Opcode ID: fdae337394631602f5d79a122da3a82e9ee054d725b34f25c62668988d6f740c
Instruction ID: a647c6183c9121dc7200e89cb4f3003cc24f1e04efc458117e82b23553ef28ad
Opcode Fuzzy Hash: fdae337394631602f5d79a122da3a82e9ee054d725b34f25c62668988d6f740c
Instruction Fuzzy Hash: 7AE1B372B0A64285F7248F12D4607BD2B62EB44B98F044235DE4DA7B97DFBEE185C708

Function 00007FFDA3431523 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA349CB13
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA349CB2C
BN_free.LIBCRYPTO-1_1 ref: 00007FFDA349CB38
BN_free.LIBCRYPTO-1_1 ref: 00007FFDA349CB44
BN_free.LIBCRYPTO-1_1 ref: 00007FFDA349CB50
BN_free.LIBCRYPTO-1_1 ref: 00007FFDA349CB5C
BN_free.LIBCRYPTO-1_1 ref: 00007FFDA349CB68
BN_free.LIBCRYPTO-1_1 ref: 00007FFDA349CB74
BN_free.LIBCRYPTO-1_1 ref: 00007FFDA349CB80
BN_free.LIBCRYPTO-1_1 ref: 00007FFDA349CB8C

Strings

..\s\ssl\tls_srp.c, xrefs: 00007FFDA349CB06, 00007FFDA349CB1F

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: N_free$O_free
String ID: ..\s\ssl\tls_srp.c
API String ID: 3506937590-1778748169
Opcode ID: 991b548c7e5f8c3eedac9789aad45eff1a4166c0cba9e00780eef01bff49c7e0
Instruction ID: 6c5fd3c5395edabf1213e0509b7ebc00c2de33ed4c3485328d0cf9d563f8b423
Opcode Fuzzy Hash: 991b548c7e5f8c3eedac9789aad45eff1a4166c0cba9e00780eef01bff49c7e0
Instruction Fuzzy Hash: 6F212F22F16A8242E715DF61C4613F81316EB94B48F085231FD0C9B297DFAAE6D18364

Function 00007FFDA344E180 Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

COMP_zlib.LIBCRYPTO-1_1 ref: 00007FFDA344E18F
CRYPTO_mem_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA344E19C
OPENSSL_sk_new.LIBCRYPTO-1_1 ref: 00007FFDA344E1A8
COMP_get_type.LIBCRYPTO-1_1 ref: 00007FFDA344E1B7
CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA344E1E1
COMP_get_name.LIBCRYPTO-1_1 ref: 00007FFDA344E1FB
OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 00007FFDA344E20E
OPENSSL_sk_sort.LIBCRYPTO-1_1 ref: 00007FFDA344E21A
CRYPTO_mem_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA344E229

Strings

..\s\ssl\ssl_ciph.c, xrefs: 00007FFDA344E1D5

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_mem_ctrl$L_sk_newL_sk_pushL_sk_sortO_mallocP_get_nameP_get_typeP_zlib
String ID: ..\s\ssl\ssl_ciph.c
API String ID: 680475741-1847046956
Opcode ID: 62ee42c7a7c76134d40cdec2259d5c75cc418fa19301ec1af2a8b91bded5920c
Instruction ID: 9fdc2646f2c6a942d48e618829aa1ef66b7c093da5426af07cc57f3e5c02179b
Opcode Fuzzy Hash: 62ee42c7a7c76134d40cdec2259d5c75cc418fa19301ec1af2a8b91bded5920c
Instruction Fuzzy Hash: 8F111C20F0AB0241FA64AB56E8753B8A297AF45784F440435EA0DE73D7DEEFE4908708

Function 00007FFDA3480240 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 239COMMON

Download Yara Rule

APIs

BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA347E15A), ref: 00007FFDA34803D7
BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA347E15A), ref: 00007FFDA34803EB
BN_free.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA347E15A), ref: 00007FFDA34805A8
BN_free.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA347E15A), ref: 00007FFDA34805B0
BN_free.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA347E15A), ref: 00007FFDA34805B8
DH_free.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA347E15A), ref: 00007FFDA34805C0
EVP_PKEY_free.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA347E15A), ref: 00007FFDA34805C8

Strings

..\s\ssl\statem\statem_clnt.c, xrefs: 00007FFDA3480245, 00007FFDA3480591, 00007FFDA34805E1

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: N_free$N_bin2bn$H_freeY_free
String ID: ..\s\ssl\statem\statem_clnt.c
API String ID: 2982095754-1507966698
Opcode ID: 2a12ea7c95104e32635f3a9105b02c5bb099e863f7de12298ca0f2c235696508
Instruction ID: b0e435201ff932b7b35d9be397855e8b441cd1dc3cff4a02b9d8aad81f0684d5
Opcode Fuzzy Hash: 2a12ea7c95104e32635f3a9105b02c5bb099e863f7de12298ca0f2c235696508
Instruction Fuzzy Hash: C6910B62B1E7C146E770DB55A4207BAA792FB85784F005030EE8DA7B47DF7EE5908B04

Function 00007FFDA347B1F0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 198COMMON

Download Yara Rule

Strings

..\s\ssl\statem\statem_clnt.c, xrefs: 00007FFDA347B1F6, 00007FFDA347B259, 00007FFDA347B292
, xrefs: 00007FFDA347B419

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID:
String ID: $..\s\ssl\statem\statem_clnt.c
API String ID: 0-745226041
Opcode ID: 2d5bb378adea2400d7696ae13624d92a5bb514f35b7ba155f8a77dd88cf046aa
Instruction ID: 4e00f7445205055fe0c7a0c0e300fd6ee168f49fbaecd4d0202f8abfa4445d44
Opcode Fuzzy Hash: 2d5bb378adea2400d7696ae13624d92a5bb514f35b7ba155f8a77dd88cf046aa
Instruction Fuzzy Hash: 8B819131B0A74246FB64AB12E4257BA6252EF84BC4F004531DE4DEB787DFBEE5458708

Function 00007FFDA347B630 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 170COMMON

Download Yara Rule

APIs

OPENSSL_cleanse.LIBCRYPTO-1_1(?,?,00000000,?,?,?,00007FFDA347C60E), ref: 00007FFDA347B8C8
OPENSSL_cleanse.LIBCRYPTO-1_1(?,?,00000000,?,?,?,00007FFDA347C60E), ref: 00007FFDA347B8D7
CRYPTO_clear_free.LIBCRYPTO-1_1(?,?,00000000,?,?,?,00007FFDA347C60E), ref: 00007FFDA347B8EB
CRYPTO_clear_free.LIBCRYPTO-1_1(?,?,00000000,?,?,?,00007FFDA347C60E), ref: 00007FFDA347B8FF

Strings

..\s\ssl\statem\statem_clnt.c, xrefs: 00007FFDA347B63E, 00007FFDA347B686, 00007FFDA347B720, 00007FFDA347B754, 00007FFDA347B794

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_cleanseO_clear_free
String ID: ..\s\ssl\statem\statem_clnt.c
API String ID: 778410385-1507966698
Opcode ID: 782c577024c308073a6ec74741b1d5debe862f46147205d64dafe3fd5ca1deea
Instruction ID: 06aee9c3ec46c19d50cc677867d1f249fc6e9a553b02b7e9306f41f8022971fc
Opcode Fuzzy Hash: 782c577024c308073a6ec74741b1d5debe862f46147205d64dafe3fd5ca1deea
Instruction Fuzzy Hash: CE71E532B1D68182F6209B11E8207FAB751FB89BC8F444135EE8DA7796DFBDD1858704

Function 00007FFDA34483F0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

EVP_PKEY_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA344843B
EVP_PKEY_derive_init.LIBCRYPTO-1_1 ref: 00007FFDA3448446
EVP_PKEY_derive_set_peer.LIBCRYPTO-1_1 ref: 00007FFDA3448459
EVP_PKEY_derive.LIBCRYPTO-1_1 ref: 00007FFDA3448470
CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA3448492
EVP_PKEY_derive.LIBCRYPTO-1_1 ref: 00007FFDA34484BB
CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FFDA34485D0
EVP_PKEY_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA34485D8

Strings

..\s\ssl\s3_lib.c, xrefs: 00007FFDA3448482, 00007FFDA344859A, 00007FFDA3448602

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: Y_derive$O_clear_freeO_mallocX_freeX_newY_derive_initY_derive_set_peer
String ID: ..\s\ssl\s3_lib.c
API String ID: 2104848214-4238427508
Opcode ID: d3680417821579d0338fd1fd2f233541748ef9b257303e3de83b838f041bea5a
Instruction ID: 366ea1ccd0859996cc59da4889aa56259d9771832935cbbb5c1b3f4685d8ab6c
Opcode Fuzzy Hash: d3680417821579d0338fd1fd2f233541748ef9b257303e3de83b838f041bea5a
Instruction Fuzzy Hash: DC51D732B0A74242FB64AB12A4202B96792BB84BD4F044431DE5CE7B97DF7EE4418748

Function 00007FFDA343157D Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA3460EE2
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3460F0A
memcpy.VCRUNTIME140 ref: 00007FFDA3460F3B
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3460F66
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3460FA2
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3460FDA
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3461022
memcpy.VCRUNTIME140 ref: 00007FFDA3461050

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FFDA3460ED7, 00007FFDA3460EEF, 00007FFDA3460F5A, 00007FFDA3460F96, 00007FFDA3460FCA, 00007FFDA3460FEA, 00007FFDA3461007

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$memcpy$O_freeO_malloc
String ID: ..\s\ssl\ssl_rsa.c
API String ID: 304038429-2723262194
Opcode ID: ee2b1ca455f7abaebae081c150c37ed4e98fbf117a9246c065abc88b5e49617e
Instruction ID: 2cee929a5acac4d5d480320cac1b7b8b66c315f5f5e50f58b3c093fc6ad89cf6
Opcode Fuzzy Hash: ee2b1ca455f7abaebae081c150c37ed4e98fbf117a9246c065abc88b5e49617e
Instruction Fuzzy Hash: 4B51C331B0E74687EB64DF12D4202A9A756FB85BC4F444431EA4DE7796DFBEE6018308

Function 00007FFDA34562F0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3456322
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3456379
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA34563CD

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA3456318, 00007FFDA3456365, 00007FFDA34563BD, 00007FFDA3456474

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$O_free
String ID: ..\s\ssl\ssl_lib.c
API String ID: 3616133153-1080266419
Opcode ID: 444372937c9b3ce212e059ec336aa4510f7d10820877fde32f7dd1670c1c857f
Instruction ID: 60d03e9558aadd9565598ff95f9ac7f35db59c7b06c95738ea0e9bd91986defc
Opcode Fuzzy Hash: 444372937c9b3ce212e059ec336aa4510f7d10820877fde32f7dd1670c1c857f
Instruction Fuzzy Hash: 12517C72B09B8281E750DF21D8503AD73A1FB85F88F484135DA5C9B79ADFBAD481CB24

Function 00007FFDA3432414 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 415COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA343A610
BIO_clear_flags.LIBCRYPTO-1_1 ref: 00007FFDA343A8FB
BIO_set_flags.LIBCRYPTO-1_1 ref: 00007FFDA343A908
BIO_snprintf.LIBCRYPTO-1_1 ref: 00007FFDA343A9C1
ERR_add_error_data.LIBCRYPTO-1_1 ref: 00007FFDA343A9D7

Part of subcall function 00007FFDA343160E: CRYPTO_THREAD_write_lock.LIBCRYPTO-1_1 ref: 00007FFDA3463712
Part of subcall function 00007FFDA343160E: OPENSSL_LH_retrieve.LIBCRYPTO-1_1 ref: 00007FFDA346371E
Part of subcall function 00007FFDA343160E: OPENSSL_LH_delete.LIBCRYPTO-1_1 ref: 00007FFDA3463737
Part of subcall function 00007FFDA343160E: CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 00007FFDA346375B

memcpy.VCRUNTIME140 ref: 00007FFDA343AB96

Strings

SSL alert number , xrefs: 00007FFDA343A9D0
..\s\ssl\record\rec_layer_d1.c, xrefs: 00007FFDA343A52E, 00007FFDA343A5AF

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: D_unlockD_write_lockH_deleteH_retrieveO_clear_flagsO_freeO_set_flagsO_snprintfR_add_error_datamemcpy
String ID: ..\s\ssl\record\rec_layer_d1.c$SSL alert number
API String ID: 928870745-720991377
Opcode ID: b0756a720c7ca681a88f9697d71b761ad4d16e9e5fe397f34a13d788fcf6975e
Instruction ID: 31cd13e6668565a2ca1af3c85f5ccd8195c7651a9e66e090272499d4fca4f665
Opcode Fuzzy Hash: b0756a720c7ca681a88f9697d71b761ad4d16e9e5fe397f34a13d788fcf6975e
Instruction Fuzzy Hash: 95129632B4A78A85F7689F25D4243B936A2EF44B88F084135DE4D977C6DFBEE4408718

Function 00007FFDA344F660 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 349stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA344F7EA
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA344FA6C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA344FAA4
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344FAF4
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344FB54

Strings

..\s\ssl\ssl_ciph.c, xrefs: 00007FFDA344FAE4, 00007FFDA344FB44
STRENGTH, xrefs: 00007FFDA344FA62
SECLEVEL=, xrefs: 00007FFDA344FA9D

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: strncmp$R_put_error
String ID: ..\s\ssl\ssl_ciph.c$SECLEVEL=$STRENGTH
API String ID: 2707563706-3120971754
Opcode ID: 8e19eabc16801b370c69071912fa1fcb3bcfb1f45c2fa6d02fbc9bc487b033b8
Instruction ID: 5fd694d1b88e74502dd3eb7e61a713eadac62f966423cfbc3f66f30a1b0ffd06
Opcode Fuzzy Hash: 8e19eabc16801b370c69071912fa1fcb3bcfb1f45c2fa6d02fbc9bc487b033b8
Instruction Fuzzy Hash: 0EE1A232B0D2828BE7648E15A06033A77D2FB45784F145136DA8DA7796DBBEE8418F08

Function 00007FFDA3483610 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 321COMMON

Download Yara Rule

APIs

EVP_CIPHER_CTX_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,00007FFDA34833AD), ref: 00007FFDA34836AD
EVP_MD_CTX_free.LIBCRYPTO-1_1(?,?,?,?,?,?,?,00007FFDA34833AD), ref: 00007FFDA34836B6
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34836C8
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34836DA
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34836EB
memcpy.VCRUNTIME140 ref: 00007FFDA34838F3

Strings

..\s\ssl\statem\statem_dtls.c, xrefs: 00007FFDA348364F, 00007FFDA3483959, 00007FFDA3483A0E, 00007FFDA3483A61

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$X_free$memcpy
String ID: ..\s\ssl\statem\statem_dtls.c
API String ID: 1711549817-3140652063
Opcode ID: eee93b2b99a0c562da0f4ea43aec890e32df6fb256bc2f9d70f582cd1f8429fe
Instruction ID: 2eef74aa8c63f41eb756dfee1fd2585806991f63b6d19d8dbcb2c83e88b4a970
Opcode Fuzzy Hash: eee93b2b99a0c562da0f4ea43aec890e32df6fb256bc2f9d70f582cd1f8429fe
Instruction Fuzzy Hash: 8AE1BF22B0978196EB249F21D4603BC77A2FB45788F004035EE8DABB96DF7DD1A1C708

Function 00007FFDA343230B Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 170COMMON

Download Yara Rule

APIs

CRYPTO_memcmp.LIBCRYPTO-1_1 ref: 00007FFDA3475271
memchr.VCRUNTIME140 ref: 00007FFDA34752D5
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3475309
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3475326
CRYPTO_strndup.LIBCRYPTO-1_1 ref: 00007FFDA347533E

Strings

D:\a\1\s\ssl\packet_local.h, xrefs: 00007FFDA3475310, 00007FFDA3475331
..\s\ssl\statem\extensions_srvr.c, xrefs: 00007FFDA34752BD, 00007FFDA34752DA, 00007FFDA3475389, 00007FFDA34753C7
k, xrefs: 00007FFDA34753BF

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$O_memcmpO_strndupmemchr
String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\ssl\packet_local.h$k
API String ID: 2294304191-3589437269
Opcode ID: ea8cefe799719209480436e9e6fe518de4c09b6204fee041a552dd61f934f91e
Instruction ID: f2a862ff1110a1922192c0a0de36d5caf9447ece598b1379868b187e269fbd4b
Opcode Fuzzy Hash: ea8cefe799719209480436e9e6fe518de4c09b6204fee041a552dd61f934f91e
Instruction Fuzzy Hash: 7A611861F0A78546E7608F25E02077D7792FB45784F444134DA4CAB786CFBEE581CB04

Function 00007FFDA34322C5 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 00007FFDA34544F7
CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 00007FFDA3454511
OBJ_nid2sn.LIBCRYPTO-1_1 ref: 00007FFDA345453A
EVP_get_digestbyname.LIBCRYPTO-1_1 ref: 00007FFDA3454542

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA34544E7, 00007FFDA3454502, 00007FFDA3454594, 00007FFDA34545A9, 00007FFDA34545C5

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_zalloc$J_nid2snP_get_digestbyname
String ID: ..\s\ssl\ssl_lib.c
API String ID: 4284552970-1080266419
Opcode ID: f6cc87e6b05e7f55d33cb5daac34941b4575cab0649bc418a77131c6fd7575bc
Instruction ID: 2e322e5ab9cbe4f6f0abb4d230f3389ed3a1c15e6e89c145fe444afefbc1f752
Opcode Fuzzy Hash: f6cc87e6b05e7f55d33cb5daac34941b4575cab0649bc418a77131c6fd7575bc
Instruction Fuzzy Hash: A4312221B0AB9186EB109F25E4613B977A2EF01780F480135EB8D9B787CEBFE551C708

Function 00007FFDA344E090 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

CRYPTO_mem_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA344E0AC
OPENSSL_sk_new.LIBCRYPTO-1_1 ref: 00007FFDA344E0B8
COMP_get_type.LIBCRYPTO-1_1 ref: 00007FFDA344E0C7
CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA344E0F1
OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 00007FFDA344E11E
OPENSSL_sk_sort.LIBCRYPTO-1_1 ref: 00007FFDA344E12A
CRYPTO_mem_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA344E139

Strings

..\s\ssl\ssl_ciph.c, xrefs: 00007FFDA344E0E5

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_mem_ctrl$L_sk_newL_sk_pushL_sk_sortO_mallocP_get_type
String ID: ..\s\ssl\ssl_ciph.c
API String ID: 2525466407-1847046956
Opcode ID: 633e3f8a5b1f2117c4688fb6f59ea72fef34a6c0fab0f04b0c1034370f3ab914
Instruction ID: 8c9e722436e99f3369adc13ccaae3a70ea0cd0901cbe6b9d88f180743ae32b4b
Opcode Fuzzy Hash: 633e3f8a5b1f2117c4688fb6f59ea72fef34a6c0fab0f04b0c1034370f3ab914
Instruction Fuzzy Hash: 3811FA20F0BA0241FA64AB56E8753B8A257AF85780F441435EA4DE73D7DEEEE4908358

Function 00007FFDA3434497 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 391COMMON

Download Yara Rule

APIs

CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 00007FFDA3434624
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA343464A
BIO_set_init.LIBCRYPTO-1_1 ref: 00007FFDA3434661
BIO_set_data.LIBCRYPTO-1_1 ref: 00007FFDA343466C
BIO_clear_flags.LIBCRYPTO-1_1 ref: 00007FFDA3434679

Strings

..\s\ssl\bio_ssl.c, xrefs: 00007FFDA343461D, 00007FFDA3434631
=, xrefs: 00007FFDA3434638

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_clear_flagsO_set_dataO_set_initO_zallocR_put_error
String ID: ..\s\ssl\bio_ssl.c$=
API String ID: 3341103989-3341019427
Opcode ID: 48d02881f3e19af4b2fca5a1682b77c9912c6a67a56c44d3c613b17f343fb1eb
Instruction ID: 36131273fb90299c1aaae196fcd9bfa0d350f8a0b837aff192a939c3221f9948
Opcode Fuzzy Hash: 48d02881f3e19af4b2fca5a1682b77c9912c6a67a56c44d3c613b17f343fb1eb
Instruction Fuzzy Hash: C5113A62B0D18381D7419F29E4702EC7B629B46754F0C8130E78843387DD6ED454CB04

Function 00007FFDA3482350 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240COMMON

Download Yara Rule

APIs

EVP_CIPHER_CTX_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00007FFDA348202D), ref: 00007FFDA34824DA
EVP_MD_CTX_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00007FFDA348202D), ref: 00007FFDA34824E3
CRYPTO_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00007FFDA348202D), ref: 00007FFDA34824F8
CRYPTO_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00007FFDA348202D), ref: 00007FFDA348250E
CRYPTO_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00007FFDA348202D), ref: 00007FFDA3482523

Part of subcall function 00007FFDA3481BE0: CRYPTO_malloc.LIBCRYPTO-1_1(?,00007FFDA3480F48), ref: 00007FFDA3481C1B
Part of subcall function 00007FFDA3481BE0: ERR_put_error.LIBCRYPTO-1_1(?,00007FFDA3480F48), ref: 00007FFDA3481C43

CRYPTO_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00007FFDA348202D), ref: 00007FFDA34826BD

Strings

..\s\ssl\statem\statem_dtls.c, xrefs: 00007FFDA34824EB, 00007FFDA3482501, 00007FFDA3482519, 00007FFDA34826B3

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$X_free$O_mallocR_put_error
String ID: ..\s\ssl\statem\statem_dtls.c
API String ID: 4216106018-3140652063
Opcode ID: 3b5a834cd0931668b7dabf0015a8e798cfc2ec530cd0dbe8395635f56e623f78
Instruction ID: 91fbb465551774750ae93e10d9914436f6c35710740b5efd404477a0e25e3979
Opcode Fuzzy Hash: 3b5a834cd0931668b7dabf0015a8e798cfc2ec530cd0dbe8395635f56e623f78
Instruction Fuzzy Hash: E2B1D272B0AB8583DB20CF15E4602A977A2FB55B84F444232DB8D93B96DF7EE544C704

Function 00007FFDA34313FC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA34887A4
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA348881B
CRYPTO_memcmp.LIBCRYPTO-1_1 ref: 00007FFDA3488917
memcpy.VCRUNTIME140 ref: 00007FFDA348896F
memcpy.VCRUNTIME140 ref: 00007FFDA348898B

Strings

..\s\ssl\statem\statem_lib.c, xrefs: 00007FFDA34887F6, 00007FFDA3488878
l, xrefs: 00007FFDA34887EE

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: memcpy$O_memcmpX_freeX_new
String ID: ..\s\ssl\statem\statem_lib.c$l
API String ID: 1067491572-3956761411
Opcode ID: acda3287ec944384e390f27aac9f73a965c0d0eedbfe8bfcbca0d2146e9d830f
Instruction ID: ec2ca3118773bce463f499a445cf78a3762008528640bffa9304b91511809365
Opcode Fuzzy Hash: acda3287ec944384e390f27aac9f73a965c0d0eedbfe8bfcbca0d2146e9d830f
Instruction Fuzzy Hash: 1791A232B0A64287E7608F15D4603AD37A2FB44F88F184431DA4DA7796CFBED581C745

Function 00007FFDA3490830 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 132COMMON

Download Yara Rule

Strings

D:\a\1\s\ssl\packet_local.h, xrefs: 00007FFDA349090B, 00007FFDA349092A
..\s\ssl\statem\statem_srvr.c, xrefs: 00007FFDA34908CB, 00007FFDA34908ED, 00007FFDA3490953, 00007FFDA3490987, 00007FFDA3490A8E

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID:
String ID: ..\s\ssl\statem\statem_srvr.c$D:\a\1\s\ssl\packet_local.h
API String ID: 0-1534007912
Opcode ID: 8db9a76156c758893337f56ecc400264bf03f8dfbc5887079c12b62c9d52616b
Instruction ID: d42c044d09bfcfba934163d589bd182e488845a03f0cb8d979fb58c242aa0501
Opcode Fuzzy Hash: 8db9a76156c758893337f56ecc400264bf03f8dfbc5887079c12b62c9d52616b
Instruction Fuzzy Hash: 38510672B09A8186F7608B10D4647EDBB62FB84BC8F044131DA8CA7796DFBDD695CB04

Function 00007FFDA3470550 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA3470596
CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA3470606
CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA3470626
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA347068A
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34706A0
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34706C9

Strings

..\s\ssl\statem\extensions_cust.c, xrefs: 00007FFDA3470585, 00007FFDA34705F4, 00007FFDA347060F, 00007FFDA347067D, 00007FFDA3470693, 00007FFDA34706BC

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_memdup
String ID: ..\s\ssl\statem\extensions_cust.c
API String ID: 3962629258-3973221358
Opcode ID: 39bba86c631204e598ff62e639f37f5f73046ccd44f2d89d291084cdaa1d33ad
Instruction ID: 6a2886635608c408cd93a978cbe912d2f88bce5129e53941f101c37f0a88b847
Opcode Fuzzy Hash: 39bba86c631204e598ff62e639f37f5f73046ccd44f2d89d291084cdaa1d33ad
Instruction Fuzzy Hash: 9A418072B0BA4281EA61DF11E4606A9A7A6FB84794F054036DE4C97796EFBED181C304

Function 00007FFDA343218A Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

CONF_parse_list.LIBCRYPTO-1_1 ref: 00007FFDA349877F
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA34987D3

Strings

..\s\ssl\t1_lib.c, xrefs: 00007FFDA34987B6, 00007FFDA34987EF, 00007FFDA3498803, 00007FFDA349886B, 00007FFDA34988A1

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: F_parse_listR_put_error
String ID: ..\s\ssl\t1_lib.c
API String ID: 2930615231-1643863364
Opcode ID: 382398ce1e9e59ad8d39d2fd9efb64de3a1cfd8ab58c05187b18d7c0c9fdcea3
Instruction ID: dfe2a0be686f8fd2173e4b8c69939ca52e98a478aaa35c5300248163c8c59fbf
Opcode Fuzzy Hash: 382398ce1e9e59ad8d39d2fd9efb64de3a1cfd8ab58c05187b18d7c0c9fdcea3
Instruction Fuzzy Hash: BD418E32B0EB9286E720DF15E8607BA7362FB84780F414135D94DA3B86DFBEE5458708

Function 00007FFDA34391C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3439205
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA343921B
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3439265
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA343927B
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34392C5
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34392DB

Strings

..\s\ssl\record\rec_layer_d1.c, xrefs: 00007FFDA34391F4, 00007FFDA343920E, 00007FFDA3439254, 00007FFDA343926E, 00007FFDA34392B4, 00007FFDA34392CE

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free
String ID: ..\s\ssl\record\rec_layer_d1.c
API String ID: 2581946324-1306860146
Opcode ID: fb6124d55f135ef5635896bfe7be1fe4b4baa3c7022afa38b3d420df6c7c7c16
Instruction ID: 2e7c56443200d5bc3119d34d54d9006878c884d31d85563eb1beb111fc2912b1
Opcode Fuzzy Hash: fb6124d55f135ef5635896bfe7be1fe4b4baa3c7022afa38b3d420df6c7c7c16
Instruction Fuzzy Hash: 0C416012F0AB8681EA44EB16C5B027867A2FF85FC8F005531DE0D97757EFAEE4918304

Function 00007FFDA344C280 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 00007FFDA344C29F
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344C2C7
CRYPTO_THREAD_lock_new.LIBCRYPTO-1_1 ref: 00007FFDA344C308
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344C334
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA344C349

Strings

..\s\ssl\ssl_cert.c, xrefs: 00007FFDA344C298, 00007FFDA344C2AC, 00007FFDA344C319, 00007FFDA344C33F
B, xrefs: 00007FFDA344C320

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$D_lock_newO_freeO_zalloc
String ID: ..\s\ssl\ssl_cert.c$B
API String ID: 3411496311-1824687510
Opcode ID: 889f6ff03f0a5cde185c8a82e368881b76037717ce5f1044877cf7ef1abf095c
Instruction ID: d4358ae1d4785cb91e285c984a09f19c258eacad9372be6499525164a50eb507
Opcode Fuzzy Hash: 889f6ff03f0a5cde185c8a82e368881b76037717ce5f1044877cf7ef1abf095c
Instruction Fuzzy Hash: 16118E71B0A74286F7119F61E4213E93792EB44708F880535DD4C9A397EFBEE685CB18

Function 00007FFDA34346C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

BIO_get_data.LIBCRYPTO-1_1 ref: 00007FFDA34346E4
BIO_get_shutdown.LIBCRYPTO-1_1 ref: 00007FFDA34346EF
BIO_get_init.LIBCRYPTO-1_1 ref: 00007FFDA3434708
BIO_clear_flags.LIBCRYPTO-1_1 ref: 00007FFDA3434721
BIO_set_init.LIBCRYPTO-1_1 ref: 00007FFDA343472B
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3434740

Strings

..\s\ssl\bio_ssl.c, xrefs: 00007FFDA3434736

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_clear_flagsO_freeO_get_dataO_get_initO_get_shutdownO_set_init
String ID: ..\s\ssl\bio_ssl.c
API String ID: 3531300166-4039210333
Opcode ID: b42fafa9bfc7a4b513fe56510db0a8dc245545e9252ab44829cdd493434299b0
Instruction ID: c80377600f86b9bfb24ae9a8fef124364518bd37d21d364ecc31edba142ad976
Opcode Fuzzy Hash: b42fafa9bfc7a4b513fe56510db0a8dc245545e9252ab44829cdd493434299b0
Instruction Fuzzy Hash: E9014F50F0BA4741FA58B6A699722B912835F86790F081130FD1EE77CBDF9EE4918218

Function 00007FFDA34314FB Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 178COMMON

Download Yara Rule

APIs

EVP_PKEY_get1_tls_encodedpoint.LIBCRYPTO-1_1 ref: 00007FFDA34721E6
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA347221C
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA347225B
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA34722BE
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34722D1

Strings

..\s\ssl\statem\extensions_srvr.c, xrefs: 00007FFDA34720BE, 00007FFDA347219E, 00007FFDA34721F0, 00007FFDA347224E, 00007FFDA347229D

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeY_free$Y_get1_tls_encodedpoint
String ID: ..\s\ssl\statem\extensions_srvr.c
API String ID: 3595761781-1853348325
Opcode ID: fae162c317aebd6ddf97c05b2bfa3dbbdf0d1709d28723a3ddef04a853f88177
Instruction ID: 65be67e5d2df7a7079b9765b6b6c79f799378e20bcb3ccff432d589e77d0d5cb
Opcode Fuzzy Hash: fae162c317aebd6ddf97c05b2bfa3dbbdf0d1709d28723a3ddef04a853f88177
Instruction Fuzzy Hash: 05719021B0A74685F7249B12F5606BD6792EF85BC4F180030DE4CA7B9BDFAEE541CB08

Function 00007FFDA34320FE Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FFDA349255C

Part of subcall function 00007FFDA3431C08: CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA34488C9
Part of subcall function 00007FFDA3431C08: memset.VCRUNTIME140 ref: 00007FFDA34488F7
Part of subcall function 00007FFDA3431C08: memcpy.VCRUNTIME140 ref: 00007FFDA3448933
Part of subcall function 00007FFDA3431C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FFDA3448956
Part of subcall function 00007FFDA3431C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FFDA34489BD
Part of subcall function 00007FFDA3431C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FFDA3448A38

Strings

..\s\ssl\statem\statem_srvr.c, xrefs: 00007FFDA3492304

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_clear_free$O_mallocmemcpymemset
String ID: ..\s\ssl\statem\statem_srvr.c
API String ID: 2470733610-348624464
Opcode ID: 87e23bd9479a19a585572a2706d0a16145bdd5620c84a5ddc2e0aaeba8d5d462
Instruction ID: 5f6ea086de01c2618501b6b0f159a2f3768bb4ee3dc0d1ef3a112428f7ca5106
Opcode Fuzzy Hash: 87e23bd9479a19a585572a2706d0a16145bdd5620c84a5ddc2e0aaeba8d5d462
Instruction Fuzzy Hash: BC610331B0A68681E7A48B16E4747BD6692EF84B94F084131CE4CAB7D7CFBEE4418708

Function 00007FFDA3432289 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

..\s\ssl\s3_enc.c, xrefs: 00007FFDA344530A, 00007FFDA34453BF

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID:
String ID: ..\s\ssl\s3_enc.c
API String ID: 0-1839494539
Opcode ID: 92ea87f474033a6bd3c870b806afe99ffc5678929a59eff6cda3fd44ead199dd
Instruction ID: f55e652d689f1eca1f802e7a53ccc503b301fcc1760176d24b6a1bbe6865b5f5
Opcode Fuzzy Hash: 92ea87f474033a6bd3c870b806afe99ffc5678929a59eff6cda3fd44ead199dd
Instruction Fuzzy Hash: AC518C32709B8196EB948F26E0903AD77A1FB88B90F144136DF8C97765DF7AD0A5CB04

Function 00007FFDA34311EA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 125COMMON

Download Yara Rule

APIs

CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 00007FFDA3438AB7
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3438AE0

Strings

..\s\ssl\packet.c, xrefs: 00007FFDA3438AA9, 00007FFDA3438AC5, 00007FFDA3438BC5
b, xrefs: 00007FFDA3438ACC

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_zallocR_put_error
String ID: ..\s\ssl\packet.c$b
API String ID: 2718799170-1717309047
Opcode ID: 8bfd1c6c49e0ed3e29f783e3e69fe53ba24d995af492483d6313054a0c38b9bc
Instruction ID: 664ba16e9325f9015e2ebe540ea5c64340452b9f01c8674aac6da058e2a03a96
Opcode Fuzzy Hash: 8bfd1c6c49e0ed3e29f783e3e69fe53ba24d995af492483d6313054a0c38b9bc
Instruction Fuzzy Hash: 7151E762B0AB4A81EF58CB25D56036873A2EB44BA4F104235DA6C933D6DFBED844C348

Function 00007FFDA3491060 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

BN_bin2bn.LIBCRYPTO-1_1 ref: 00007FFDA34910BF
BN_ucmp.LIBCRYPTO-1_1 ref: 00007FFDA34910EE
BN_is_zero.LIBCRYPTO-1_1 ref: 00007FFDA3491102
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA349112D
CRYPTO_strdup.LIBCRYPTO-1_1 ref: 00007FFDA3491142

Strings

..\s\ssl\statem\statem_srvr.c, xrefs: 00007FFDA3491116, 00007FFDA34911C0

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: N_bin2bnN_is_zeroN_ucmpO_freeO_strdup
String ID: ..\s\ssl\statem\statem_srvr.c
API String ID: 3996552382-348624464
Opcode ID: 9b0eda87b6ec77cfa6a07f02b90028ce4069eafe86289c25d00f66e17d780532
Instruction ID: 367808af851d13c7c20900f459b6a28f5f7df4f0b8ff751c70386a2d6d7082c4
Opcode Fuzzy Hash: 9b0eda87b6ec77cfa6a07f02b90028ce4069eafe86289c25d00f66e17d780532
Instruction Fuzzy Hash: C6312732709A8281EB60CF21E8657BD67A2FB84B88F044131DE4CDB796DF7ED5918704

Function 00007FFDA3431438 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA34985DC
CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA34985FE
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3498626

Strings

..\s\ssl\t1_lib.c, xrefs: 00007FFDA34985BF, 00007FFDA34985F7, 00007FFDA349860B, 00007FFDA349866B, 00007FFDA34986A3

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$O_malloc
String ID: ..\s\ssl\t1_lib.c
API String ID: 1108683871-1643863364
Opcode ID: a60fca56b0b3966003a55dc8342f5ccc0e6a6bb1fb1fe784f160ef7a5e08ebe3
Instruction ID: 7f038547124a15c0927cca7de134d6b81d620a36db480d478eb3d3ec10f501d1
Opcode Fuzzy Hash: a60fca56b0b3966003a55dc8342f5ccc0e6a6bb1fb1fe784f160ef7a5e08ebe3
Instruction Fuzzy Hash: 1C310032B0E75686E720CF55E8207BAA252EB44780F414431EA4DD7B96EFFEE5058708

Function 00007FFDA3431195 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA349941A
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3499442

Strings

..\s\ssl\t1_lib.c, xrefs: 00007FFDA34993F1, 00007FFDA3499427, 00007FFDA3499459

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_mallocR_put_error
String ID: ..\s\ssl\t1_lib.c
API String ID: 2513334388-1643863364
Opcode ID: 98af37487f8f3ef961c090f28ff60e57766f8aa80a98076616169e6bb4540e77
Instruction ID: 9f2344d1b54ee10ba390cc835108b939394dbc2afd89425e3326a44aa4aefe71
Opcode Fuzzy Hash: 98af37487f8f3ef961c090f28ff60e57766f8aa80a98076616169e6bb4540e77
Instruction Fuzzy Hash: CC316B32B0E78285E7609F12E4207EA7366EB84B84F444135DE8D97B46DF7EE144C704

Function 00007FFDA343243C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA3460D77
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3460D9F
memcpy.VCRUNTIME140 ref: 00007FFDA3460DD0
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3460DFB
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3460E21

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FFDA3460D61, 00007FFDA3460D84, 00007FFDA3460DEF, 00007FFDA3460E11

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$O_freeO_mallocmemcpy
String ID: ..\s\ssl\ssl_rsa.c
API String ID: 1339073354-2723262194
Opcode ID: 381eec62572a7176f42a0262f48d9dde064d866098110c050ba8ec69db1db139
Instruction ID: 0169e9e183bd07e778e89ff58439de6e2d2e1d204faa060ecc897ffe87558104
Opcode Fuzzy Hash: 381eec62572a7176f42a0262f48d9dde064d866098110c050ba8ec69db1db139
Instruction Fuzzy Hash: 6421B461B0E64586EB50EF12E5202A9ABA2FF857C0F444031EF4C97B97DFBED5108708

Function 00007FFDA343221B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA3498A21
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3498A49
memcpy.VCRUNTIME140 ref: 00007FFDA3498A5B
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3498A79

Strings

..\s\ssl\t1_lib.c, xrefs: 00007FFDA3498A11, 00007FFDA3498A2E, 00007FFDA3498A60

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_mallocR_put_errormemcpy
String ID: ..\s\ssl\t1_lib.c
API String ID: 92311482-1643863364
Opcode ID: 5ca80b6831d56479da9b61cdfef64967fe1f7eaead0a4867cde06b1e05385972
Instruction ID: 0225830822eaf85cc4a74e92f6859f52a434d01dd8e7a34e83f91d2e188f6b20
Opcode Fuzzy Hash: 5ca80b6831d56479da9b61cdfef64967fe1f7eaead0a4867cde06b1e05385972
Instruction Fuzzy Hash: 1D216F31B0E74285E7109F16E4202AA7752FB45BD4F444435EE4C97B4ADFBEE1458718

Function 00007FFDA3432063 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

EVP_PKEY_get1_tls_encodedpoint.LIBCRYPTO-1_1 ref: 00007FFDA346BBC6
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA346BC45
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA346BCC1
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA346BCD4

Strings

..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FFDA346BB11, 00007FFDA346BB8F, 00007FFDA346BC36, 00007FFDA346BC8E, 00007FFDA346BCEB

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$Y_freeY_get1_tls_encodedpoint
String ID: ..\s\ssl\statem\extensions_clnt.c
API String ID: 4042585043-592572767
Opcode ID: 2bcc911db4a72dfc2b0e7a29b7c82d8670fc5e786f8c662df42f5cbbbc828d64
Instruction ID: 0f12aa5774f8ed4539d033d403bf893b5dd455e7bc4d9d4d59088fe100e4b4eb
Opcode Fuzzy Hash: 2bcc911db4a72dfc2b0e7a29b7c82d8670fc5e786f8c662df42f5cbbbc828d64
Instruction Fuzzy Hash: 0671933170D75186EA649F12D8603BA7792FB85B80F084035EE4DA7B9ADF7EE5118708

Function 00007FFDA34676F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 164COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34677CB
CRYPTO_strdup.LIBCRYPTO-1_1 ref: 00007FFDA34677E0
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34678CD

Strings

p, xrefs: 00007FFDA346770E
..\s\ssl\statem\extensions.c, xrefs: 00007FFDA346778E, 00007FFDA3467982

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$O_strdup
String ID: ..\s\ssl\statem\extensions.c$p
API String ID: 3211362174-2468000666
Opcode ID: 2068a348a5a17e172b9380dba34c8c5b6710b03b8af4628bf303ad2f3fc6c35a
Instruction ID: ecbcd8dd66f479985c834fcd124bcdce6de09acec4853879b1292a38f7a0f143
Opcode Fuzzy Hash: 2068a348a5a17e172b9380dba34c8c5b6710b03b8af4628bf303ad2f3fc6c35a
Instruction Fuzzy Hash: 9A71B332B0A64285F7609F15D4603B93B93EB80B84F081135DE4CA7796CFBEE555CB48

Function 00007FFDA343176C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA346DB41
CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA346DB51

Strings

..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FFDA346DA9B, 00007FFDA346DB2A, 00007FFDA346DCCC

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_malloc
String ID: ..\s\ssl\statem\extensions_clnt.c
API String ID: 2609694610-592572767
Opcode ID: eb8646cc14ad7946747ce7eb3af944775ceab7122389636ce27dacd7aa004322
Instruction ID: 235eebeef392d39802651ab5086d494daaeeab83d2569d74b4b9a197fb398aa8
Opcode Fuzzy Hash: eb8646cc14ad7946747ce7eb3af944775ceab7122389636ce27dacd7aa004322
Instruction Fuzzy Hash: 24618D72709B8185E750CF11D4A02AD77A6FB85BD8F084235DA4C97B9ACFBED2A1C704

Function 00007FFDA3431479 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 122COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3473191
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34731D0
CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA34731F6

Strings

D:\a\1\s\ssl\packet_local.h, xrefs: 00007FFDA347319D, 00007FFDA34731DC
..\s\ssl\statem\extensions_srvr.c, xrefs: 00007FFDA3473170, 00007FFDA3473265, 00007FFDA3473294

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$O_memdup
String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\ssl\packet_local.h
API String ID: 3545228654-2178723975
Opcode ID: 6b1fb058464558bf4c2905c61fd578a9dd662c9e315f15e99a82039453d78e0a
Instruction ID: d0b789ab4085e2c05e0eb55d5b6f9cffed20a4151461695ba4f3e35c36fdf7ba
Opcode Fuzzy Hash: 6b1fb058464558bf4c2905c61fd578a9dd662c9e315f15e99a82039453d78e0a
Instruction Fuzzy Hash: E251E272B19BC282E7648F25E4107E977A2FB45B84F044134EA8CA7B56CFBDE291C704

Function 00007FFDA343132A Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

APIs

CRYPTO_THREAD_read_lock.LIBCRYPTO-1_1 ref: 00007FFDA3464D37
CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 00007FFDA3464D72
CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 00007FFDA3464D7E
memset.VCRUNTIME140 ref: 00007FFDA3464D93

Strings

..\s\ssl\ssl_sess.c, xrefs: 00007FFDA3464CAD, 00007FFDA3464E2D

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: D_unlock$D_read_lockmemset
String ID: ..\s\ssl\ssl_sess.c
API String ID: 229716220-2868363209
Opcode ID: 388a0833509183cc25da2882dab4e5f1c8b99a13d93ed3c32a49070179191ef0
Instruction ID: f9b2405b6ed3e5708b5abe5a1ae38568fdac85fe86224eadbf37e19ed9f765ea
Opcode Fuzzy Hash: 388a0833509183cc25da2882dab4e5f1c8b99a13d93ed3c32a49070179191ef0
Instruction Fuzzy Hash: 4451D932B1DA8185EB648F15E4653F963A1FB84B84F140031DB4C9BB96EFBED6618708

Function 00007FFDA3431762 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3454698
CRYPTO_realloc.LIBCRYPTO-1_1 ref: 00007FFDA34546ED
CRYPTO_realloc.LIBCRYPTO-1_1 ref: 00007FFDA3454722
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345474C

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345467D, 00007FFDA34546E6, 00007FFDA345470B, 00007FFDA345473C

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_reallocR_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1389097454-1080266419
Opcode ID: 27a81299e4397cce453b4bb35cf925dfa7061ef0ef0b4ee9c43420466c295b87
Instruction ID: 5c8e3eeb3e38991088347e1c2b00bfd523ff559ac843b27d22d8794806cb8475
Opcode Fuzzy Hash: 27a81299e4397cce453b4bb35cf925dfa7061ef0ef0b4ee9c43420466c295b87
Instruction Fuzzy Hash: 72312232B0A78597E715CF25A8102BA7791FB05B88F440131EE5CA77A2DF7EE562C708

Function 00007FFDA3432298 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA345546F
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3455497
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34554C3
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3455507

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA3455466, 00007FFDA345547C, 00007FFDA34554B6, 00007FFDA34554FA

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$O_memdupR_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 864655289-1080266419
Opcode ID: 664e1de1e675a6c1586ef9858d97950876fe17865ec3ff71ba134caa316c6ff8
Instruction ID: 5636481f0978355f06453138c4db609ab14eec32bdd5c9d6ff0d77874b1f099e
Opcode Fuzzy Hash: 664e1de1e675a6c1586ef9858d97950876fe17865ec3ff71ba134caa316c6ff8
Instruction Fuzzy Hash: 4C21D635F1A69282EB108B21E4217787762FF41789F540071DE0DA7B96DF6FE542C708

Function 00007FFDA34313B6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA3498347
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA349836F
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34983E7
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34983F7

Strings

..\s\ssl\t1_lib.c, xrefs: 00007FFDA3498331, 00007FFDA3498354, 00007FFDA34983D2

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$O_mallocR_put_error
String ID: ..\s\ssl\t1_lib.c
API String ID: 2563039504-1643863364
Opcode ID: f48377fe411956e23c2321321ebbe80bd26c650d6c1dc80da4a23891d7b107f2
Instruction ID: 4a8720a43fd2b52e09ed6b424c2e7b4280af25ea0431ca2167eeeea4579e7582
Opcode Fuzzy Hash: f48377fe411956e23c2321321ebbe80bd26c650d6c1dc80da4a23891d7b107f2
Instruction Fuzzy Hash: C031A432B0EB5681E720CB15D4202A9B762EB89B84F454031DA5CD3B97EFBFE551C708

Function 00007FFDA3431073 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345348A
CRYPTO_THREAD_run_once.LIBCRYPTO-1_1 ref: 00007FFDA34534C9
CRYPTO_THREAD_run_once.LIBCRYPTO-1_1 ref: 00007FFDA34534F4
CRYPTO_THREAD_run_once.LIBCRYPTO-1_1 ref: 00007FFDA345351D

Strings

..\s\ssl\ssl_init.c, xrefs: 00007FFDA3453465

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: D_run_once$R_put_error
String ID: ..\s\ssl\ssl_init.c
API String ID: 511881677-1166085723
Opcode ID: b6486afcc2948308af3d46dab6f91d643cdf533d18b32615e64ce4e50eae642a
Instruction ID: 63d9b33561ac6542fdffdb195815e8ef47a23831eb460891328c1db4dc33b889
Opcode Fuzzy Hash: b6486afcc2948308af3d46dab6f91d643cdf533d18b32615e64ce4e50eae642a
Instruction Fuzzy Hash: B3215021F0A70386FB558B19E9603B56392AF85344F484434E90EE6397EEBEED518718

Function 00007FFDA343236A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA346462B
CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA346464B
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3464677
memcpy.VCRUNTIME140 ref: 00007FFDA34646C0

Strings

..\s\ssl\ssl_sess.c, xrefs: 00007FFDA3464614, 00007FFDA3464644, 00007FFDA346465C

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_mallocR_put_errormemcpy
String ID: ..\s\ssl\ssl_sess.c
API String ID: 92311482-2868363209
Opcode ID: b07a6821eb3aac88ff818e32af481811fceebcac28d8e0a41e6ba6b0370d1c36
Instruction ID: 369c7788a3591dd8859d785f03be970ed81868acbb3f8e84c56c11b0e4fb59d5
Opcode Fuzzy Hash: b07a6821eb3aac88ff818e32af481811fceebcac28d8e0a41e6ba6b0370d1c36
Instruction Fuzzy Hash: 9D21733670AB8181FB108F15E4602A97762FB84B84F544031DF8CA77AADF7ED552C708

Function 00007FFDA3431235 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

X509_free.LIBCRYPTO-1_1 ref: 00007FFDA344B8D4
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA344B8E1
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA344B8F4
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA344B90D

Strings

..\s\ssl\ssl_cert.c, xrefs: 00007FFDA344B8FD

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_pop_freeO_freeX509_freeY_free
String ID: ..\s\ssl\ssl_cert.c
API String ID: 1247630535-349359282
Opcode ID: 6386c60520db15d77945b03bba99298406683d385e03fec6b8e3265512c2371a
Instruction ID: 0f09ca0285568e0eb7c0a1db54cf31bb4e2101d78729b608562275eb3b6a07ad
Opcode Fuzzy Hash: 6386c60520db15d77945b03bba99298406683d385e03fec6b8e3265512c2371a
Instruction Fuzzy Hash: 7B018E32B1AB55C2EB109B20E06016C7365FB84F88F040131FA8DA7B4ACFBED151C704

Function 00007FFDA34524E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3452520
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3452540
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA3452553
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3452568

Strings

..\s\ssl\ssl_conf.c, xrefs: 00007FFDA3452513, 00007FFDA3452533, 00007FFDA345255E

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$L_sk_pop_free
String ID: ..\s\ssl\ssl_conf.c
API String ID: 1650471521-1527728938
Opcode ID: 931636c360a65359e9d0292b47e619b5ca8f2a780e46915865d3cef0e9c9ef19
Instruction ID: 932d379dc4f50f5f3c9a8201aeeb369e75b4bdea0f9f4138dbabf552e473893e
Opcode Fuzzy Hash: 931636c360a65359e9d0292b47e619b5ca8f2a780e46915865d3cef0e9c9ef19
Instruction Fuzzy Hash: EE01F531F1AA4282EA50AB11E4601A86752EF45BC0F445032EE8EA774BCFAEE201C704

Function 00007FFDA3431163 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA3481B69
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3481B7F
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3481B95
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3481BAA

Strings

..\s\ssl\statem\statem_dtls.c, xrefs: 00007FFDA3481B72, 00007FFDA3481B88, 00007FFDA3481BA0

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$X_free
String ID: ..\s\ssl\statem\statem_dtls.c
API String ID: 306345296-3140652063
Opcode ID: ddd1d655efd517bf278021314f564e345f499b3705739dc7927a7ece4a56c458
Instruction ID: 16d4d1deacb6e3e2533bec8ef90245e7903a6e9a46629a3b6d55ff8466102940
Opcode Fuzzy Hash: ddd1d655efd517bf278021314f564e345f499b3705739dc7927a7ece4a56c458
Instruction Fuzzy Hash: 5CF03721F0A70685EE60AF65C4727B81723AF84B88F001031E90DAA797DEAFE9518748

Function 00007FFDA343115E Relevance: 7.6, APIs: 5, Instructions: 138COMMON

Download Yara Rule

APIs

OPENSSL_LH_insert.LIBCRYPTO-1_1 ref: 00007FFDA3463392
OPENSSL_LH_retrieve.LIBCRYPTO-1_1 ref: 00007FFDA3463406
OPENSSL_LH_retrieve.LIBCRYPTO-1_1 ref: 00007FFDA34634C2
OPENSSL_LH_delete.LIBCRYPTO-1_1 ref: 00007FFDA34634D9
CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 00007FFDA346355B

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: H_retrieve$D_unlockH_deleteH_insert
String ID:
API String ID: 4154705611-0
Opcode ID: ef00bc662ad6cce81866e89ec6202eb39af8bec5e5caa04e9d4798c404c00d17
Instruction ID: 346a0cc290711719d5b43fb9e338eae7570178a34290486b3e9e47009334285e
Opcode Fuzzy Hash: ef00bc662ad6cce81866e89ec6202eb39af8bec5e5caa04e9d4798c404c00d17
Instruction Fuzzy Hash: 3F51A83270A7C241EB699F1195657B97262EF88BC0F045031EE0DA7797DFBEE4608744

Function 00007FFDA343135C Relevance: 7.6, APIs: 5, Instructions: 81COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FFDA3464931
CRYPTO_THREAD_read_lock.LIBCRYPTO-1_1 ref: 00007FFDA3464945
OPENSSL_LH_retrieve.LIBCRYPTO-1_1 ref: 00007FFDA346495A
CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 00007FFDA346497C

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: D_read_lockD_unlockH_retrievememcpy
String ID:
API String ID: 2272600717-0
Opcode ID: acef7fdb32935ee9e8aaafb947195d1895c2ee5faa9f76884614c5a2f208f76e
Instruction ID: 0eeb8aee90d5d712b42cce1e187032105cc7ae0ff638b8b1e5bd445a28150023
Opcode Fuzzy Hash: acef7fdb32935ee9e8aaafb947195d1895c2ee5faa9f76884614c5a2f208f76e
Instruction Fuzzy Hash: 6B31E832B0A68196EAA59F15D4613B973A1FB88B84F045031EE0D97353EF7EE465CB08

Function 00007FFDA343E0B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108COMMON

Download Yara Rule

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA343E132
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA343E1DB
CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA343E1EF

Strings

..\s\ssl\record\ssl3_buffer.c, xrefs: 00007FFDA343E0D5

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_malloc$O_free
String ID: ..\s\ssl\record\ssl3_buffer.c
API String ID: 2640950527-837614940
Opcode ID: 5d6f95ccacfe45074b3a6827aea4c6884d23f0c9dfbb37b1fe6a428fc8b8b540
Instruction ID: 1fa4f04bf4cf463fc1e459d0baab4954a8f90c37de6d22417bc64728367bf2e9
Opcode Fuzzy Hash: 5d6f95ccacfe45074b3a6827aea4c6884d23f0c9dfbb37b1fe6a428fc8b8b540
Instruction Fuzzy Hash: 9841D533B0AB8585FB649F21D9503A963E2FB44B84F044434DE4C97B8ACFBED5918708

Function 00007FFDA348B77C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA348B834
CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA348B859

Strings

D:\a\1\s\ssl\packet_local.h, xrefs: 00007FFDA348B827, 00007FFDA348B84D
..\s\ssl\statem\statem_srvr.c, xrefs: 00007FFDA348B86A, 00007FFDA348B8E8

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_memdup
String ID: ..\s\ssl\statem\statem_srvr.c$D:\a\1\s\ssl\packet_local.h
API String ID: 3962629258-1534007912
Opcode ID: 80ab33d1ed7fdfbc885bfd1539872b7148a4a53948f03765f5d25412706f3b7d
Instruction ID: c55332dad7c753782c7f0370e08206eb6efa72a5d57c88cf42ea0ffba1f7f80a
Opcode Fuzzy Hash: 80ab33d1ed7fdfbc885bfd1539872b7148a4a53948f03765f5d25412706f3b7d
Instruction Fuzzy Hash: 5741E232B1ABC186E7018F11F4502A9B3A5FB84794F084235EE8D67B5ADFBDD1918704

Function 00007FFDA3432225 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 99COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3492864
CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA3492889

Strings

D:\a\1\s\ssl\packet_local.h, xrefs: 00007FFDA3492852, 00007FFDA349287D
..\s\ssl\statem\statem_srvr.c, xrefs: 00007FFDA349289A, 00007FFDA3492903

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_memdup
String ID: ..\s\ssl\statem\statem_srvr.c$D:\a\1\s\ssl\packet_local.h
API String ID: 3962629258-1534007912
Opcode ID: 407877f993f5957567c7eff96717ca41fb7b45d1e2b29fb543a4a146f498fde5
Instruction ID: 99693c0ff93f9f901559e5de856674ca180d24a81d15d2413efd7f355724a9f1
Opcode Fuzzy Hash: 407877f993f5957567c7eff96717ca41fb7b45d1e2b29fb543a4a146f498fde5
Instruction Fuzzy Hash: 5F41B172B1AB8186E740DF21F8102B9B3A2FB88784F044235EE8D97B56EF7DD1908704

Function 00007FFDA34384C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 00007FFDA34384F5
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA343851D
BUF_MEM_grow.LIBCRYPTO-1_1 ref: 00007FFDA34385CB

Strings

..\s\ssl\packet.c, xrefs: 00007FFDA34384EB, 00007FFDA3438502

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: M_growO_zallocR_put_error
String ID: ..\s\ssl\packet.c
API String ID: 1461889847-1434567093
Opcode ID: b9ab6d090586272394edd892f959be5b6ddac8f4c20c47d27eb5d487ae62c8a4
Instruction ID: becbbae4a957562b6bc098d08f75ebeb1cc634d3fba6298f5dd20e5c820939cd
Opcode Fuzzy Hash: b9ab6d090586272394edd892f959be5b6ddac8f4c20c47d27eb5d487ae62c8a4
Instruction Fuzzy Hash: 9041C136B0AA4981DF58CF25E160368A3A1EB48BE8F144235DB6D937D9DF7DE494C304

Function 00007FFDA34320B8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA346E0F6
CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA346E107

Strings

..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FFDA346E0BD, 00007FFDA346E157

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_malloc
String ID: ..\s\ssl\statem\extensions_clnt.c
API String ID: 2609694610-592572767
Opcode ID: cca2de04ba0feca436f0a1cad2116421527d1edd7d11520962775640408254e4
Instruction ID: ef309fc29c2b04659d1a5bde02eb81f9d55c94e0664bbd13c0621d8653e65966
Opcode Fuzzy Hash: cca2de04ba0feca436f0a1cad2116421527d1edd7d11520962775640408254e4
Instruction Fuzzy Hash: 2231C531B0EB8186E6109F11E5107A9B792FB45B84F544134FA8DA7B4ADFBEE1A18708

Function 00007FFDA34323BF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3473DF0
CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA3473E17

Strings

D:\a\1\s\ssl\packet_local.h, xrefs: 00007FFDA3473DE3, 00007FFDA3473DF7
..\s\ssl\statem\extensions_srvr.c, xrefs: 00007FFDA3473E6B

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_memdup
String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\ssl\packet_local.h
API String ID: 3962629258-2178723975
Opcode ID: f4b837671daaa92fea9f211cdbc46477b9ff1f0981087d9524017b75cdb67680
Instruction ID: bdd5f5b68aed00d7c9e605b78f5c1795deb890dc0a16b45bbe9d3393b7fd985d
Opcode Fuzzy Hash: f4b837671daaa92fea9f211cdbc46477b9ff1f0981087d9524017b75cdb67680
Instruction Fuzzy Hash: 5331D331B1AB8186E7508F55E4106A9B3A5FB48B84F044131FA8CA7B46DFBDE5A1C708

Function 00007FFDA3431433 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34757FD
CRYPTO_strndup.LIBCRYPTO-1_1 ref: 00007FFDA3475814

Strings

D:\a\1\s\ssl\packet_local.h, xrefs: 00007FFDA34757F0, 00007FFDA3475808
..\s\ssl\statem\extensions_srvr.c, xrefs: 00007FFDA347585C

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_strndup
String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\ssl\packet_local.h
API String ID: 2641571835-2178723975
Opcode ID: fcee9eadaca51539a45dcda8eb672fdacef15e300b0d60578eaf6bdbd41ffe83
Instruction ID: e00eff728f943ed8efa4e95bdab5fdecc55d2295dabc1c66b800a14893e1e34b
Opcode Fuzzy Hash: fcee9eadaca51539a45dcda8eb672fdacef15e300b0d60578eaf6bdbd41ffe83
Instruction Fuzzy Hash: A7210821F09B8582EB108F51E0506ACA7A1FB44784F444130EE4C77B4AEFBDE6918B04

Function 00007FFDA3432527 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3455EF1
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3455F1E
CRYPTO_strdup.LIBCRYPTO-1_1 ref: 00007FFDA3455F38

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA3455EE1, 00007FFDA3455F0A, 00007FFDA3455F2E

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_strdupR_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 626504629-1080266419
Opcode ID: 2e5d81b06acebd788debb9edc7641dd4caf21a2a058c8d077125d40b1fb4539e
Instruction ID: bb1694bcfac6fa3b97173ae233c83b011a55ffa7edec1563cc8b6e4cbcac7412
Opcode Fuzzy Hash: 2e5d81b06acebd788debb9edc7641dd4caf21a2a058c8d077125d40b1fb4539e
Instruction Fuzzy Hash: 82219D72F1A78185EB908B25E4643B963A2EB44780F584031EB5DD7793DFAFD9928308

Function 00007FFDA34316D1 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 00007FFDA3438AB7
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3438AE0

Strings

..\s\ssl\packet.c, xrefs: 00007FFDA3438AA9, 00007FFDA3438AC5
b, xrefs: 00007FFDA3438ACC

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_zallocR_put_error
String ID: ..\s\ssl\packet.c$b
API String ID: 2718799170-1717309047
Opcode ID: 9e3c9b02cdd7487c8e4c923fd5af88dd4b70a938f531f83c6002c558dc9a183e
Instruction ID: 309287c732013ce1120aec81ca9a6473a4643c58cac2195320feb9403c642979
Opcode Fuzzy Hash: 9e3c9b02cdd7487c8e4c923fd5af88dd4b70a938f531f83c6002c558dc9a183e
Instruction Fuzzy Hash: BC215B32F0AB4681EB589B15E4613BD73A2EB54794F504230DA5C833D2EFBED54AC744

Function 00007FFDA3439600 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA3439624
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA343964C

Strings

..\s\ssl\record\rec_layer_d1.c, xrefs: 00007FFDA343961D, 00007FFDA3439631, 00007FFDA34396C2

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_mallocR_put_error
String ID: ..\s\ssl\record\rec_layer_d1.c
API String ID: 2513334388-1306860146
Opcode ID: 38f68014c77433bbac02038e11e1501a15db1aa3c0bb54ab6977a84acc10ae29
Instruction ID: 59245fb4ad2a2d95d71cbc43287074f9266869582b21aec594fa324e9345eeab
Opcode Fuzzy Hash: 38f68014c77433bbac02038e11e1501a15db1aa3c0bb54ab6977a84acc10ae29
Instruction Fuzzy Hash: 70218321B0A64685EB58EB25E4613AD73A2FF44748F440435EA4C97797EFBFE450C708

Function 00007FFDA34842B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON

Download Yara Rule

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA34842F7
memcpy.VCRUNTIME140 ref: 00007FFDA348436D

Strings

..\s\ssl\statem\statem_lib.c, xrefs: 00007FFDA34842DA
J, xrefs: 00007FFDA3484304

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_mallocmemcpy
String ID: ..\s\ssl\statem\statem_lib.c$J
API String ID: 1834057931-671735911
Opcode ID: 37713a3698048384b62e0bcc14911b4e64fa5199b032d8d9ccdff18af6216127
Instruction ID: 26b15cbf154e4483138af277a602242134de993a889096a416731b05ce2ea3b4
Opcode Fuzzy Hash: 37713a3698048384b62e0bcc14911b4e64fa5199b032d8d9ccdff18af6216127
Instruction Fuzzy Hash: 4C21B322B09B8192E610CF21E5112A9B721FB98BC4F459231EF8C53717DF79E2D5C704

Function 00007FFDA3431348 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON

Download Yara Rule

APIs

CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 00007FFDA3437CE2
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3437D0B

Strings

b, xrefs: 00007FFDA3437CF7
..\s\ssl\packet.c, xrefs: 00007FFDA3437CC8, 00007FFDA3437CF0

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_zallocR_put_error
String ID: ..\s\ssl\packet.c$b
API String ID: 2718799170-1717309047
Opcode ID: 6ae20484bfb20e4ee5ab68dca70402d998c57f2a8e63ae3c30c55c3204c57f2d
Instruction ID: 0bd4a9e8ec537cca6d581e0a506dd42f1797630434a94f5dbc24440194c73831
Opcode Fuzzy Hash: 6ae20484bfb20e4ee5ab68dca70402d998c57f2a8e63ae3c30c55c3204c57f2d
Instruction Fuzzy Hash: 1201D232B0AB4182E7148F19E0501A873A2FB44768F644235EBAC877D6EF7ED966C704

Function 00007FFDA343160E Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

CRYPTO_THREAD_write_lock.LIBCRYPTO-1_1 ref: 00007FFDA3463712
OPENSSL_LH_retrieve.LIBCRYPTO-1_1 ref: 00007FFDA346371E
OPENSSL_LH_delete.LIBCRYPTO-1_1 ref: 00007FFDA3463737
CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 00007FFDA346375B

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: D_unlockD_write_lockH_deleteH_retrieve
String ID:
API String ID: 3040165603-0
Opcode ID: c3cdafdaa93c574d323f8a73eaae8b815257cf03d91e29236b27dd5491d69592
Instruction ID: 64ea4995b939fec5db0e12a7d5aecdb43f34cec5e8ba77eb6c0b12b68ad914bb
Opcode Fuzzy Hash: c3cdafdaa93c574d323f8a73eaae8b815257cf03d91e29236b27dd5491d69592
Instruction Fuzzy Hash: 3B11B76170A7C186EAA4DF56E060269A391EF88BC0F084035FF4D9B797DF6DE4514704

Function 00007FFDA34594F0 Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FFDA345953F
CRYPTO_THREAD_read_lock.LIBCRYPTO-1_1 ref: 00007FFDA3459552
OPENSSL_LH_retrieve.LIBCRYPTO-1_1 ref: 00007FFDA3459567
CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 00007FFDA345957D

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: D_read_lockD_unlockH_retrievememcpy
String ID:
API String ID: 2272600717-0
Opcode ID: 1844d258c4c38858c0470adf3cf7b6aea6062234b99ea9a8e60a34ada7e94daa
Instruction ID: 02406762eaa6b3fc4648e0c0807a13a8c672630c0e341877d2964f77b458c97d
Opcode Fuzzy Hash: 1844d258c4c38858c0470adf3cf7b6aea6062234b99ea9a8e60a34ada7e94daa
Instruction Fuzzy Hash: 6711E522B0DB8586EBF4DB25E4A53AC6361FB88780F400131DA4DC7712DE2DE0A18B04

Function 00007FFDA3432469 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA346CD76
memcpy.VCRUNTIME140 ref: 00007FFDA346CDCD

Strings

..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FFDA346CD0A

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_mallocmemcpy
String ID: ..\s\ssl\statem\extensions_clnt.c
API String ID: 1834057931-592572767
Opcode ID: 0d09c9596a59387e5bb8f6d64925e1cbc2c8b3712f0a1e274c0006f8724a75c5
Instruction ID: 2b2970d87977135bd359354adcb95efa0b1daf8e4229bf55c484a729a9d74c8e
Opcode Fuzzy Hash: 0d09c9596a59387e5bb8f6d64925e1cbc2c8b3712f0a1e274c0006f8724a75c5
Instruction Fuzzy Hash: FB417F22B0E64581FB648F15D4643B977A2FB44F80F088035DA4CA77A6CFBEE861C744

Function 00007FFDA343163B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA346EF55
CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA346EF7F

Strings

..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FFDA346EF3E, 00007FFDA346F022

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_malloc
String ID: ..\s\ssl\statem\extensions_clnt.c
API String ID: 2609694610-592572767
Opcode ID: d537f46a34cc54c0946058947e7f47ea5ad5f8a6d1efa7543ff9fbe6ea632e63
Instruction ID: 5055f6d1371e7ccc262501c15d5ee3c80846b370fbc18b88828eb2b6090e9f1c
Opcode Fuzzy Hash: d537f46a34cc54c0946058947e7f47ea5ad5f8a6d1efa7543ff9fbe6ea632e63
Instruction Fuzzy Hash: 9B41E621B0AB8181E764DF11D41036E6796FB84BC4F184435EE8CA7B9ADFBEE551C708

Function 00007FFDA3431115 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON

Download Yara Rule

APIs

CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 00007FFDA3436A6D

Strings

..\s\ssl\d1_lib.c, xrefs: 00007FFDA3436A61, 00007FFDA3436B1E

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_zalloc
String ID: ..\s\ssl\d1_lib.c
API String ID: 1208671065-490761327
Opcode ID: 28f9119c5caf164465fd74d6e729c258f395a4d0896097b6db490913d52f5645
Instruction ID: 74e2318636067667d4d7a5c53c8212c73ca048533929464663e8709599a56a80
Opcode Fuzzy Hash: 28f9119c5caf164465fd74d6e729c258f395a4d0896097b6db490913d52f5645
Instruction Fuzzy Hash: 5F319A61B1A78681FA4CAB6195A13F96391EF49784F041030EE4ED7787DF7DE4A1C708

Function 00007FFDA3479178 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA347924E
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA347928E

Strings

..\s\ssl\statem\statem_clnt.c, xrefs: 00007FFDA3479241

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free
String ID: ..\s\ssl\statem\statem_clnt.c
API String ID: 2581946324-1507966698
Opcode ID: 272e2eb847bb3fbff2dacf6a3a114d58e5e37a58b7e71007d02a7663ed5d6c58
Instruction ID: 4bf3f10e6d737ca82408b0aac85767af29aa6ccbd930dfb664ae5cebc95720cf
Opcode Fuzzy Hash: 272e2eb847bb3fbff2dacf6a3a114d58e5e37a58b7e71007d02a7663ed5d6c58
Instruction Fuzzy Hash: 8531D272B1D78146E7A09B51E0102AAB792FBC57C4F040134EACDA7B4ADFBDD1508B08

Function 00007FFDA34553A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA345546F
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3455497

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA3455466, 00007FFDA345547C

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_memdupR_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1048774365-1080266419
Opcode ID: 5afba650ea48e7fee841b0f0cba109d8cc061778d93cb4bed126621b1c6fba9f
Instruction ID: d26f8c5de688bc008980d0bff3e49d81e1f1bb7cd19a0725425d2ffe63208a4e
Opcode Fuzzy Hash: 5afba650ea48e7fee841b0f0cba109d8cc061778d93cb4bed126621b1c6fba9f
Instruction Fuzzy Hash: 0111C935F0A39283EB248716E420B79B752EF92746F540076CA4D67B46DE6FED028704

Function 00007FFDA343E2E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON

Download Yara Rule

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA343E35D

Strings

F, xrefs: 00007FFDA343E36B
..\s\ssl\record\ssl3_buffer.c, xrefs: 00007FFDA343E350

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_malloc
String ID: ..\s\ssl\record\ssl3_buffer.c$F
API String ID: 1457121658-4203526889
Opcode ID: 760e48131aea6df6ca7d3e55eb0f46afc480d02c60cf043e8074869e34ff349e
Instruction ID: 9ef963668ba4f410fcc6d62ac7dfae44b9f2cabc14f6c56b0f5d71af89ebc532
Opcode Fuzzy Hash: 760e48131aea6df6ca7d3e55eb0f46afc480d02c60cf043e8074869e34ff349e
Instruction Fuzzy Hash: 4C11B432B0AA8181E7109B15F50039967A1F788BC4F084135EF4CA3B8ACF7ED591CB08

Function 00007FFDA347883B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON

Download Yara Rule

APIs

CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FFDA34788D3

Strings

..\s\ssl\statem\statem_clnt.c, xrefs: 00007FFDA3478842
@, xrefs: 00007FFDA347887E

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_clear_free
String ID: ..\s\ssl\statem\statem_clnt.c$@
API String ID: 2011826501-1207107681
Opcode ID: 85200123b01b05cc52c48a53fd785423268fe6e58dc3e10c0d57c1a64805e6a5
Instruction ID: 78be0db207773e9bba90167f43b71676db94f50be1d8e58cdd541e5c444e98db
Opcode Fuzzy Hash: 85200123b01b05cc52c48a53fd785423268fe6e58dc3e10c0d57c1a64805e6a5
Instruction Fuzzy Hash: 59216D31B0978285EB608F12D5557B96766FB85FD4F094031CE4CABB9ACF7EE0458308

Function 00007FFDA34461F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3446215
CRYPTO_strdup.LIBCRYPTO-1_1 ref: 00007FFDA344626A

Strings

..\s\ssl\s3_lib.c, xrefs: 00007FFDA3446208, 00007FFDA3446260

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_strdup
String ID: ..\s\ssl\s3_lib.c
API String ID: 2148955802-4238427508
Opcode ID: 4fcc587332fcd85da71337ecb7517b00310b11705aad0983c4cd1313d0b66de5
Instruction ID: a5bad4ac17a6f7dfc7bed18c1841d162fcdf86ea1f6840c9a9d798a49f9710a2
Opcode Fuzzy Hash: 4fcc587332fcd85da71337ecb7517b00310b11705aad0983c4cd1313d0b66de5
Instruction Fuzzy Hash: 8D11C425F0E69646F7A1AB49E0203B86752BB81B44F440035DA8C5B786CFEFE6428708

Function 00007FFDA3448130 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1(?,00007FFDA34465AB), ref: 00007FFDA3448165
CRYPTO_memdup.LIBCRYPTO-1_1(?,00007FFDA34465AB), ref: 00007FFDA34481A0

Strings

..\s\ssl\s3_lib.c, xrefs: 00007FFDA3448151, 00007FFDA3448193

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_memdup
String ID: ..\s\ssl\s3_lib.c
API String ID: 3962629258-4238427508
Opcode ID: 3108a5092fda8c8bee01f408271f6aa1c4df9363ff0874777839b1e8f9030971
Instruction ID: 72a7da4388c3e9e6f28171b4ce5feca6309c1c98f1a22569e87f2e54f2a065b8
Opcode Fuzzy Hash: 3108a5092fda8c8bee01f408271f6aa1c4df9363ff0874777839b1e8f9030971
Instruction Fuzzy Hash: 47019B31B0AB8152EA959B15E4513D9A2D1FF48BC0F484035EF5CD7746DF7DD5618304

Function 00007FFDA3432293 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34642F5
CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA3464320

Strings

..\s\ssl\ssl_sess.c, xrefs: 00007FFDA34642E1, 00007FFDA3464313

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_memdup
String ID: ..\s\ssl\ssl_sess.c
API String ID: 3962629258-2868363209
Opcode ID: 2dc206ac1897eba174e4d68926f44c31a7b3390a93b44d875a904ad68d885eb1
Instruction ID: 992f6f9725c6900462734ba65609fdc3984ddb858651850a6a4709d2b91703d1
Opcode Fuzzy Hash: 2dc206ac1897eba174e4d68926f44c31a7b3390a93b44d875a904ad68d885eb1
Instruction Fuzzy Hash: E601C431B0AFC141EB919F15B8552A86391EF84BC4F484031EE4DA7B8AEF7DD4928308

Function 00007FFDA3470820 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA347086B
CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3470881

Strings

..\s\ssl\statem\extensions_cust.c, xrefs: 00007FFDA347085E, 00007FFDA3470874, 00007FFDA347089B

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free
String ID: ..\s\ssl\statem\extensions_cust.c
API String ID: 2581946324-3973221358
Opcode ID: 3cf5db9897d16314f6c406a7537cbdf5f713d31316b71214a26921031eca8072
Instruction ID: 7341e7dfcd155ade923d2a0f23499b2d856e7a0f077edd3bf3fb584c191ea36f
Opcode Fuzzy Hash: 3cf5db9897d16314f6c406a7537cbdf5f713d31316b71214a26921031eca8072
Instruction Fuzzy Hash: 45018031F1BA0285EB109F15E4611A9A762FF44BC4F044036EA4DA779ADFBED1508744

Function 00007FFDA346A850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA346A887
CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA346A8B0

Strings

D:\a\1\s\ssl\packet_local.h, xrefs: 00007FFDA346A877, 00007FFDA346A8A0

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_memdup
String ID: D:\a\1\s\ssl\packet_local.h
API String ID: 3962629258-373350680
Opcode ID: 6eceafe0f9ac89be950eaf40397fa8a42b0b463cabdcf8e0bbc67e2867511beb
Instruction ID: 079e7cdd18be8293abf6b53028a5cfe4fe523446486892e19d352171c2999507
Opcode Fuzzy Hash: 6eceafe0f9ac89be950eaf40397fa8a42b0b463cabdcf8e0bbc67e2867511beb
Instruction Fuzzy Hash: 99012C72B06F9281EB508F12E89065977A5EB58BC0F089431EE8CA7B4ADF7DD5A18704

Function 00007FFDA34894B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34894E7
CRYPTO_memdup.LIBCRYPTO-1_1 ref: 00007FFDA3489510

Strings

D:\a\1\s\ssl\packet_local.h, xrefs: 00007FFDA34894D7, 00007FFDA3489500

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_memdup
String ID: D:\a\1\s\ssl\packet_local.h
API String ID: 3962629258-373350680
Opcode ID: ef56933983db122366dd84d6e4ddb53d1b3936ce8cd6473e3eb14fac8a8ae14d
Instruction ID: 5c6632a6120ae4c76037005ff99724c3ddbc2a5033e7778f8040efcef790d614
Opcode Fuzzy Hash: ef56933983db122366dd84d6e4ddb53d1b3936ce8cd6473e3eb14fac8a8ae14d
Instruction Fuzzy Hash: 7D012C32707F9281EB508F12E89065977A5EB58BC0F089031EE8C97B4ADE7DD5A18704

Function 00007FFDA3438410 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

CRYPTO_zalloc.LIBCRYPTO-1_1 ref: 00007FFDA3438439
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3438461

Strings

..\s\ssl\packet.c, xrefs: 00007FFDA343842F, 00007FFDA3438446

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_zallocR_put_error
String ID: ..\s\ssl\packet.c
API String ID: 2718799170-1434567093
Opcode ID: 59326ab27369182db2ce9892aaeb255d9a41e7f068212e692eec0036cf6bba17
Instruction ID: 9558abdb5f73cf4e515c7159bf6950b5a64367e40124d6125202162a427734b2
Opcode Fuzzy Hash: 59326ab27369182db2ce9892aaeb255d9a41e7f068212e692eec0036cf6bba17
Instruction Fuzzy Hash: 4001A276B07B0585EB14CF14E4653A873A1EB54B08F604034DA0C87792FFBED996C744

Function 00007FFDA3432590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA346414D
CRYPTO_strdup.LIBCRYPTO-1_1 ref: 00007FFDA346417E

Strings

..\s\ssl\ssl_sess.c, xrefs: 00007FFDA3464140, 00007FFDA3464174

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_strdup
String ID: ..\s\ssl\ssl_sess.c
API String ID: 2148955802-2868363209
Opcode ID: dc3d2fc0f14784eb2e146324ee3a97f3f81b5d0262eaa536f718f385f35f1364
Instruction ID: d07af37de5589e9d4146883df358d0308e7f183a4354fc5c9cbfdacdb409059a
Opcode Fuzzy Hash: dc3d2fc0f14784eb2e146324ee3a97f3f81b5d0262eaa536f718f385f35f1364
Instruction Fuzzy Hash: 80F02821B09B4181EB94CF16F9952A96393DF88BC0F088130EE4CC3B9BEE3DD2924304

Function 00007FFDA3471120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3471149
CRYPTO_strndup.LIBCRYPTO-1_1 ref: 00007FFDA3471162

Strings

D:\a\1\s\ssl\packet_local.h, xrefs: 00007FFDA347113F, 00007FFDA3471152

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_strndup
String ID: D:\a\1\s\ssl\packet_local.h
API String ID: 2641571835-373350680
Opcode ID: 549cacb4790ac9b14b9aaa29e9ffd38caa9ecff224222ef14d100b17865d5f94
Instruction ID: 58db2b412c3e6982780847532ec542eedd15293520e8381b37124f0fb5d0c0da
Opcode Fuzzy Hash: 549cacb4790ac9b14b9aaa29e9ffd38caa9ecff224222ef14d100b17865d5f94
Instruction Fuzzy Hash: B3F0EC31B06E8681EB049B55E8A16EC6362DF4CBC8F048035EE0CD7757CE3DC5518304

Function 00007FFDA34896D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34896F9
CRYPTO_strndup.LIBCRYPTO-1_1 ref: 00007FFDA3489712

Strings

D:\a\1\s\ssl\packet_local.h, xrefs: 00007FFDA34896EF, 00007FFDA3489702

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_strndup
String ID: D:\a\1\s\ssl\packet_local.h
API String ID: 2641571835-373350680
Opcode ID: ce9a0d4aaae99bef2d8b22650f0948099d274d96d90a6c24dfb202b843b64582
Instruction ID: 58db2b412c3e6982780847532ec542eedd15293520e8381b37124f0fb5d0c0da
Opcode Fuzzy Hash: ce9a0d4aaae99bef2d8b22650f0948099d274d96d90a6c24dfb202b843b64582
Instruction Fuzzy Hash: B3F0EC31B06E8681EB049B55E8A16EC6362DF4CBC8F048035EE0CD7757CE3DC5518304

Function 00007FFDA34635F0 Relevance: 4.5, APIs: 3, Instructions: 33COMMON

Download Yara Rule

APIs

CRYPTO_THREAD_write_lock.LIBCRYPTO-1_1 ref: 00007FFDA3463625
OPENSSL_LH_set_down_load.LIBCRYPTO-1_1 ref: 00007FFDA346365C
CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 00007FFDA3463668

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: D_unlockD_write_lockH_set_down_load
String ID:
API String ID: 3243170206-0
Opcode ID: 364387872cffc2959901a71411da3d0a2019158a9bb87262f2a5101fd8f4fe06
Instruction ID: 96237bcaf643a7d6f490415594257fabfa9c0a0a7d05d682675f8c20b236c555
Opcode Fuzzy Hash: 364387872cffc2959901a71411da3d0a2019158a9bb87262f2a5101fd8f4fe06
Instruction Fuzzy Hash: E9017C62B09A8182DA60EB62E8A10686362FBC8794F440171FA4DD7B57DFBDD5628708

Function 00007FFDA3431131 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA343A2F0

Strings

..\s\ssl\record\rec_layer_d1.c, xrefs: 00007FFDA343A2AD

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free
String ID: ..\s\ssl\record\rec_layer_d1.c
API String ID: 2581946324-1306860146
Opcode ID: 5169c80baa392f2f343d14022db2a2c0489a76904eba205426d6dfcd2018c174
Instruction ID: 03d201dd1798468cbf43707cabce82465d2dd58448abb6c0fd88d1623e87400d
Opcode Fuzzy Hash: 5169c80baa392f2f343d14022db2a2c0489a76904eba205426d6dfcd2018c174
Instruction Fuzzy Hash: 17517022B4A74681EA189F66D4602BC73A2EF44FC4F184132EE4DD7787DFAEE4518318

Function 00007FFDA3432388 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA347D410

Strings

..\s\ssl\statem\statem_clnt.c, xrefs: 00007FFDA347D3FE, 00007FFDA347D47E, 00007FFDA347D4A5

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_malloc
String ID: ..\s\ssl\statem\statem_clnt.c
API String ID: 1457121658-1507966698
Opcode ID: 2212a3221ecae7a569e586a867ecb0d05ef10e2919d33d8f4ee345b33c9b8996
Instruction ID: 026a51f802447dae162da08f29fa669faf128fb55932532e67a0e8f4d1bc66c6
Opcode Fuzzy Hash: 2212a3221ecae7a569e586a867ecb0d05ef10e2919d33d8f4ee345b33c9b8996
Instruction Fuzzy Hash: 4031233271AB8086E360DF11E4102ADF7A2EB85BD4F444131DA8DA7B96DFBEE151C708

Function 00007FFDA3431078 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA346B085

Strings

..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FFDA346B002

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free
String ID: ..\s\ssl\statem\extensions_clnt.c
API String ID: 2581946324-592572767
Opcode ID: 92231f2c3840198930cef2b353f7c7182c4a0220501f44b0c28d4191049ca0ca
Instruction ID: b4f09bd787052eeb37a467378ddd07f8cd0a5074a2f59a6c2366c03b0a390345
Opcode Fuzzy Hash: 92231f2c3840198930cef2b353f7c7182c4a0220501f44b0c28d4191049ca0ca
Instruction Fuzzy Hash: 6E21E522B0D65142E7109F12E5143AE6762FB45BC0F040031DE5CABB8BCFBEE8518B58

Function 00007FFDA3431802 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON

Download Yara Rule

APIs

CRYPTO_strdup.LIBCRYPTO-1_1 ref: 00007FFDA346F19F

Strings

..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FFDA346F11A, 00007FFDA346F15E, 00007FFDA346F17B

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_strdup
String ID: ..\s\ssl\statem\extensions_clnt.c
API String ID: 1296259186-592572767
Opcode ID: 07947fcce73defaefd8bda5089e50f55aa59f62f3488ed1f5ae55716c646f564
Instruction ID: 9d5233ae546e3ba50a86623650b51f155816b989b49875fb8c21f57a5e14e599
Opcode Fuzzy Hash: 07947fcce73defaefd8bda5089e50f55aa59f62f3488ed1f5ae55716c646f564
Instruction Fuzzy Hash: 98215331B0DA4185E7608F00E8547BE67A1E744B88F544432DA8CAB79ACFBED9D5CB08

Function 00007FFDA34316F9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA343E050

Strings

..\s\ssl\record\ssl3_buffer.c, xrefs: 00007FFDA343E043

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free
String ID: ..\s\ssl\record\ssl3_buffer.c
API String ID: 2581946324-837614940
Opcode ID: adfe7c6bc8e8fc6d31d3e75e036973f93e3b6d4ea89d61374b896b26795afd0e
Instruction ID: 894fb2936ffb88c87c837eca18ec7dbd0c8cffd25eeb1d8ea8cb2b7da2b16031
Opcode Fuzzy Hash: adfe7c6bc8e8fc6d31d3e75e036973f93e3b6d4ea89d61374b896b26795afd0e
Instruction Fuzzy Hash: AF01CC3371AB92C1E6509B04E1502DC33A5FB48B84F580031EB8CABB56CF7ED0A28740

Function 00007FFDA3431122 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3437BE6

Strings

..\s\ssl\packet.c, xrefs: 00007FFDA3437BD9

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free
String ID: ..\s\ssl\packet.c
API String ID: 2581946324-1434567093
Opcode ID: da0b1486a29e875446c9408f5f46ebbd01b5aef1fcd694bc84046bbc94b541a5
Instruction ID: feb29c8b2f661a1121ae6ac212bd133f9d8f71f0262dfc5f70f106204eba20b0
Opcode Fuzzy Hash: da0b1486a29e875446c9408f5f46ebbd01b5aef1fcd694bc84046bbc94b541a5
Instruction Fuzzy Hash: DAF0F6A1F1A60A81EB645B15806037863A2EF44790F041030E94CD7387DFBED8D1C758

Function 00007FFDA343222A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA343E7B0

Strings

..\s\ssl\record\ssl3_record.c, xrefs: 00007FFDA343E7A3

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free
String ID: ..\s\ssl\record\ssl3_record.c
API String ID: 2581946324-2721125279
Opcode ID: 309ac8ddcce84b15061a267a37eda474b70396621fe7370d901befdeee5a4623
Instruction ID: ab15ff84f96ee494b1c0302b076eff38ac90ea79a5e0204e2aed4a348731db21
Opcode Fuzzy Hash: 309ac8ddcce84b15061a267a37eda474b70396621fe7370d901befdeee5a4623
Instruction Fuzzy Hash: 91F0BE36F2AA5180EB945B10E4903A87766EF88BD0F585031FE4DE3B4ADE7EC090C704

Function 00007FFDA3467680 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA34676B6

Strings

..\s\ssl\statem\extensions.c, xrefs: 00007FFDA34676A2

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free
String ID: ..\s\ssl\statem\extensions.c
API String ID: 2581946324-1165805907
Opcode ID: c14ec2ece7a0bf9546d8abbf34e5a2bf96408437d78f0f9b60bdd7d695f7ad69
Instruction ID: 9d1d8ca33bb0490b54c35e5e29e5018557f3e0064c9a86eaaac648d8b1e7ac54
Opcode Fuzzy Hash: c14ec2ece7a0bf9546d8abbf34e5a2bf96408437d78f0f9b60bdd7d695f7ad69
Instruction Fuzzy Hash: 57E04FA2B076018AE750AB58D0A93E42652DB44758F580434E90CDB392DFBF9592C754

Function 00007FFDA3446330 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3446344

Strings

..\s\ssl\s3_lib.c, xrefs: 00007FFDA3446337

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free
String ID: ..\s\ssl\s3_lib.c
API String ID: 2581946324-4238427508
Opcode ID: 6dd7d71263fe0d195323df282845c5af553974c56a1c9e52e62c151ae13b08e9
Instruction ID: 170a8a88e2b80d84c239a97cc7c97c28394d01f66826d0ccf60562ce053fb76e
Opcode Fuzzy Hash: 6dd7d71263fe0d195323df282845c5af553974c56a1c9e52e62c151ae13b08e9
Instruction Fuzzy Hash: 71E08622B09A51C5F700AF25F0102986353FBC0B54F080032DE0C57796CEBFD092C314

Function 00007FFDA3431069 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3497BF4

Strings

..\s\ssl\t1_lib.c, xrefs: 00007FFDA3497BED

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free
String ID: ..\s\ssl\t1_lib.c
API String ID: 2581946324-1643863364
Opcode ID: 622bce27a1d0a96630dbfaac7ead27c4b7118659e75fb43a875b1e08f896f7c3
Instruction ID: adcd38e8bb1c162cf291692c1512f3dd30e5d7ffa80cbe3559777cf665b9bcc0
Opcode Fuzzy Hash: 622bce27a1d0a96630dbfaac7ead27c4b7118659e75fb43a875b1e08f896f7c3
Instruction Fuzzy Hash: 24D01711F0B50685EA546A9284726B827129F48B44F144030ED1DE77939C8EE5569718

Function 00007FFDA34680F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FFDA3468116

Strings

..\s\ssl\statem\extensions.c, xrefs: 00007FFDA3468102

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free
String ID: ..\s\ssl\statem\extensions.c
API String ID: 2581946324-1165805907
Opcode ID: 891db287cd659d7b8d35944e732a7309ebfc8684a9206ef12554e0065cf9a329
Instruction ID: cabac089cb7250b494cd220d51b783a317554fd74a4c12d13ccdc99045c8d778
Opcode Fuzzy Hash: 891db287cd659d7b8d35944e732a7309ebfc8684a9206ef12554e0065cf9a329
Instruction Fuzzy Hash: 0ED0A796F0AA0145F7506B55D4653D41321EF08748F481032ED0CEB7C3DE9FE1928718

Function 00007FFDA34324FA Relevance: 3.0, APIs: 2, Instructions: 18COMMON

Download Yara Rule

APIs

CRYPTO_THREAD_write_lock.LIBCRYPTO-1_1 ref: 00007FFDA345AF50
CRYPTO_THREAD_unlock.LIBCRYPTO-1_1 ref: 00007FFDA345AF63

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: D_unlockD_write_lock
String ID:
API String ID: 1724170673-0
Opcode ID: 2efe79bff30d255ef0ab69b4ea0d008c3b9a7bc6aea054b00a91d2cdc12de54a
Instruction ID: 31f1542d5258e9f692b4b96b73aa4b89dec7f1c9c900188831917f7be5cb645e
Opcode Fuzzy Hash: 2efe79bff30d255ef0ab69b4ea0d008c3b9a7bc6aea054b00a91d2cdc12de54a
Instruction Fuzzy Hash: 48E02623B0EA4181D784A751F9902F85321EF48790F581031FE1DC7383ED79D8E20304

Function 00007FFDA3489130 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

CRYPTO_memcmp.LIBCRYPTO-1_1 ref: 00007FFDA348914D

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_memcmp
String ID:
API String ID: 2788248766-0
Opcode ID: 6a6d465780acf7ed9e56836580813f18a6b0f1139c5b2302c9c2a56e0bb2ae19
Instruction ID: 8c60755c005384f8882e2d159c74ba201c83c8125e48567067d3a741e721ff3d
Opcode Fuzzy Hash: 6a6d465780acf7ed9e56836580813f18a6b0f1139c5b2302c9c2a56e0bb2ae19
Instruction Fuzzy Hash: 4BD0A916F0B50282F688B23A89A60A902C19B80380F948034E50DD2783CC4EC8E64708

Function 00007FFDA346A5E0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

CRYPTO_memcmp.LIBCRYPTO-1_1 ref: 00007FFDA346A5FD

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_memcmp
String ID:
API String ID: 2788248766-0
Opcode ID: 6a6d465780acf7ed9e56836580813f18a6b0f1139c5b2302c9c2a56e0bb2ae19
Instruction ID: ef0d690cb60172ac584826e8aed4495361274a7894130ebfac363eec3b5a7664
Opcode Fuzzy Hash: 6a6d465780acf7ed9e56836580813f18a6b0f1139c5b2302c9c2a56e0bb2ae19
Instruction Fuzzy Hash: 3CD0A916F0760282E688B33E89A20A902D09B80380F948034E60ED2783CD5EC8E64B05

Function 00007FFDA344E3C0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

CRYPTO_THREAD_run_once.LIBCRYPTO-1_1(00007FFDA344D98E), ref: 00007FFDA344E3DB

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: D_run_once
String ID:
API String ID: 1403826838-0
Opcode ID: d055155e7dfa394d9151ded48a12c15ff788ed91f46543e9f8dab3fed7f81b86
Instruction ID: b00c1f66013f854b15d7d442ff2f1f47fc365db447e3b465456147a07521c26d
Opcode Fuzzy Hash: d055155e7dfa394d9151ded48a12c15ff788ed91f46543e9f8dab3fed7f81b86
Instruction Fuzzy Hash: 29D05E24F4AA0392F648A32CCC721B162526F41300F404035E40DE3753DD9DE9568718

Function 00007FFDA343129E Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

CRYPTO_THREAD_run_once.LIBCRYPTO-1_1 ref: 00007FFDA344DB4B

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: D_run_once
String ID:
API String ID: 1403826838-0
Opcode ID: 50386b0b5eefdba10866bde5667da4eefc104fd624e264bf7722bf74b99ec935
Instruction ID: 05c7fe45eaa980a7559cbac7718c563752e18acd8ef335644c388e949da09111
Opcode Fuzzy Hash: 50386b0b5eefdba10866bde5667da4eefc104fd624e264bf7722bf74b99ec935
Instruction Fuzzy Hash: 93D09254F4BA4691E910AB5DD8A11A45312AF41304F804031E50CE63A7DD9EE566835C

Function 00007FFDA3453620 Relevance: 71.9, APIs: 35, Strings: 6, Instructions: 120
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA3453642
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA345364F
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA345365C
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA3453669
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA3453676
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA3453683
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA3453690
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA345369D
EVP_aes_256_cbc.LIBCRYPTO-1_1 ref: 00007FFDA34536A2
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA34536AA
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA34536B7
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA34536C4
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA34536D1
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA34536DE
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA34536EB
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA34536F8
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA3453705
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA3453712
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA345371F
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA345372C
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA3453739
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA3453746
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA3453753
EVP_add_cipher.LIBCRYPTO-1_1 ref: 00007FFDA3453760
EVP_md5.LIBCRYPTO-1_1 ref: 00007FFDA3453765
EVP_add_digest.LIBCRYPTO-1_1 ref: 00007FFDA3453792
EVP_sha1.LIBCRYPTO-1_1 ref: 00007FFDA3453797
EVP_add_digest.LIBCRYPTO-1_1 ref: 00007FFDA345379F
OBJ_NAME_add.LIBCRYPTO-1_1 ref: 00007FFDA34537B7
OBJ_NAME_add.LIBCRYPTO-1_1 ref: 00007FFDA34537CF
EVP_add_digest.LIBCRYPTO-1_1 ref: 00007FFDA34537DC
EVP_sha256.LIBCRYPTO-1_1 ref: 00007FFDA34537E1
EVP_add_digest.LIBCRYPTO-1_1 ref: 00007FFDA34537E9
EVP_add_digest.LIBCRYPTO-1_1 ref: 00007FFDA34537F6
EVP_add_digest.LIBCRYPTO-1_1 ref: 00007FFDA3453803

Part of subcall function 00007FFDA343129E: CRYPTO_THREAD_run_once.LIBCRYPTO-1_1 ref: 00007FFDA344DB4B

Part of subcall function 00007FFDA34315B4: OBJ_nid2sn.LIBCRYPTO-1_1 ref: 00007FFDA3451147
Part of subcall function 00007FFDA34315B4: EVP_get_digestbyname.LIBCRYPTO-1_1 ref: 00007FFDA345114F
Part of subcall function 00007FFDA34315B4: EVP_PKEY_asn1_find_str.LIBCRYPTO-1_1 ref: 00007FFDA34511D1
Part of subcall function 00007FFDA34315B4: EVP_PKEY_asn1_get0_info.LIBCRYPTO-1_1 ref: 00007FFDA34511F1
Part of subcall function 00007FFDA34315B4: ENGINE_finish.LIBCRYPTO-1_1 ref: 00007FFDA3451205
Part of subcall function 00007FFDA34315B4: EVP_PKEY_asn1_find_str.LIBCRYPTO-1_1 ref: 00007FFDA3451243
Part of subcall function 00007FFDA34315B4: EVP_PKEY_asn1_get0_info.LIBCRYPTO-1_1 ref: 00007FFDA3451263
Part of subcall function 00007FFDA34315B4: ENGINE_finish.LIBCRYPTO-1_1 ref: 00007FFDA3451277

Strings

ssl3-md5, xrefs: 00007FFDA345377E
RSA-SHA1-2, xrefs: 00007FFDA34537C8
RSA-SHA1, xrefs: 00007FFDA34537BC
ssl3-sha1, xrefs: 00007FFDA34537B0
MD5, xrefs: 00007FFDA3453772
SHA1, xrefs: 00007FFDA34537A4

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: P_add_cipher$P_add_digest$E_addE_finishY_asn1_find_strY_asn1_get0_info$D_run_onceJ_nid2snP_aes_256_cbcP_get_digestbynameP_md5P_sha1P_sha256
String ID: MD5$RSA-SHA1$RSA-SHA1-2$SHA1$ssl3-md5$ssl3-sha1
API String ID: 802802306-3803824401
Opcode ID: 58cda8fca9c60835c32c60c2a7d44b18d34cbf4c616ad85a3a02e40197818324
Instruction ID: 1bc8a8cb1f6b4ba20c6ac8a2f59415520fc472f27dd93d494d86b7fe5db53a85
Opcode Fuzzy Hash: 58cda8fca9c60835c32c60c2a7d44b18d34cbf4c616ad85a3a02e40197818324
Instruction Fuzzy Hash: 1741ED90F0B24781E9A4F7E2643A5F812435F81760F480835F90EF6397EDAEF4848769

Function 00007FFDA34324A0 Relevance: 58.0, APIs: 31, Strings: 2, Instructions: 224COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344B314
X509_STORE_new.LIBCRYPTO-1_1 ref: 00007FFDA344B322
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA344B337
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA344B346
X509_STORE_add_cert.LIBCRYPTO-1_1 ref: 00007FFDA344B351
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA344B364
X509_STORE_add_cert.LIBCRYPTO-1_1 ref: 00007FFDA344B373
X509_STORE_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA344B3B1
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344B3D9
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344B413
ERR_clear_error.LIBCRYPTO-1_1 ref: 00007FFDA344B44A
X509_STORE_CTX_get1_chain.LIBCRYPTO-1_1 ref: 00007FFDA344B457
OPENSSL_sk_shift.LIBCRYPTO-1_1 ref: 00007FFDA344B46A
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA344B472
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA344B480
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA344B48C
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA344B497
X509_get_extension_flags.LIBCRYPTO-1_1 ref: 00007FFDA344B49F
OPENSSL_sk_pop.LIBCRYPTO-1_1 ref: 00007FFDA344B4AD
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA344B4B5
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA344B4BF
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA344B4D9
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA344B503
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA344B517
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344B54A
ERR_add_error_data.LIBCRYPTO-1_1 ref: 00007FFDA344B56D
X509_STORE_free.LIBCRYPTO-1_1 ref: 00007FFDA344B5D3
X509_STORE_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA344B5DB

Strings

..\s\ssl\ssl_cert.c, xrefs: 00007FFDA344B2F7, 00007FFDA344B3BE, 00007FFDA344B3F8, 00007FFDA344B53A, 00007FFDA344B574
Verify error:, xrefs: 00007FFDA344B561

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: X509_$L_sk_num$R_put_error$L_sk_value$E_add_certX509_free$E_freeE_newL_sk_popL_sk_pop_freeL_sk_shiftR_add_error_dataR_clear_errorX509_get_extension_flagsX_freeX_get1_chainX_new
String ID: ..\s\ssl\ssl_cert.c$Verify error:
API String ID: 2601141546-2787608381
Opcode ID: 5049874d2361cbabf52a9f06f8f08ec0b543a9ec8c0c08948edb80b58f74209a
Instruction ID: dc532b66f693585c0b6ed5f648ab9c5045b66525e9477021d3d8cf7f15895083
Opcode Fuzzy Hash: 5049874d2361cbabf52a9f06f8f08ec0b543a9ec8c0c08948edb80b58f74209a
Instruction Fuzzy Hash: B5919421B0B64787FA64EA2294356BD6293AF44B84F444435ED4DE7783DFBEE5808308

Function 00007FFDA344A470 Relevance: 56.2, APIs: 29, Strings: 3, Instructions: 181COMMON

Download Yara Rule

APIs

BIO_snprintf.LIBCRYPTO-1_1 ref: 00007FFDA344A537
OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1 ref: 00007FFDA344A558
BIO_s_file.LIBCRYPTO-1_1 ref: 00007FFDA344A560
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA344A568
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA344A58A
PEM_read_bio_X509.LIBCRYPTO-1_1 ref: 00007FFDA344A5A5
X509_get_subject_name.LIBCRYPTO-1_1 ref: 00007FFDA344A5B5
X509_NAME_dup.LIBCRYPTO-1_1 ref: 00007FFDA344A5C6
OPENSSL_sk_find.LIBCRYPTO-1_1 ref: 00007FFDA344A5DD
X509_NAME_free.LIBCRYPTO-1_1 ref: 00007FFDA344A5E9
OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 00007FFDA344A5F6
PEM_read_bio_X509.LIBCRYPTO-1_1 ref: 00007FFDA344A611
ERR_clear_error.LIBCRYPTO-1_1 ref: 00007FFDA344A61B
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA344A623
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA344A62D
OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1 ref: 00007FFDA344A638
OPENSSL_DIR_read.LIBCRYPTO-1_1 ref: 00007FFDA344A645
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDA344A656
GetLastError.KERNEL32 ref: 00007FFDA344A665
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344A685
ERR_add_error_data.LIBCRYPTO-1_1 ref: 00007FFDA344A6A0
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344A6C2
X509_NAME_free.LIBCRYPTO-1_1 ref: 00007FFDA344A6CC
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344A6F0
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA344A6F8
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA344A702
OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1 ref: 00007FFDA344A70D
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344A731
OPENSSL_DIR_end.LIBCRYPTO-1_1 ref: 00007FFDA344A773

Strings

%s/%s, xrefs: 00007FFDA344A528
..\s\ssl\ssl_cert.c, xrefs: 00007FFDA344A67B, 00007FFDA344A6B2, 00007FFDA344A6E0, 00007FFDA344A721
OPENSSL_DIR_read(&ctx, ', xrefs: 00007FFDA344A694

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$L_sk_set_cmp_funcX509_$E_freeM_read_bio_O_freeX509X509_free$E_dupErrorL_sk_findL_sk_pushLastO_ctrlO_newO_s_fileO_snprintfR_add_error_dataR_clear_errorR_endR_readX509_get_subject_name_errno
String ID: %s/%s$..\s\ssl\ssl_cert.c$OPENSSL_DIR_read(&ctx, '
API String ID: 1034648778-4291904164
Opcode ID: 627fe3b24fabd2d2a33f12e6dd11bf5debad2629e1e43702dac1066637e908aa
Instruction ID: 4a3e120479f20f15f306189277191a09f6e3b357fc482d5338f0aebb9b2ad607
Opcode Fuzzy Hash: 627fe3b24fabd2d2a33f12e6dd11bf5debad2629e1e43702dac1066637e908aa
Instruction Fuzzy Hash: BF718561B0E78282FB709B51E4317B96352AF85784F440035EA4DA7B97DFBEE481870C

Function 00007FFDA3431631 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 205COMMON

Download Yara Rule

APIs

EVP_MD_CTX_md.LIBCRYPTO-1_1 ref: 00007FFDA343F649
EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA343F651
EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FFDA343F686
EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FFDA343F68E
memcpy.VCRUNTIME140 ref: 00007FFDA343F6C1
memcpy.VCRUNTIME140 ref: 00007FFDA343F6D8
EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA343F75F
EVP_MD_CTX_copy_ex.LIBCRYPTO-1_1 ref: 00007FFDA343F78E
EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 00007FFDA343F7A6
EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 00007FFDA343F7C0
EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 00007FFDA343F7D9
EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 00007FFDA343F7F4
EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 00007FFDA343F80D
EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 00007FFDA343F825
EVP_DigestFinal_ex.LIBCRYPTO-1_1 ref: 00007FFDA343F83B
EVP_MD_CTX_copy_ex.LIBCRYPTO-1_1 ref: 00007FFDA343F84A
EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 00007FFDA343F85E
EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 00007FFDA343F874
EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 00007FFDA343F888
EVP_DigestFinal_ex.LIBCRYPTO-1_1 ref: 00007FFDA343F89C
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA343F8A8
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA343F8BF

Strings

666666666666666666666666666666666666666666666666\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\, xrefs: 00007FFDA343F6D1, 00007FFDA343F7B6

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: Digest$Update$Final_exX_copy_exX_freememcpy$D_sizeR_flagsX_cipherX_mdX_new
String ID: 666666666666666666666666666666666666666666666666\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
API String ID: 3621087735-2009547811
Opcode ID: e37860b31a779a327cb44d8bf5cfb0dc8edfb86ecc58f51a149e37845ba4bda2
Instruction ID: bd4dab9a165e84ab7236429c3f6318c53262ddf8366690ec9496056f436c133d
Opcode Fuzzy Hash: e37860b31a779a327cb44d8bf5cfb0dc8edfb86ecc58f51a149e37845ba4bda2
Instruction Fuzzy Hash: 9F81DA62B0AB8740FA1CDB16A8356B9A753EF45BC0F040036ED4DE7797DEAED4448708

Function 00007FFDA343105F Relevance: 38.6, APIs: 21, Strings: 1, Instructions: 118COMMON

Download Yara Rule

APIs

BIO_s_file.LIBCRYPTO-1_1 ref: 00007FFDA344AC3E
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA344AC46
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA344AC90
PEM_read_bio_X509.LIBCRYPTO-1_1 ref: 00007FFDA344ACAB
OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 00007FFDA344ACC5
X509_get_subject_name.LIBCRYPTO-1_1 ref: 00007FFDA344ACDB
X509_NAME_dup.LIBCRYPTO-1_1 ref: 00007FFDA344ACEF
OPENSSL_LH_retrieve.LIBCRYPTO-1_1 ref: 00007FFDA344AD06
X509_NAME_free.LIBCRYPTO-1_1 ref: 00007FFDA344AD13
OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 00007FFDA344AD2D
PEM_read_bio_X509.LIBCRYPTO-1_1 ref: 00007FFDA344AD44
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA344AD55
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA344AD5F
OPENSSL_LH_free.LIBCRYPTO-1_1 ref: 00007FFDA344AD67
ERR_clear_error.LIBCRYPTO-1_1 ref: 00007FFDA344AD71
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344ADA2
X509_NAME_free.LIBCRYPTO-1_1 ref: 00007FFDA344ADAA
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA344ADB9
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA344ADC1
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA344ADCB
OPENSSL_LH_free.LIBCRYPTO-1_1 ref: 00007FFDA344ADD3

Strings

..\s\ssl\ssl_cert.c, xrefs: 00007FFDA344AD93

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: X509_$E_freeH_freeM_read_bio_O_freeX509X509_free$E_dupH_retrieveL_sk_new_nullL_sk_pop_freeL_sk_pushO_ctrlO_newO_s_fileR_clear_errorR_put_errorX509_get_subject_name
String ID: ..\s\ssl\ssl_cert.c
API String ID: 751231659-349359282
Opcode ID: d2b0f7c6c1076af27aaef5a91b42b6acc0624129fed82b24db3b390386e8e288
Instruction ID: 4dac424730940edbface48c299210c7ebd10c2bfd37a1310a9f9cc44a01d3fe9
Opcode Fuzzy Hash: d2b0f7c6c1076af27aaef5a91b42b6acc0624129fed82b24db3b390386e8e288
Instruction Fuzzy Hash: 27419061B0F74246FE64AB2294316B957939F85BC4F084034ED0DEBB97DEEEE0818308

Function 00007FFDA349C2C0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 218COMMON

Download Yara Rule

APIs

EVP_PKEY_CTX_new_id.LIBCRYPTO-1_1 ref: 00007FFDA349C316
EVP_PKEY_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA349C370
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA349C392
EVP_PKEY_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA349C39A
EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA349C3A7
EVP_PKEY_derive_init.LIBCRYPTO-1_1 ref: 00007FFDA349C4A7
EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA349C4D3
EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA349C4FB
EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA349C529
EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA349C559

Strings

U, xrefs: 00007FFDA349C618
tls13 , xrefs: 00007FFDA349C40F
W, xrefs: 00007FFDA349C63E
..\s\ssl\tls13_enc.c, xrefs: 00007FFDA349C340, 00007FFDA349C592, 00007FFDA349C60A

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: X_ctrl$X_free$D_sizeR_put_errorX_new_idY_derive_init
String ID: ..\s\ssl\tls13_enc.c$U$W$tls13
API String ID: 2176224248-2595563013
Opcode ID: 7025e5d67e21c680d55085412324220ae3acebaa8e34da1c22efe020185f10cc
Instruction ID: 529bccd473433e868650263d2d9fc39827ff2bd213b131ae569273ad3e952364
Opcode Fuzzy Hash: 7025e5d67e21c680d55085412324220ae3acebaa8e34da1c22efe020185f10cc
Instruction Fuzzy Hash: 8591B431B0D68642FB74AA11E4207BA6752EB84784F440135EE4DEB797DFBED941CB08

Function 00007FFDA3431271 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 159COMMON

Download Yara Rule

APIs

ERR_clear_error.LIBCRYPTO-1_1 ref: 00007FFDA3462F33
BIO_s_file.LIBCRYPTO-1_1 ref: 00007FFDA3462F5B
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA3462F63
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3462F8B
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA3462FA4
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3462FCA
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3463007
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA3463100
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA3463108

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FFDA3462F70, 00007FFDA3462FBA, 00007FFDA3462FEC

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$O_ctrlO_freeO_newO_s_fileR_clear_errorX509_free
String ID: ..\s\ssl\ssl_rsa.c
API String ID: 2163941219-2723262194
Opcode ID: b84c602e5be984a9436d7ecfe5f9ecb1d86c3c77b663728f0f986a5d295781ac
Instruction ID: 24e0395bd4ba9ce958cf75e70a6329fd26f75fc122e71e1b575b436947204859
Opcode Fuzzy Hash: b84c602e5be984a9436d7ecfe5f9ecb1d86c3c77b663728f0f986a5d295781ac
Instruction Fuzzy Hash: B251B611B0EAC385FA24AF6294316B96292AF45B84F044035FD4DE779BDFBFE4548708

Function 00007FFDA3432194 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA344465F
EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA344467A
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA3444737
EVP_MD_CTX_md.LIBCRYPTO-1_1 ref: 00007FFDA344475C
EVP_MD_type.LIBCRYPTO-1_1 ref: 00007FFDA3444764
EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA34447A2
EVP_MD_CTX_copy_ex.LIBCRYPTO-1_1 ref: 00007FFDA34447D3
EVP_MD_CTX_md.LIBCRYPTO-1_1 ref: 00007FFDA34447E9
EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA34447F1
EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 00007FFDA3444814
EVP_MD_CTX_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA3444834
EVP_DigestFinal_ex.LIBCRYPTO-1_1 ref: 00007FFDA3444846
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA3444880

Strings

..\s\ssl\s3_enc.c, xrefs: 00007FFDA3444703, 00007FFDA344477C, 00007FFDA344485D

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: DigestX_mdX_new$D_sizeD_typeFinal_exO_ctrlO_freeUpdateX_copy_exX_ctrlX_free
String ID: ..\s\ssl\s3_enc.c
API String ID: 485953282-1839494539
Opcode ID: ef17e9a45c90a4201180d711f444119ed43c2813af601f3ad1389d32d129b891
Instruction ID: 290e80e2e79dc5e14e8d9c6876c3035f4bf27be010a7ccb317bf28711e07b56b
Opcode Fuzzy Hash: ef17e9a45c90a4201180d711f444119ed43c2813af601f3ad1389d32d129b891
Instruction Fuzzy Hash: 4E61B532B0A68245EB60DB12D5623B96792EF85BC4F044035DE4EEB797DFBED4418708

Function 00007FFDA3431064 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 156COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345FE05
conf_ssl_name_find.LIBCRYPTO-1_1 ref: 00007FFDA345FE34
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345FE60
ERR_add_error_data.LIBCRYPTO-1_1 ref: 00007FFDA345FE77
conf_ssl_get_cmd.LIBCRYPTO-1_1 ref: 00007FFDA345FF30
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345FFC1
ERR_add_error_data.LIBCRYPTO-1_1 ref: 00007FFDA3460001

Strings

, cmd=, xrefs: 00007FFDA345FFCB
..\s\ssl\ssl_mcnf.c, xrefs: 00007FFDA345FDEA, 00007FFDA345FE45, 00007FFDA345FFAC
, arg=, xrefs: 00007FFDA345FFEB
system_default, xrefs: 00007FFDA345FE16
), xrefs: 00007FFDA345FE4C
section=, xrefs: 00007FFDA345FFDA
name=, xrefs: 00007FFDA345FE6D

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$R_add_error_data$conf_ssl_get_cmdconf_ssl_name_find
String ID: )$, arg=$, cmd=$..\s\ssl\ssl_mcnf.c$name=$section=$system_default
API String ID: 1136227658-3150877160
Opcode ID: de54f06d0a5ad61313ac3c5f2a910e846887ce29ff7eae0f94fcbb296ca8278f
Instruction ID: 10a2f3695caa8abc621f4d2f155831ada7d7292db985dfa02a2d794f8ef97e92
Opcode Fuzzy Hash: de54f06d0a5ad61313ac3c5f2a910e846887ce29ff7eae0f94fcbb296ca8278f
Instruction Fuzzy Hash: 7951B722B0E78686EB20AB55E4202E97392FB85784F444036EE4DD7B87DFBED941C705

Function 00007FFDA3431442 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 189COMMON

Download Yara Rule

Strings

..\s\ssl\s3_enc.c, xrefs: 00007FFDA3444292

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID:
String ID: ..\s\ssl\s3_enc.c
API String ID: 0-1839494539
Opcode ID: 5d7a45a94e98385d8f0f84cc3fc7ee52ffaaa0ab4984e631c558149010dd3fb3
Instruction ID: 4d197e0324651efe836ac3dcb70f9e088bd635d43acb845413e5edfee1bf4ff3
Opcode Fuzzy Hash: 5d7a45a94e98385d8f0f84cc3fc7ee52ffaaa0ab4984e631c558149010dd3fb3
Instruction Fuzzy Hash: 87819131B0AA4282EA60DB11E4263BD6392FB40BC4F440535DE4EAB787DFBEE545C348

Function 00007FFDA3451540 Relevance: 19.6, APIs: 13, Instructions: 77COMMON

Download Yara Rule

APIs

OPENSSL_sk_dup.LIBCRYPTO-1_1(?,00007FFDA344DCAD), ref: 00007FFDA345156F
OPENSSL_sk_num.LIBCRYPTO-1_1(?,00007FFDA344DCAD), ref: 00007FFDA3451583
OPENSSL_sk_value.LIBCRYPTO-1_1(?,00007FFDA344DCAD), ref: 00007FFDA3451595
OPENSSL_sk_num.LIBCRYPTO-1_1(?,00007FFDA344DCAD), ref: 00007FFDA34515B0
OPENSSL_sk_num.LIBCRYPTO-1_1(?,00007FFDA344DCAD), ref: 00007FFDA34515BE
OPENSSL_sk_value.LIBCRYPTO-1_1(?,00007FFDA344DCAD), ref: 00007FFDA34515D5
OPENSSL_sk_insert.LIBCRYPTO-1_1(?,00007FFDA344DCAD), ref: 00007FFDA34515E3
OPENSSL_sk_num.LIBCRYPTO-1_1(?,00007FFDA344DCAD), ref: 00007FFDA34515ED
OPENSSL_sk_dup.LIBCRYPTO-1_1(?,00007FFDA344DCAD), ref: 00007FFDA34515F9
OPENSSL_sk_free.LIBCRYPTO-1_1(?,00007FFDA344DCAD), ref: 00007FFDA3451609
OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1(?,00007FFDA344DCAD), ref: 00007FFDA345161B
OPENSSL_sk_sort.LIBCRYPTO-1_1(?,00007FFDA344DCAD), ref: 00007FFDA3451623
OPENSSL_sk_free.LIBCRYPTO-1_1(?,00007FFDA344DCAD), ref: 00007FFDA345162B

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_num$L_sk_dupL_sk_freeL_sk_value$L_sk_insertL_sk_set_cmp_funcL_sk_sort
String ID:
API String ID: 3373104257-0
Opcode ID: 7e81393dbd7bc1aec2206ad93fd04eec181d4c00f356fb770602c10c45cf52be
Instruction ID: d64fcfd553f8f7ae260b73732db9e3ee77750e7453c9f1f2969667a5986051e4
Opcode Fuzzy Hash: 7e81393dbd7bc1aec2206ad93fd04eec181d4c00f356fb770602c10c45cf52be
Instruction Fuzzy Hash: C1215321F0B70681EA64EB16947117DA296AF88BC0F055031FD4FE7797DEBED4828308

Function 00007FFDA34904F0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 157COMMON

Download Yara Rule

APIs

EVP_PKEY_CTX_new.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FFDA3492510), ref: 00007FFDA3490575
X509_get0_pubkey.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FFDA3492510), ref: 00007FFDA34905E6
ERR_clear_error.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FFDA3492510), ref: 00007FFDA34905FF
ASN1_item_d2i.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FFDA3492510), ref: 00007FFDA349061E
ASN1_TYPE_get.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FFDA3492510), ref: 00007FFDA349063B
EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FFDA3492510), ref: 00007FFDA34906EE
EVP_PKEY_CTX_free.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FFDA3492510), ref: 00007FFDA3490744
ASN1_item_free.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FFDA3492510), ref: 00007FFDA3490753

Part of subcall function 00007FFDA3431C08: CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FFDA34488C9
Part of subcall function 00007FFDA3431C08: memset.VCRUNTIME140 ref: 00007FFDA34488F7
Part of subcall function 00007FFDA3431C08: memcpy.VCRUNTIME140 ref: 00007FFDA3448933
Part of subcall function 00007FFDA3431C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FFDA3448956
Part of subcall function 00007FFDA3431C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FFDA34489BD
Part of subcall function 00007FFDA3431C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FFDA3448A38

Strings

..\s\ssl\statem\statem_srvr.c, xrefs: 00007FFDA34904F5, 00007FFDA349058E, 00007FFDA3490724
Q, xrefs: 00007FFDA3490714
, xrefs: 00007FFDA349051D

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_clear_free$E_getN1_item_d2iN1_item_freeO_mallocR_clear_errorX509_get0_pubkeyX_ctrlX_freeX_newmemcpymemset
String ID: $..\s\ssl\statem\statem_srvr.c$Q
API String ID: 2622237655-4085857157
Opcode ID: 29b83a6a0e9b2dcd0b987ecca7b7a48fca6c18b4ebd350d10a0bdae3980f98aa
Instruction ID: dd845b0e1bc8c4dfed58a7d88af5062bba0285a4d57663c8310fdfcbe9c2f1c3
Opcode Fuzzy Hash: 29b83a6a0e9b2dcd0b987ecca7b7a48fca6c18b4ebd350d10a0bdae3980f98aa
Instruction Fuzzy Hash: 3A61C27170AB4281EA70DB55E4203B9B792EF84B94F044035DE8D97797DFBEE5408B08

Function 00007FFDA3432130 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 126COMMON

Download Yara Rule

APIs

EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA349BB28
EVP_PKEY_new_raw_private_key.LIBCRYPTO-1_1 ref: 00007FFDA349BBF8
OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 00007FFDA349BC0A
EVP_PKEY_new_raw_private_key.LIBCRYPTO-1_1 ref: 00007FFDA349BC24
EVP_DigestSignInit.LIBCRYPTO-1_1 ref: 00007FFDA349BC46
EVP_DigestUpdate.LIBCRYPTO-1_1 ref: 00007FFDA349BC5F
EVP_DigestSignFinal.LIBCRYPTO-1_1 ref: 00007FFDA349BC73
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA349BCB1
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA349BCB9

Strings

finished, xrefs: 00007FFDA349BBBA
..\s\ssl\tls13_enc.c, xrefs: 00007FFDA349BC90

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: Digest$SignY_new_raw_private_key$FinalInitL_cleanseUpdateX_freeX_newY_free
String ID: ..\s\ssl\tls13_enc.c$finished
API String ID: 2202177965-3224497825
Opcode ID: ca03616b0c750a7e6b1ea2480e971be00b884d2251b7000aaaf849d8ff587b0e
Instruction ID: 141ce928ae2b5809c6f0c71dfba79f510436471ee9e800e3359195ab57718a45
Opcode Fuzzy Hash: ca03616b0c750a7e6b1ea2480e971be00b884d2251b7000aaaf849d8ff587b0e
Instruction Fuzzy Hash: E451B52170AA8286E664DB52E4213FAA352FF84BC0F444436EE4DA7B47DFBDD541C744

Function 00007FFDA343179E Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

BIO_s_socket.LIBCRYPTO-1_1 ref: 00007FFDA345ADED
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA345ADF5
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345AE1D
BIO_int_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA345AE41
BIO_next.LIBCRYPTO-1_1 ref: 00007FFDA345AE55
BIO_up_ref.LIBCRYPTO-1_1 ref: 00007FFDA345AE68
BIO_next.LIBCRYPTO-1_1 ref: 00007FFDA345AE7C
BIO_next.LIBCRYPTO-1_1 ref: 00007FFDA345AE95
BIO_free_all.LIBCRYPTO-1_1 ref: 00007FFDA345AEA9

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345AE02

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_next$O_free_allO_int_ctrlO_newO_s_socketO_up_refR_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 3703036260-1080266419
Opcode ID: 350f4745fa107194776e9f47efe5bc83782cd8098f8e85f8f58fc5efdbc54413
Instruction ID: 39ec47b2c62b3fc117e419e2ce2e4b6b6b4aadf13053c355789c6397985a7838
Opcode Fuzzy Hash: 350f4745fa107194776e9f47efe5bc83782cd8098f8e85f8f58fc5efdbc54413
Instruction Fuzzy Hash: 91314C21F4B71281EA65AB25D02117D63A2EF84B84F040531EE0DA7B8BDFAEE8508748

Function 00007FFDA34626F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 105COMMON

Download Yara Rule

APIs

X509_get0_pubkey.LIBCRYPTO-1_1(?,00007FFDA3460B20), ref: 00007FFDA3462711
ERR_put_error.LIBCRYPTO-1_1(?,00007FFDA3460B20), ref: 00007FFDA3462739
ERR_put_error.LIBCRYPTO-1_1(?,00007FFDA3460B20), ref: 00007FFDA346277D

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FFDA346272B, 00007FFDA346276F, 00007FFDA34627BD

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$X509_get0_pubkey
String ID: ..\s\ssl\ssl_rsa.c
API String ID: 2083351937-2723262194
Opcode ID: ebe6d218d256f2b93a931c41f9664656afb9b2d4bbfeeb00eff9d52bac07fb99
Instruction ID: 60c65b9164f242940a9ae4667f8b75dac0eb2262a36e164aec20352495b05991
Opcode Fuzzy Hash: ebe6d218d256f2b93a931c41f9664656afb9b2d4bbfeeb00eff9d52bac07fb99
Instruction Fuzzy Hash: 9B416022B09A8782EF14DF15E4502BDB761FB88B88F440131EA4D9375AEFBEE585C704

Function 00007FFDA344605F Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3446083
EVP_PKEY_new.LIBCRYPTO-1_1 ref: 00007FFDA344608F
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA34460A9
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA34460D2

Strings

..\s\ssl\s3_lib.c, xrefs: 00007FFDA3446072, 00007FFDA34460C2, 00007FFDA3446102
b, xrefs: 00007FFDA3446109

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$Y_freeY_new
String ID: ..\s\ssl\s3_lib.c$b
API String ID: 1220942454-2522393336
Opcode ID: 8a933b611ca1d037401981aeb5c2c7ac1fed2e98a26f8ebfe6c6a97711fd6726
Instruction ID: cca360ba697a26d8287d7266862140fa5af4699529cfdf3686654f420257acd9
Opcode Fuzzy Hash: 8a933b611ca1d037401981aeb5c2c7ac1fed2e98a26f8ebfe6c6a97711fd6726
Instruction Fuzzy Hash: 8521A121F0A55682F760EBA1D5207B95293AB84790F000436DD4DABBC7DFBFE5414718

Function 00007FFDA343208B Relevance: 16.7, APIs: 11, Instructions: 178COMMON

Download Yara Rule

APIs

OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA349585A
X509_get0_pubkey.LIBCRYPTO-1_1 ref: 00007FFDA34958B1
EVP_PKEY_security_bits.LIBCRYPTO-1_1 ref: 00007FFDA34958BE
X509_get_signature_info.LIBCRYPTO-1_1 ref: 00007FFDA349592C

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_valueX509_get0_pubkeyX509_get_signature_infoY_security_bits
String ID:
API String ID: 1174944434-0
Opcode ID: 06a7ac04a5e40e1c636a0d8f1aa0c656e7530ec4d16e834c73aa5529e2827fef
Instruction ID: c5a84a4df090e7ea5cb91e16b6fa452d7e77cb6d2c8a17968155a60fd11c381c
Opcode Fuzzy Hash: 06a7ac04a5e40e1c636a0d8f1aa0c656e7530ec4d16e834c73aa5529e2827fef
Instruction Fuzzy Hash: B551FD32F1E28645F674EA2660217BA6297BF84794F144071ED8EE7B87DFBED4404B08

Function 00007FFDA3432347 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 414COMMON

Download Yara Rule

APIs

EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FFDA343D622
EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FFDA343D62A
EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA343D69E
EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA343D78B
EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA343D7DA
BIO_test_flags.LIBCRYPTO-1_1 ref: 00007FFDA343D8B3
EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FFDA343D974
EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FFDA343D97C

Strings

..\s\ssl\record\rec_layer_s3.c, xrefs: 00007FFDA343D4C2, 00007FFDA343DAE9

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: X_ctrl$R_flagsX_cipher$O_test_flags
String ID: ..\s\ssl\record\rec_layer_s3.c
API String ID: 307562122-2209325370
Opcode ID: 219cee7dc8a97dc7574e9b0d5b3704cee6b6d9f571b607d943695a0c0b2f32af
Instruction ID: f1b1d4e58cb89bdde0f5ee003c18246b070abdb88983649cad0f073e28783936
Opcode Fuzzy Hash: 219cee7dc8a97dc7574e9b0d5b3704cee6b6d9f571b607d943695a0c0b2f32af
Instruction Fuzzy Hash: 2002D831B0AB8A85EB189F25D4203B937A2FB45B88F180135DE4DA779ADFBED445C704

Function 00007FFDA343143D Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 286COMMON

Download Yara Rule

Strings

..\s\ssl\statem\extensions_srvr.c, xrefs: 00007FFDA347185A, 00007FFDA34718C3

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID:
String ID: ..\s\ssl\statem\extensions_srvr.c
API String ID: 0-1853348325
Opcode ID: d3447623406513efbdc3eeda6ab0062c0fa57edd4533750b4de533e85138f044
Instruction ID: d0541271237ec3b1594dae6a1ac63e563ff8ba70e46e664ad397e886a087f8da
Opcode Fuzzy Hash: d3447623406513efbdc3eeda6ab0062c0fa57edd4533750b4de533e85138f044
Instruction Fuzzy Hash: 68C19F61F0A64645FB249A62D5603BD2393EF44B84F054031DE4DEBB8BEFBEE5458708

Function 00007FFDA343146A Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 251COMMON

Download Yara Rule

APIs

ERR_clear_error.LIBCRYPTO-1_1 ref: 00007FFDA3476A5A
SetLastError.KERNEL32 ref: 00007FFDA3476A61
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3476B67
BUF_MEM_grow.LIBCRYPTO-1_1 ref: 00007FFDA3476BF2
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3476C39
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3476D6E
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3476DC1
BUF_MEM_free.LIBCRYPTO-1_1 ref: 00007FFDA3476DCF

Strings

..\s\ssl\statem\statem.c, xrefs: 00007FFDA3476B57, 00007FFDA3476C29, 00007FFDA3476D5E, 00007FFDA3476DB1

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$ErrorLastM_freeM_growR_clear_error
String ID: ..\s\ssl\statem\statem.c
API String ID: 2562538362-2512360314
Opcode ID: a3e023d0b073baeba4bd492517419a31f62972f068ae63838dd34882c46fe785
Instruction ID: 83b58ce8c57615d632ee5a157b3abdbc2064aacbb80c695888ba7a8b825b9bd1
Opcode Fuzzy Hash: a3e023d0b073baeba4bd492517419a31f62972f068ae63838dd34882c46fe785
Instruction Fuzzy Hash: A2B15172F0A24286F7A49F15D4643B836A3EB41B48F144435CA08A7796DFBFE884CB09

Function 00007FFDA349A760 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 172COMMON

Download Yara Rule

APIs

EVP_MD_size.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FFDA349C94F), ref: 00007FFDA349A7D1
EVP_CIPHER_flags.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FFDA349C94F), ref: 00007FFDA349A839
EVP_CipherInit_ex.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FFDA349C94F), ref: 00007FFDA349A964
EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FFDA349C94F), ref: 00007FFDA349A97B
EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FFDA349C94F), ref: 00007FFDA349A997
OPENSSL_cleanse.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FFDA349C94F), ref: 00007FFDA349AA00

Strings

key, xrefs: 00007FFDA349A8CC
..\s\ssl\tls13_enc.c, xrefs: 00007FFDA349A9DB

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: X_ctrl$CipherD_sizeInit_exL_cleanseR_flags
String ID: ..\s\ssl\tls13_enc.c$key
API String ID: 3239367310-4187096943
Opcode ID: e366a80e04ad7f05f707bfdd723eb556b5af04d9e61b6fad2fcb7e1a51eb478f
Instruction ID: 8ec0a5fd4112eb566a6f47670c638a3199245787ae43b4f90024a7e9679d84d5
Opcode Fuzzy Hash: e366a80e04ad7f05f707bfdd723eb556b5af04d9e61b6fad2fcb7e1a51eb478f
Instruction Fuzzy Hash: 0261B43270AB8586E770DB12E8607AAB7A6FB84784F040135EE8D97B56DF7DD141CB08

Function 00007FFDA3490070 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 119COMMON

Download Yara Rule

APIs

EVP_PKEY_free.LIBCRYPTO-1_1(?,?,?,00007FFDA3492392), ref: 00007FFDA349023C

Strings

..\s\ssl\statem\statem_srvr.c, xrefs: 00007FFDA34901D1, 00007FFDA349021F

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: Y_free
String ID: ..\s\ssl\statem\statem_srvr.c
API String ID: 1282063954-348624464
Opcode ID: 8e3f657c601740043fa3662c5f3b5e498c8f561f7bf86359dacada4deeb4db11
Instruction ID: 5d1d1abf62a5e0c0700f811fe6b8856120c52215c19923e9d2ca07459377c8b8
Opcode Fuzzy Hash: 8e3f657c601740043fa3662c5f3b5e498c8f561f7bf86359dacada4deeb4db11
Instruction Fuzzy Hash: FC41D32170A74185EB60DF92A425779BB92FF44B80F044130EE5DABB86CFBEE5418708

Function 00007FFDA34323B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

BIO_s_file.LIBCRYPTO-1_1 ref: 00007FFDA3460BD0
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA3460BD8
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA3460C05
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3460C9A
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA3460CA2
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA3460CAA

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FFDA3460C89

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_ctrlO_freeO_newO_s_fileR_put_errorX509_free
String ID: ..\s\ssl\ssl_rsa.c
API String ID: 785824201-2723262194
Opcode ID: 68fdddc80706359ddf8a122cfcea2bae28c583e8c2ac54a85244af1e198ddf9f
Instruction ID: 4269f1c4c65bc70c813882fdb91ab24aac952475d88777ed7cd763f68b13d7c8
Opcode Fuzzy Hash: 68fdddc80706359ddf8a122cfcea2bae28c583e8c2ac54a85244af1e198ddf9f
Instruction Fuzzy Hash: 4031F721F0E69286F7349F5294207BAAA93AF44BC4F044031ED4DABB87DFBEE5504748

Function 00007FFDA34324B4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

BIO_s_file.LIBCRYPTO-1_1 ref: 00007FFDA346049F
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA34604A7
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA34604D4
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3460571
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA3460579

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FFDA3460560

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_ctrlO_freeO_newO_s_fileR_put_error
String ID: ..\s\ssl\ssl_rsa.c
API String ID: 2618924202-2723262194
Opcode ID: 0a8cb36a2c879b170d620c47efc03db905d3e35ec53f4515d71cbbbeeb0fdf7a
Instruction ID: bb4c4dec9a990b2c1738b8f80f73f9ecd7b4785cda7ca95873478545317fee2f
Opcode Fuzzy Hash: 0a8cb36a2c879b170d620c47efc03db905d3e35ec53f4515d71cbbbeeb0fdf7a
Instruction Fuzzy Hash: DA31B561B0E74686F674DF5294202BAA752EB45BC4F044031EE4DABB87DFBEE5508708

Function 00007FFDA3431334 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 72COMMON

Download Yara Rule

APIs

BIO_puts.LIBCRYPTO-1_1 ref: 00007FFDA34674C3
BIO_printf.LIBCRYPTO-1_1 ref: 00007FFDA34674F3
BIO_puts.LIBCRYPTO-1_1 ref: 00007FFDA3467512
BIO_printf.LIBCRYPTO-1_1 ref: 00007FFDA3467540
BIO_puts.LIBCRYPTO-1_1 ref: 00007FFDA346755C

Strings

%02X, xrefs: 00007FFDA34674E9, 00007FFDA3467536
Session-ID:, xrefs: 00007FFDA34674B9
RSA , xrefs: 00007FFDA34674A5
Master-Key:, xrefs: 00007FFDA3467508

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_puts$O_printf
String ID: Master-Key:$%02X$RSA $Session-ID:
API String ID: 4098839300-1878088908
Opcode ID: e85465dfd3a6e6c90a38dc768647ac6b9d8c5a8c1a23fe951f9e373ad97b31e8
Instruction ID: 3174b20d9b12216b9d165a58d68004f0f9562623a46fe1709255e5fd9a1a6984
Opcode Fuzzy Hash: e85465dfd3a6e6c90a38dc768647ac6b9d8c5a8c1a23fe951f9e373ad97b31e8
Instruction Fuzzy Hash: E8317721B0EA4285F694AF1599743786793FF44780F585070EA0DD6BA7DFADE4718308

Function 00007FFDA3431267 Relevance: 15.3, APIs: 10, Instructions: 289COMMON

Download Yara Rule

APIs

EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FFDA3481496
EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FFDA348149E
EVP_MD_CTX_md.LIBCRYPTO-1_1 ref: 00007FFDA34814B0
EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA34814B8
EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FFDA34814D1
EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FFDA34814D9
EVP_CIPHER_CTX_block_size.LIBCRYPTO-1_1 ref: 00007FFDA34814EF
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA348156D
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA34815A8
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA34816F1

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_ctrl$R_flagsX_cipher$D_sizeX_block_sizeX_md
String ID:
API String ID: 1400698538-0
Opcode ID: e2d655eb6f4302d8af4f816aa37d17fcfe3f3e8fc88037acef2b31e56c47e0c3
Instruction ID: f844e63e7d3560d15b3a79545e35a5f0cdbec905deb339c8ed19b171fb281081
Opcode Fuzzy Hash: e2d655eb6f4302d8af4f816aa37d17fcfe3f3e8fc88037acef2b31e56c47e0c3
Instruction Fuzzy Hash: C4D1C423B0A7D586EB518F2680603BD37A2EB55B84F088536DE8DA7387DE7DD084C355

Function 00007FFDA343127B Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA343480F
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA343483F
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA34348DA
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA34348E2

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_new
String ID:
API String ID: 4227620691-0
Opcode ID: 569b6062c0f20e162d5319ae94aa93e2d036ec8f877403341560926360eaf532
Instruction ID: bbba78c9e8c5d2c5ccb92331eefe59d7aee15da28bf7e6d3517833fa2392bfbb
Opcode Fuzzy Hash: 569b6062c0f20e162d5319ae94aa93e2d036ec8f877403341560926360eaf532
Instruction Fuzzy Hash: 28215E04F0F78645FD6CA75255722B91692AF46BC4F040034EE4EEBB8BEEAEE4414708

Function 00007FFDA3452810 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 127COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345284E

Strings

, value=, xrefs: 00007FFDA3452982
cmd=, xrefs: 00007FFDA3452989, 00007FFDA34529D8
..\s\ssl\ssl_conf.c, xrefs: 00007FFDA3452840, 00007FFDA3452968, 00007FFDA34529BE

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error
String ID: , value=$..\s\ssl\ssl_conf.c$cmd=
API String ID: 1767461275-2539137415
Opcode ID: 6f5fa976fdc21c662024ae26816687f03e4be8bcdd26a407f4cb266dff922d12
Instruction ID: 6cc05696201a14a6dc5e48079f089238cb6d5caccbc7285d26cc1821f6baecad
Opcode Fuzzy Hash: 6f5fa976fdc21c662024ae26816687f03e4be8bcdd26a407f4cb266dff922d12
Instruction Fuzzy Hash: 5D51A572F0A60282FB548B15F4603A963A2FB84744F444136DB5C977DADFBED9948B08

Function 00007FFDA34605F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3460629
EVP_PKEY_new.LIBCRYPTO-1_1 ref: 00007FFDA3460640
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3460668

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FFDA346060E, 00007FFDA346064D

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$Y_new
String ID: ..\s\ssl\ssl_rsa.c
API String ID: 2632022502-2723262194
Opcode ID: 3fa2f0e6f69a6a838d94406baac50519cd885df6768811c83b1c210ad9617fea
Instruction ID: d8dfa8662087873c86c4883887a98ba926064ffd3ea84bfc1abf3f9a0b6f6ae3
Opcode Fuzzy Hash: 3fa2f0e6f69a6a838d94406baac50519cd885df6768811c83b1c210ad9617fea
Instruction Fuzzy Hash: 6821A721B0D64186E710EB66A5212F9A3A2EF857C4F480030EB4C97B97DF6ED5918708

Function 00007FFDA343128A Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

BIO_next.LIBCRYPTO-1_1 ref: 00007FFDA345B146
BIO_method_type.LIBCRYPTO-1_1 ref: 00007FFDA345B15C
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA345B175
BIO_up_ref.LIBCRYPTO-1_1 ref: 00007FFDA345B181
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA345B190
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345B1B8
BIO_free_all.LIBCRYPTO-1_1 ref: 00007FFDA345B1EA

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345B19D

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_ctrlO_free_allO_method_typeO_newO_nextO_up_refR_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 3681941280-1080266419
Opcode ID: 13eb3f40a408d3379ae34058fc5715a900e46340c6b22161b81b81d3a9d6b653
Instruction ID: 45c03c2045c0556fbf7154498b8a2b3d4785c81261f5938029f455560c3af471
Opcode Fuzzy Hash: 13eb3f40a408d3379ae34058fc5715a900e46340c6b22161b81b81d3a9d6b653
Instruction Fuzzy Hash: EE21D622F0A65283EBA0DB11E4615BE6351EF847C4F180431EA4EE7787DEAEE8418B44

Function 00007FFDA345C500 Relevance: 13.6, APIs: 9, Instructions: 77COMMON

Download Yara Rule

APIs

d2i_OCSP_RESPONSE.LIBCRYPTO-1_1 ref: 00007FFDA345C557
OCSP_response_get1_basic.LIBCRYPTO-1_1 ref: 00007FFDA345C567
OCSP_resp_count.LIBCRYPTO-1_1 ref: 00007FFDA345C57E
OCSP_resp_get0.LIBCRYPTO-1_1 ref: 00007FFDA345C595
OCSP_SINGLERESP_get1_ext_d2i.LIBCRYPTO-1_1 ref: 00007FFDA345C5AD

Part of subcall function 00007FFDA345C790: OPENSSL_sk_new_null.LIBCRYPTO-1_1(?,00007FFDA34582EC), ref: 00007FFDA345C7C3
Part of subcall function 00007FFDA345C790: ERR_put_error.LIBCRYPTO-1_1(?,00007FFDA34582EC), ref: 00007FFDA345C7EB

OCSP_resp_count.LIBCRYPTO-1_1 ref: 00007FFDA345C5D5
SCT_LIST_free.LIBCRYPTO-1_1 ref: 00007FFDA345C5E6
OCSP_BASICRESP_free.LIBCRYPTO-1_1 ref: 00007FFDA345C5EE
OCSP_RESPONSE_free.LIBCRYPTO-1_1 ref: 00007FFDA345C5F6

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: P_resp_count$E_freeL_sk_new_nullP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicR_put_errorT_freed2i_
String ID:
API String ID: 4245524859-0
Opcode ID: 741c6e6be6a0707780ebfb8c2d7050555c9a934290be2e2d2d38b17e810f51c1
Instruction ID: 56dfb8ea1470598069e9d66801c6789272fd22fd8151172cae399e8840182dae
Opcode Fuzzy Hash: 741c6e6be6a0707780ebfb8c2d7050555c9a934290be2e2d2d38b17e810f51c1
Instruction Fuzzy Hash: 2B21C411F0F76242ED64AAA6646137916D2AF88BC0F840035EE0DD7793EEFEEC418348

Function 00007FFDA34342BD Relevance: 13.6, APIs: 9, Instructions: 55COMMON

Download Yara Rule

APIs

BIO_clear_flags.LIBCRYPTO-1_1 ref: 00007FFDA34342C5
BIO_set_retry_reason.LIBCRYPTO-1_1 ref: 00007FFDA34342CF
BIO_set_flags.LIBCRYPTO-1_1 ref: 00007FFDA3434306
BIO_get_retry_reason.LIBCRYPTO-1_1 ref: 00007FFDA343430E
BIO_set_retry_reason.LIBCRYPTO-1_1 ref: 00007FFDA3434318
BIO_set_flags.LIBCRYPTO-1_1 ref: 00007FFDA343432A
BIO_set_retry_reason.LIBCRYPTO-1_1 ref: 00007FFDA3434337
BIO_set_flags.LIBCRYPTO-1_1 ref: 00007FFDA3434346
BIO_set_flags.LIBCRYPTO-1_1 ref: 00007FFDA3434355

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_set_flags$O_set_retry_reason$O_clear_flagsO_get_retry_reason
String ID:
API String ID: 3610643084-0
Opcode ID: 7c2e9297198fbe8bbaa2a4c3eec53a66c110abc671760b54cd415acdbed01445
Instruction ID: 8974ebfa96599f866a5d6aece8878bb5b77b8e75735f47647a357c273e7e2631
Opcode Fuzzy Hash: 7c2e9297198fbe8bbaa2a4c3eec53a66c110abc671760b54cd415acdbed01445
Instruction Fuzzy Hash: B2113C11F0E11642F628B27690332BD12838F86B80F544435E909EBB8BDEAFE543420E

Function 00007FFDA3496140 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 260COMMON

Download Yara Rule

APIs

EVP_PKEY_id.LIBCRYPTO-1_1 ref: 00007FFDA3496162

Strings

..\s\ssl\t1_lib.c, xrefs: 00007FFDA34961B8, 00007FFDA34964FC

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: Y_id
String ID: ..\s\ssl\t1_lib.c
API String ID: 239174422-1643863364
Opcode ID: c0dd915cbf48b28733fe5b9d9ac6ada7c5cf0a8300dd814d9dde8c03441deb39
Instruction ID: a0b48b1cf34d5e917bbfbb7972f52126e8f71c9015f52a942a0beaf386da43e0
Opcode Fuzzy Hash: c0dd915cbf48b28733fe5b9d9ac6ada7c5cf0a8300dd814d9dde8c03441deb39
Instruction Fuzzy Hash: E8B1E631B0E24282FBA49B15D06467D2692EB447A8F144035DE6DEB7D7CEBEE981C70C

Function 00007FFDA3431672 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

BIO_s_file.LIBCRYPTO-1_1 ref: 00007FFDA346181F
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA3461827
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA3461854
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA34618F1
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA34618F9

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FFDA34618E0

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_ctrlO_freeO_newO_s_fileR_put_error
String ID: ..\s\ssl\ssl_rsa.c
API String ID: 2618924202-2723262194
Opcode ID: 1789b7f0d02e542ab6b32618a4feb67c2845470d050f9019444c39f0ae2351e7
Instruction ID: 34295bc1592027147437aafdd3762019a12b2cc22db1be2af39af0fc2e24df22
Opcode Fuzzy Hash: 1789b7f0d02e542ab6b32618a4feb67c2845470d050f9019444c39f0ae2351e7
Instruction Fuzzy Hash: BF31C721B0E78282F6349F5294602BE6253FB457C4F044035EE8DABB87DFBEE5518748

Function 00007FFDA345E6D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

EVP_MD_CTX_md.LIBCRYPTO-1_1 ref: 00007FFDA345E714
EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA345E71C
EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA345E72F
EVP_MD_CTX_copy_ex.LIBCRYPTO-1_1 ref: 00007FFDA345E74C
EVP_DigestFinal_ex.LIBCRYPTO-1_1 ref: 00007FFDA345E75E
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA345E7AA

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345E789

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: D_sizeDigestFinal_exX_copy_exX_freeX_mdX_new
String ID: ..\s\ssl\ssl_lib.c
API String ID: 2082763299-1080266419
Opcode ID: 6fafbb813f3c90a8b0ecf3d9fb55de0c2d6812930547c3e67c08dcc7d4d451ba
Instruction ID: 5dcc8f664f1d6ec6b548d21672af2fa445139b44d8804ed34026e1097ee03e98
Opcode Fuzzy Hash: 6fafbb813f3c90a8b0ecf3d9fb55de0c2d6812930547c3e67c08dcc7d4d451ba
Instruction Fuzzy Hash: 4C21F535F0E35241F620EB56B8616BAB693BB84BC4F144030EE4D97797DEBED4818708

Function 00007FFDA3432095 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ERR_clear_error.LIBCRYPTO-1_1 ref: 00007FFDA3462F33
BIO_s_file.LIBCRYPTO-1_1 ref: 00007FFDA3462F5B
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA3462F63
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3462F8B
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA3463100
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA3463108

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FFDA3462F70

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_freeO_newO_s_fileR_clear_errorR_put_errorX509_free
String ID: ..\s\ssl\ssl_rsa.c
API String ID: 1025733963-2723262194
Opcode ID: 6aa9955067a2bf2b897889b9280fb51e01d0811f73bfa31f6dda62bb50fb6415
Instruction ID: 18187c6bca214b3d8c1d4791d6a0eb3374a418358aaeadf9f73667f57757ff75
Opcode Fuzzy Hash: 6aa9955067a2bf2b897889b9280fb51e01d0811f73bfa31f6dda62bb50fb6415
Instruction Fuzzy Hash: 1411E922B0E782D5F614EF52A42126AA652BF44B84F044031FE4CE7747CF7DE4518708

Function 00007FFDA345E850 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

BIO_f_buffer.LIBCRYPTO-1_1 ref: 00007FFDA345E879
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA345E881
BIO_int_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA345E89C
BIO_push.LIBCRYPTO-1_1 ref: 00007FFDA345E8B0

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345E8DE

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_f_bufferO_int_ctrlO_newO_push
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1655923927-1080266419
Opcode ID: ab03b8435c53bbb2385763fffbc927048ad75653c08c6005caab1ccea8af9f44
Instruction ID: 1552d001234dd348654e190c52075d608afc75bd78eb10e33e02d730c48a87a9
Opcode Fuzzy Hash: ab03b8435c53bbb2385763fffbc927048ad75653c08c6005caab1ccea8af9f44
Instruction Fuzzy Hash: 3C118621F0A64282EB509B56F5217A963A1AF45780F440530EB0D9BB97EF7FE5918704

Function 00007FFDA34970E7 Relevance: 12.2, APIs: 8, Instructions: 191COMMON

Download Yara Rule

APIs

OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA34971F1
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA3497205
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA3497221
EVP_PKEY_id.LIBCRYPTO-1_1 ref: 00007FFDA349735D
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA34973F3

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_num$L_sk_valueY_id
String ID:
API String ID: 483135270-0
Opcode ID: e146751ec1b6ab12bb7c2c7c8349d56fe264cd30052a34a0a6e488871a7bc426
Instruction ID: 1adeefc799b2a62ae5cf2a11445c1e4ef399c3315f2b1b221568d55c279dddb3
Opcode Fuzzy Hash: e146751ec1b6ab12bb7c2c7c8349d56fe264cd30052a34a0a6e488871a7bc426
Instruction Fuzzy Hash: 5A619221B0E64385FA64962294712B92E93BF85B84F145432DE4EF73C3DEAFE481970D

Function 00007FFDA34315A0 Relevance: 12.1, APIs: 8, Instructions: 115COMMON

Download Yara Rule

APIs

OBJ_nid2sn.LIBCRYPTO-1_1 ref: 00007FFDA344F4FA
EVP_get_digestbyname.LIBCRYPTO-1_1 ref: 00007FFDA344F502
EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA344F513
OBJ_nid2sn.LIBCRYPTO-1_1 ref: 00007FFDA344F551
EVP_get_cipherbyname.LIBCRYPTO-1_1 ref: 00007FFDA344F559
EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FFDA344F569
EVP_CIPHER_iv_length.LIBCRYPTO-1_1 ref: 00007FFDA344F57E
EVP_CIPHER_block_size.LIBCRYPTO-1_1 ref: 00007FFDA344F589

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: J_nid2sn$D_sizeP_get_cipherbynameP_get_digestbynameR_block_sizeR_flagsR_iv_length
String ID:
API String ID: 4211416117-0
Opcode ID: aa788c77f345a098ac4b36ea34b8179a2edc08a92ca35d2f033f8f02c159b9de
Instruction ID: 31b979d1ce2ea6f2bf84f460fe7af9fb025e1f231abbcbcd16cfcb7c0d7d823e
Opcode Fuzzy Hash: aa788c77f345a098ac4b36ea34b8179a2edc08a92ca35d2f033f8f02c159b9de
Instruction Fuzzy Hash: 6D41C531F1F61287FA649A15A4746796292AF58B90F144532EE4DE37C3CEBEF8428348

Function 00007FFDA345D550 Relevance: 12.1, APIs: 8, Instructions: 68COMMON

Download Yara Rule

APIs

OPENSSL_sk_new_null.LIBCRYPTO-1_1(?,00007FFDA34576CF), ref: 00007FFDA345D592
OPENSSL_sk_num.LIBCRYPTO-1_1(?,00007FFDA34576CF), ref: 00007FFDA345D5A9
OPENSSL_sk_value.LIBCRYPTO-1_1(?,00007FFDA34576CF), ref: 00007FFDA345D5B7
X509_NAME_dup.LIBCRYPTO-1_1(?,00007FFDA34576CF), ref: 00007FFDA345D5BF
OPENSSL_sk_num.LIBCRYPTO-1_1(?,00007FFDA34576CF), ref: 00007FFDA345D5E3

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_num$E_dupL_sk_new_nullL_sk_valueX509_
String ID:
API String ID: 3273602126-0
Opcode ID: b4deca53353f4515e3d79b8aab1b87a01d090af3fd3c3820473ef2d78fc71af8
Instruction ID: ad1f0f0a73d3d9c35ec1a0782c6ba9935a29951fcc9afd6bf2b352376d6d9571
Opcode Fuzzy Hash: b4deca53353f4515e3d79b8aab1b87a01d090af3fd3c3820473ef2d78fc71af8
Instruction Fuzzy Hash: 7621C821F0EB4285FA64EB2654611796292AF85BC4F040031FE4EE7B87DEAFE4818708

Function 00007FFDA343214E Relevance: 12.1, APIs: 8, Instructions: 54COMMON

Download Yara Rule

APIs

BIO_s_connect.LIBCRYPTO-1_1 ref: 00007FFDA3434A26
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA3434A2E
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA3434A52
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA3434A72
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA3434AAA
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA3434AB2

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_free$O_new$O_s_connect
String ID:
API String ID: 3895418919-0
Opcode ID: 6433569600e4c61825558ea52e62ecc1ab3bf90f244ac560bbb42568f2472a62
Instruction ID: 50c7d30af2b8ede6094a53f1efc8e1e6abcee70d039bc5eb819cf14460aff920
Opcode Fuzzy Hash: 6433569600e4c61825558ea52e62ecc1ab3bf90f244ac560bbb42568f2472a62
Instruction Fuzzy Hash: C0114C00F0F75641F998B75264732B916829F85BC4F080430E91EABB8BEEAEE451430C

Function 00007FFDA343209A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 213COMMON

Download Yara Rule

Strings

..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FFDA346E2E2, 00007FFDA346E442, 00007FFDA346E50E, 00007FFDA346E58F, 00007FFDA346E5B7, 00007FFDA346E5E7

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID:
String ID: ..\s\ssl\statem\extensions_clnt.c
API String ID: 0-592572767
Opcode ID: c927fe1bdb2ea0dc208643f5703eafe151e19c715c7a42174d702599c544fa67
Instruction ID: ccb54893b16be13a6bc7796f538b7798f3e3b464dab26e58e028f597dfaa8f6c
Opcode Fuzzy Hash: c927fe1bdb2ea0dc208643f5703eafe151e19c715c7a42174d702599c544fa67
Instruction Fuzzy Hash: 2791B672B1A75186E7648F11E5202B977D2FB80BC0F484131EA8D97B96DFBDE191CB04

Function 00007FFDA3431082 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 182COMMON

Download Yara Rule

Strings

..\s\ssl\statem\statem_clnt.c, xrefs: 00007FFDA347CD30, 00007FFDA347CEF6, 00007FFDA347CF71

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID:
String ID: ..\s\ssl\statem\statem_clnt.c
API String ID: 0-1507966698
Opcode ID: 8beb55ac1aef9f552cc5c5eee86720c7a55d898619dd2faa17e34071f6398088
Instruction ID: 4eb499c753a40b4bc4da953e5b7f8d3ce2c34077506b842ae1eaef80b03236fa
Opcode Fuzzy Hash: 8beb55ac1aef9f552cc5c5eee86720c7a55d898619dd2faa17e34071f6398088
Instruction Fuzzy Hash: 49719672B0D74181EB50DF56E4502AEA3A2EB84BD4F044131DE4D9779ADFBEE881CB08

Function 00007FFDA3480BB0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 168COMMON

Download Yara Rule

APIs

BN_bin2bn.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA347E140), ref: 00007FFDA3480D3C
BN_bin2bn.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA347E140), ref: 00007FFDA3480D59
BN_bin2bn.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA347E140), ref: 00007FFDA3480D76
BN_bin2bn.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA347E140), ref: 00007FFDA3480D8F
X509_get0_pubkey.LIBCRYPTO-1_1(?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FFDA347E140), ref: 00007FFDA3480DCE

Strings

..\s\ssl\statem\statem_clnt.c, xrefs: 00007FFDA3480BBA, 00007FFDA3480E06, 00007FFDA3480E35

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: N_bin2bn$X509_get0_pubkey
String ID: ..\s\ssl\statem\statem_clnt.c
API String ID: 3650846462-1507966698
Opcode ID: fe50a2ecc3c8e04a7c1f821741a42b66c01268c629289436dbea9068b983fa2b
Instruction ID: 3ce007b0479c0083a3cc0111c94a291e49a0e70247a9aa75f0d32c1a678c32fa
Opcode Fuzzy Hash: fe50a2ecc3c8e04a7c1f821741a42b66c01268c629289436dbea9068b983fa2b
Instruction Fuzzy Hash: 1361D522B3AB8142E7918B25A8145BEB791FF85784F049130FECD67756EF7DE1908B04

Function 00007FFDA3431087 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

OPENSSL_sk_new.LIBCRYPTO-1_1 ref: 00007FFDA348498C
OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 00007FFDA3484A7C
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA3484A9F
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA3484B4F
X509_NAME_free.LIBCRYPTO-1_1 ref: 00007FFDA3484B57

Strings

..\s\ssl\statem\statem_lib.c, xrefs: 00007FFDA34849A3, 00007FFDA3484AE9, 00007FFDA3484B26

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_pop_free$E_freeL_sk_newL_sk_pushX509_
String ID: ..\s\ssl\statem\statem_lib.c
API String ID: 3595667005-2839845709
Opcode ID: 65b43fd9f55fca63a07499a22a29012c049ef829442079be65c1fb5db74c0ef2
Instruction ID: fff9c855f2895ab828e397b3ba74d153894e4aa1b4443153ba9cadd930ee0c92
Opcode Fuzzy Hash: 65b43fd9f55fca63a07499a22a29012c049ef829442079be65c1fb5db74c0ef2
Instruction Fuzzy Hash: A4510771B0E68182EB209B65E4663B96692FB84784F448135EE8DA7B87DFBDD140C708

Function 00007FFDA345F5F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA345F65C
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA345F673
CT_POLICY_EVAL_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA345F69F
CT_POLICY_EVAL_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA345F6D8
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA345F6EE

Part of subcall function 00007FFDA3431C0D: SCT_LIST_free.LIBCRYPTO-1_1 ref: 00007FFDA34581B3
Part of subcall function 00007FFDA3431C0D: d2i_OCSP_RESPONSE.LIBCRYPTO-1_1 ref: 00007FFDA3458208
Part of subcall function 00007FFDA3431C0D: OCSP_response_get1_basic.LIBCRYPTO-1_1 ref: 00007FFDA3458218
Part of subcall function 00007FFDA3431C0D: OCSP_resp_count.LIBCRYPTO-1_1 ref: 00007FFDA345822A
Part of subcall function 00007FFDA3431C0D: OCSP_resp_get0.LIBCRYPTO-1_1 ref: 00007FFDA3458238
Part of subcall function 00007FFDA3431C0D: OCSP_SINGLERESP_get1_ext_d2i.LIBCRYPTO-1_1 ref: 00007FFDA3458250
Part of subcall function 00007FFDA3431C0D: OCSP_resp_count.LIBCRYPTO-1_1 ref: 00007FFDA3458278
Part of subcall function 00007FFDA3431C0D: SCT_LIST_free.LIBCRYPTO-1_1 ref: 00007FFDA3458284
Part of subcall function 00007FFDA3431C0D: OCSP_BASICRESP_free.LIBCRYPTO-1_1 ref: 00007FFDA345828C
Part of subcall function 00007FFDA3431C0D: OCSP_RESPONSE_free.LIBCRYPTO-1_1 ref: 00007FFDA3458294

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345F6BB

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_numP_resp_countT_free$E_freeL_sk_valueP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicX_freeX_newd2i_
String ID: ..\s\ssl\ssl_lib.c
API String ID: 382793502-1080266419
Opcode ID: 4a8da2e031a4b4fb6d40b0e9788500d950f4d2d5ada47d43d296033219d23ec1
Instruction ID: fb7777cfe9d90daaeab54794d555f8cb538eec0f369649e530d5e80d3fb6957f
Opcode Fuzzy Hash: 4a8da2e031a4b4fb6d40b0e9788500d950f4d2d5ada47d43d296033219d23ec1
Instruction Fuzzy Hash: A141FA21F0B742C5FA64AA1195702BD6392EF45B84F484036DE0DE77A3DEBEE8428709

Function 00007FFDA34902E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

EVP_PKEY_free.LIBCRYPTO-1_1(?,?,?,00007FFDA34923A8), ref: 00007FFDA3490467

Strings

..\s\ssl\statem\statem_srvr.c, xrefs: 00007FFDA3490323, 00007FFDA3490443

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: Y_free
String ID: ..\s\ssl\statem\statem_srvr.c
API String ID: 1282063954-348624464
Opcode ID: 32a2037f69fb0e8ea2d16fc68d07f4a021f43c55029d368323f1534c015843c1
Instruction ID: b181a724718f52ea106c3baac252fa1424a901060b4e95925133f1302be7aac1
Opcode Fuzzy Hash: 32a2037f69fb0e8ea2d16fc68d07f4a021f43c55029d368323f1534c015843c1
Instruction Fuzzy Hash: AF41B07270A74182E7209F41E4606BDBBA2FB44BC4F444130DE4CABB92DFBDE6958708

Function 00007FFDA3495420 Relevance: 10.6, APIs: 7, Instructions: 97COMMON

Download Yara Rule

APIs

EVP_PKEY_security_bits.LIBCRYPTO-1_1 ref: 00007FFDA3495480
DH_new.LIBCRYPTO-1_1 ref: 00007FFDA3495487
DH_set0_pqg.LIBCRYPTO-1_1 ref: 00007FFDA3495537
DH_free.LIBCRYPTO-1_1 ref: 00007FFDA3495548
BN_free.LIBCRYPTO-1_1 ref: 00007FFDA3495550
DH_free.LIBCRYPTO-1_1 ref: 00007FFDA349555A
BN_free.LIBCRYPTO-1_1 ref: 00007FFDA3495562

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: H_freeN_free$H_newH_set0_pqgY_security_bits
String ID:
API String ID: 3535209601-0
Opcode ID: 82d4d84c1f2dfdddcedad446bcd47900afc2325e3b559e45cb9db292ef8495da
Instruction ID: 32cdae489d28fa9eaa0ba6e7399a4c9410204915ca3f4464ed30e4e080155446
Opcode Fuzzy Hash: 82d4d84c1f2dfdddcedad446bcd47900afc2325e3b559e45cb9db292ef8495da
Instruction Fuzzy Hash: F531D310B0F64285FEE4A666907537D1293AF44B94F280071EE4DE77D7DEAFE4828709

Function 00007FFDA34315D2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA348418B
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA3484199
i2d_X509_NAME.LIBCRYPTO-1_1 ref: 00007FFDA34841DD
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA34841EB

Strings

..\s\ssl\statem\statem_lib.c, xrefs: 00007FFDA3484148, 00007FFDA348420D
2, xrefs: 00007FFDA348422F

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_num$L_sk_valueX509_i2d_
String ID: ..\s\ssl\statem\statem_lib.c$2
API String ID: 3754435392-3488551833
Opcode ID: c50b85bc3bcbec496a441513fc36b76c6478cab3b6888f1826de5002a44e3c7a
Instruction ID: 3bcc55380685e5e681d4aa34f4228cc8ecda25d8800981d34ae0b06e3af04fd5
Opcode Fuzzy Hash: c50b85bc3bcbec496a441513fc36b76c6478cab3b6888f1826de5002a44e3c7a
Instruction Fuzzy Hash: 9931B831B0E75246FA209B62B46617A6796AF447D0F440430ED4CE7B9BDFBEE5418708

Function 00007FFDA3444420 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON

Download Yara Rule

APIs

BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA3444464
EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FFDA34444AF
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA344457B

Strings

..\s\ssl\s3_enc.c, xrefs: 00007FFDA344447E, 00007FFDA34444E3

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_ctrlO_freeX_new
String ID: ..\s\ssl\s3_enc.c
API String ID: 22238829-1839494539
Opcode ID: 4cf59fbcf39c19b4635e50e9352caef68878f1dbfee15a521ec02f95a7f032fb
Instruction ID: 41e17cb3529ed0b1c521679796a8a161fd1685f4e0a2c810420a18a22f1cba6c
Opcode Fuzzy Hash: 4cf59fbcf39c19b4635e50e9352caef68878f1dbfee15a521ec02f95a7f032fb
Instruction Fuzzy Hash: FE41C632B0AA8185EB90DF15E4613AE63A1FB84BC4F184431DF4DAB796DFBED5818704

Function 00007FFDA344C470 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA344C4CF
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA344C4E5
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA344C50A
OPENSSL_sk_pop_free.LIBCRYPTO-1_1 ref: 00007FFDA344C51E
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344C560

Strings

..\s\ssl\ssl_cert.c, xrefs: 00007FFDA344C544

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_num$L_sk_pop_freeL_sk_valueR_put_error
String ID: ..\s\ssl\ssl_cert.c
API String ID: 732311666-349359282
Opcode ID: ab10a35f01cc659bf1d8b89c5a6f0d2dffd631ccd2e4279cb355084bd3584024
Instruction ID: ff325036107d2a325c152baa0ab0e2bceaa11a13070a376f89069963116752f1
Opcode Fuzzy Hash: ab10a35f01cc659bf1d8b89c5a6f0d2dffd631ccd2e4279cb355084bd3584024
Instruction Fuzzy Hash: 7521C721B0D68186EB509B26A5612B9A792EF847D0F080431EE4DD7B57DFBDD4818708

Function 00007FFDA345E3B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA345E3EB
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA345E3FF

Part of subcall function 00007FFDA345CB80: OPENSSL_sk_pop_free.LIBCRYPTO-1_1(?,00007FFDA345748D), ref: 00007FFDA345CBA1
Part of subcall function 00007FFDA345CB80: OPENSSL_sk_pop_free.LIBCRYPTO-1_1(?,00007FFDA345748D), ref: 00007FFDA345CBB7
Part of subcall function 00007FFDA345CB80: X509_free.LIBCRYPTO-1_1(?,00007FFDA345748D), ref: 00007FFDA345CBC4

OPENSSL_sk_new_reserve.LIBCRYPTO-1_1 ref: 00007FFDA345E436
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345E462
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA345E47A

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345E447

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_numL_sk_pop_free$L_sk_new_reserveL_sk_valueR_put_errorX509_free
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1042751175-1080266419
Opcode ID: c8709bc90463c25e43f5416343c086df3d95b911cc0f9f76808430255535cb40
Instruction ID: 71637e3437135f52d70458cc9f053f7cde6a4cdc0712f4cd31ca18664f010040
Opcode Fuzzy Hash: c8709bc90463c25e43f5416343c086df3d95b911cc0f9f76808430255535cb40
Instruction Fuzzy Hash: 4D318232B09B8282D714DB21D4603AAB766EB85784F048535EE8DE3797DFBDD980C704

Function 00007FFDA345C790 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

OPENSSL_sk_new_null.LIBCRYPTO-1_1(?,00007FFDA34582EC), ref: 00007FFDA345C7C3
ERR_put_error.LIBCRYPTO-1_1(?,00007FFDA34582EC), ref: 00007FFDA345C7EB
OPENSSL_sk_push.LIBCRYPTO-1_1(?,00007FFDA34582EC), ref: 00007FFDA345C81A
OPENSSL_sk_pop.LIBCRYPTO-1_1(?,00007FFDA34582EC), ref: 00007FFDA345C828
OPENSSL_sk_push.LIBCRYPTO-1_1(?,00007FFDA34582EC), ref: 00007FFDA345C85D

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345C7D0

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_push$L_sk_new_nullL_sk_popR_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1161573302-1080266419
Opcode ID: bda7fbef5f85bf2da651fee9b55fbaaa1bdd381d02e10f8cf18bd424cfbb4574
Instruction ID: cce121315a7b4474776cc6cd7a15481cde90f2bea7e4d6d3d40afa6f5399e2ad
Opcode Fuzzy Hash: bda7fbef5f85bf2da651fee9b55fbaaa1bdd381d02e10f8cf18bd424cfbb4574
Instruction Fuzzy Hash: CA219231F0E75281EA64DB12946017963A6AF84B84F044034EF4CE7B87EFBEEC518708

Function 00007FFDA34315C3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA345AB86
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA345AB95
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA345ABAE

Strings

., xrefs: 00007FFDA345ABD5
..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345ABDD

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_num$L_sk_value
String ID: .$..\s\ssl\ssl_lib.c
API String ID: 1603723057-3129112277
Opcode ID: b72c28661eed6e8c4b2e4fa7bc11301fefc2f41408c8ec5aef2a7f084d48a451
Instruction ID: 7e8c55588d8314a5452f0d17619ac634f40320ec668da1d34ac4288ac67c4efc
Opcode Fuzzy Hash: b72c28661eed6e8c4b2e4fa7bc11301fefc2f41408c8ec5aef2a7f084d48a451
Instruction Fuzzy Hash: 6021D132B1A75182E750DB19E4612ED73A2EB88B88F540035EF4D93797DF7ED9828708

Function 00007FFDA34315E1 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

d2i_X509.LIBCRYPTO-1_1 ref: 00007FFDA3461E12
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3461E3A
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3461E85
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA3461EA2

Strings

$, xrefs: 00007FFDA3461E70
..\s\ssl\ssl_rsa.c, xrefs: 00007FFDA3461E1F, 00007FFDA3461E69

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$X509X509_freed2i_
String ID: $$..\s\ssl\ssl_rsa.c
API String ID: 954790205-1365392022
Opcode ID: 8123ee464354afcc639de9f72456eb075dd14d3bf39af6b8b4cd5c163378acc6
Instruction ID: baa46058968cc376d345277f51f2314378cba5b2574ce52c6cd972d438865278
Opcode Fuzzy Hash: 8123ee464354afcc639de9f72456eb075dd14d3bf39af6b8b4cd5c163378acc6
Instruction Fuzzy Hash: 6D11C821B0D68246EB64DF25E4202BE6393FB84384F444434EA4DD7B97DFBEE5508708

Function 00007FFDA3495620 Relevance: 9.1, APIs: 6, Instructions: 110COMMON

Download Yara Rule

APIs

X509_get0_pubkey.LIBCRYPTO-1_1 ref: 00007FFDA3495672
EVP_PKEY_security_bits.LIBCRYPTO-1_1 ref: 00007FFDA349567F
X509_get0_pubkey.LIBCRYPTO-1_1 ref: 00007FFDA34956BF
EVP_PKEY_security_bits.LIBCRYPTO-1_1 ref: 00007FFDA34956CC
X509_get_extension_flags.LIBCRYPTO-1_1 ref: 00007FFDA349570F
X509_get_signature_info.LIBCRYPTO-1_1 ref: 00007FFDA349573F

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: X509_get0_pubkeyY_security_bits$X509_get_extension_flagsX509_get_signature_info
String ID:
API String ID: 3342971904-0
Opcode ID: 08c03ed49113836e02b49540d5dc46bd2e33150568e8b52750016b53a8b39fe6
Instruction ID: ba319c39e35583ae0e1ff539ca858495093081768026f4b8621199474015f989
Opcode Fuzzy Hash: 08c03ed49113836e02b49540d5dc46bd2e33150568e8b52750016b53a8b39fe6
Instruction Fuzzy Hash: A1412B21F0E28282FB74EA5674217B96282BF84784F544071ED4DE7B87DFBEE8014B08

Function 00007FFDA3431519 Relevance: 9.1, APIs: 6, Instructions: 106COMMON

Download Yara Rule

APIs

OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA34591A6
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA34591B6
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA34591D2
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA34591E5
OPENSSL_sk_find.LIBCRYPTO-1_1 ref: 00007FFDA34591F3
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA345925B

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_num$L_sk_findL_sk_value
String ID:
API String ID: 1561070308-0
Opcode ID: b0c26986137e19823e1672b279a128acca08b0c3bc2b92852cfdc3ce144995f4
Instruction ID: e03f856738b05d89b7f5405919465df0cf97a94d6c94f44fd4922f430d60803c
Opcode Fuzzy Hash: b0c26986137e19823e1672b279a128acca08b0c3bc2b92852cfdc3ce144995f4
Instruction Fuzzy Hash: 5741E821F0E78285FBA49A65542137977D2AB45BC0F084835EE4DE7787DEBED881C308

Function 00007FFDA3458398 Relevance: 9.1, APIs: 6, Instructions: 86COMMON

Download Yara Rule

APIs

OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA3458454
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA3458465
OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 00007FFDA345848A
OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 00007FFDA345849D
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA34584AB

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_num$L_sk_new_nullL_sk_pushL_sk_value
String ID:
API String ID: 542606518-0
Opcode ID: 45e2f6b10577ecd7920a06ad24a4fc6e3860420013ab6b207b4ccb3cd9d89438
Instruction ID: 3b59a2988de5836aebc8af806496914ee04607da809a8974f4dba057b2ebe3cc
Opcode Fuzzy Hash: 45e2f6b10577ecd7920a06ad24a4fc6e3860420013ab6b207b4ccb3cd9d89438
Instruction Fuzzy Hash: EE21E721F0F75281FA64AB12546127962969F95FC1F080031DE4DF7B97EFAFE8824708

Function 00007FFDA3431677 Relevance: 9.1, APIs: 6, Instructions: 63COMMON

Download Yara Rule

APIs

BIO_next.LIBCRYPTO-1_1 ref: 00007FFDA345A9D0
BIO_up_ref.LIBCRYPTO-1_1 ref: 00007FFDA345A9ED
BIO_next.LIBCRYPTO-1_1 ref: 00007FFDA345AA01
BIO_next.LIBCRYPTO-1_1 ref: 00007FFDA345AA1A
BIO_free_all.LIBCRYPTO-1_1 ref: 00007FFDA345AA2E
BIO_free_all.LIBCRYPTO-1_1 ref: 00007FFDA345AA4B

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_next$O_free_all$O_up_ref
String ID:
API String ID: 1216991848-0
Opcode ID: 74667a3e871d2ac80a38afecdc9d9d0b5730101d0e0a977703ff73bd62255f4f
Instruction ID: 3a16dd9354cd1ffc377471c684b52c87f43344f6d7fab8449b1f9b1a1436e0fc
Opcode Fuzzy Hash: 74667a3e871d2ac80a38afecdc9d9d0b5730101d0e0a977703ff73bd62255f4f
Instruction Fuzzy Hash: 55217411F0B75181EE66AB15D16113C5392EF44BC4B050431EE4DA7B8BDFADEC918708

Function 00007FFDA345C430 Relevance: 9.0, APIs: 6, Instructions: 33COMMON

Download Yara Rule

APIs

EVP_CIPHER_CTX_free.LIBCRYPTO-1_1(?,00007FFDA345693A), ref: 00007FFDA345C454
EVP_CIPHER_CTX_free.LIBCRYPTO-1_1(?,00007FFDA345693A), ref: 00007FFDA345C46C
COMP_CTX_free.LIBCRYPTO-1_1(?,00007FFDA345693A), ref: 00007FFDA345C47F
COMP_CTX_free.LIBCRYPTO-1_1(?,00007FFDA345693A), ref: 00007FFDA345C492
EVP_MD_CTX_free.LIBCRYPTO-1_1(?,00007FFDA345693A), ref: 00007FFDA345C4A5
EVP_MD_CTX_free.LIBCRYPTO-1_1(?,00007FFDA345693A), ref: 00007FFDA345C4B8

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: X_free
String ID:
API String ID: 2268491255-0
Opcode ID: 6493352eb6d6ed3341580a2395efd01224b6157228b4c69fa8689b251ece88ee
Instruction ID: 38bb84fba191044b82e318418132e22b16fda34c0f98189a540ac3baea89cbe7
Opcode Fuzzy Hash: 6493352eb6d6ed3341580a2395efd01224b6157228b4c69fa8689b251ece88ee
Instruction Fuzzy Hash: 1C012972B1AA8141D750AF61D9513BC63A5EF80F89F080035DF4D9B797CF65D490832C

Function 00007FFDA3431497 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 190COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FFDA343D0EE
memcpy.VCRUNTIME140 ref: 00007FFDA343D145
SetLastError.KERNEL32 ref: 00007FFDA343D245
BIO_read.LIBCRYPTO-1_1 ref: 00007FFDA343D26C

Strings

..\s\ssl\record\rec_layer_s3.c, xrefs: 00007FFDA343D1F1, 00007FFDA343D2E5

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: memcpy$ErrorLastO_read
String ID: ..\s\ssl\record\rec_layer_s3.c
API String ID: 1958097105-2209325370
Opcode ID: 3dcb4004876841d817ef47d2efc369b4e2620c560bc807afff1c78d3bfb42160
Instruction ID: 44504be6b73ef869e8d842c65fd528796c49d343805d8b342d75cbf98f0d3e5f
Opcode Fuzzy Hash: 3dcb4004876841d817ef47d2efc369b4e2620c560bc807afff1c78d3bfb42160
Instruction Fuzzy Hash: 0081C532B0AB8982EB549E21D5643BD63A2FB41F98F144135DD4CA778ACFBED445C304

Function 00007FFDA34845C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,?,00007FFDA3486D97), ref: 00007FFDA34846CB
BIO_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,00007FFDA3486D97), ref: 00007FFDA34846F8

Strings

..\s\ssl\statem\statem_lib.c, xrefs: 00007FFDA348470E
TLS 1.3, client CertificateVerify, xrefs: 00007FFDA3484639
TLS 1.3, server CertificateVerify, xrefs: 00007FFDA3484661

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_ctrlmemcpy
String ID: ..\s\ssl\statem\statem_lib.c$TLS 1.3, client CertificateVerify$TLS 1.3, server CertificateVerify
API String ID: 2266715306-2608420995
Opcode ID: 15aa47485ae97e114c81045a7148ccf703e01fe5c933243fd750f331446eba2e
Instruction ID: 597fdf0b053e310f55b402c71b722bb867d97e5e1f7725ccf1185b412cc7059c
Opcode Fuzzy Hash: 15aa47485ae97e114c81045a7148ccf703e01fe5c933243fd750f331446eba2e
Instruction Fuzzy Hash: D641B022B0AB8282E710CF28D4612BD77A1FB55B84F544132DB8CE7762DF6ED1A5C708

Function 00007FFDA3431343 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA34556C3
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA34556D5
OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA34556EE

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345571D

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_num$L_sk_value
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1603723057-1080266419
Opcode ID: 792a7ce2ecfafcfa269ffd79d35873fb8a2162825072a8662e8cf8d35527f56e
Instruction ID: f44942e970f51db2e3f2fb75507b5674681295d2f91ea3b10ee899beb4ee667f
Opcode Fuzzy Hash: 792a7ce2ecfafcfa269ffd79d35873fb8a2162825072a8662e8cf8d35527f56e
Instruction Fuzzy Hash: 9A219632B1A75182E710DF19E0512A9B3E2EB84B84F540035EF4D937A6DF7FD9828B08

Function 00007FFDA3431726 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA344518E
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA34451DF
EVP_MD_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA3445204
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA3445242

Strings

..\s\ssl\s3_enc.c, xrefs: 00007FFDA344519B

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_ctrlO_freeO_newX_free
String ID: ..\s\ssl\s3_enc.c
API String ID: 3686289451-1839494539
Opcode ID: 7184764af4828457676a05604ef11b2bd870a9ee6f5aded71f74c8ce5a10fc40
Instruction ID: 791446a40f67a9e5c4737180bc2db80e4f6987423d3ac136e4f7ebc7052d8692
Opcode Fuzzy Hash: 7184764af4828457676a05604ef11b2bd870a9ee6f5aded71f74c8ce5a10fc40
Instruction Fuzzy Hash: A7217C32B09B8195EB50DF25E4613EC33A1FB89B88F088531DE4D9B756DFBAD0848704

Function 00007FFDA344B7C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344B824
OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 00007FFDA344B83D
OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 00007FFDA344B852
X509_up_ref.LIBCRYPTO-1_1 ref: 00007FFDA344B85E

Strings

..\s\ssl\ssl_cert.c, xrefs: 00007FFDA344B808

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_new_nullL_sk_pushR_put_errorX509_up_ref
String ID: ..\s\ssl\ssl_cert.c
API String ID: 1254856836-349359282
Opcode ID: de222332ab560ae41cd398fca7d233f04ed90fb3ee78e9fc6952b7ca29800a53
Instruction ID: fed100e09a8dca263721a557283d973dffaa0086b7a5b4079ed0045b495279cf
Opcode Fuzzy Hash: de222332ab560ae41cd398fca7d233f04ed90fb3ee78e9fc6952b7ca29800a53
Instruction Fuzzy Hash: C5118221B0E64287FBA49B61F5613B962A2EF44B84F080531EE4CD7787DFBED4908708

Function 00007FFDA3431294 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 42COMMON

Download Yara Rule

APIs

OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA3455D53
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3455D85

Strings

ALL:!COMPLEMENTOFDEFAULT:!eNULL, xrefs: 00007FFDA3455D3A
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256, xrefs: 00007FFDA3455D05
..\s\ssl\ssl_lib.c, xrefs: 00007FFDA3455D75

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_numR_put_error
String ID: ..\s\ssl\ssl_lib.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
API String ID: 3481481725-2408151667
Opcode ID: 317e8ca95c8adfb34f4cd1c9d50b9473096ef48f220615104f65b565feef6649
Instruction ID: 3375a80291167f3e5213b795b105f46026e8991de0ca358f3fbe4ad0b482d06d
Opcode Fuzzy Hash: 317e8ca95c8adfb34f4cd1c9d50b9473096ef48f220615104f65b565feef6649
Instruction Fuzzy Hash: 32118262F1A74681E7209B20D4212B93392AF44B48F444131E94DE7796DFBEE549C708

Function 00007FFDA3494750 Relevance: 7.6, APIs: 5, Instructions: 144COMMON

Download Yara Rule

APIs

EVP_PKEY_get0_EC_KEY.LIBCRYPTO-1_1 ref: 00007FFDA34948B7
EC_KEY_get0_group.LIBCRYPTO-1_1 ref: 00007FFDA34948BF
EC_GROUP_get_curve_name.LIBCRYPTO-1_1 ref: 00007FFDA34948C7

Part of subcall function 00007FFDA3494600: ERR_pop_to_mark.LIBCRYPTO-1_1 ref: 00007FFDA3494651

EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA3494911
RSA_size.LIBCRYPTO-1_1 ref: 00007FFDA3494920

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: A_sizeD_sizeP_get_curve_nameR_pop_to_markY_get0_Y_get0_group
String ID:
API String ID: 2524731747-0
Opcode ID: 6075d711208a0826b2fa15ed87acc049cad3210ebe7160a18e31799764006937
Instruction ID: a108392291d3f048db06cbd991ac9d4993624ff1984b449bb47c49db6eec566a
Opcode Fuzzy Hash: 6075d711208a0826b2fa15ed87acc049cad3210ebe7160a18e31799764006937
Instruction Fuzzy Hash: CB51A526B0EA4241EF64EE22D4621B923D6EF85B84F080535DE0ED77D7DEBDE4418788

Function 00007FFDA34520E0 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

BIO_s_file.LIBCRYPTO-1_1 ref: 00007FFDA3452122
BIO_new.LIBCRYPTO-1_1 ref: 00007FFDA345212A
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA3452146
DH_free.LIBCRYPTO-1_1 ref: 00007FFDA34521A0
BIO_free.LIBCRYPTO-1_1 ref: 00007FFDA34521A8

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: H_freeO_ctrlO_freeO_newO_s_file
String ID:
API String ID: 1469330667-0
Opcode ID: 81a29b65ec075d8b662f60f15598d46dcf3bbee5504e15bf2f78ed5bf6019a91
Instruction ID: 642a989d23533bba534a91266a90047938842e9696ccc4acd549b59a9cdba739
Opcode Fuzzy Hash: 81a29b65ec075d8b662f60f15598d46dcf3bbee5504e15bf2f78ed5bf6019a91
Instruction Fuzzy Hash: A721F812B0B65146FA65EE56A46277A2292AF44FC0F044032EF0DE7B47DE7ED8114744

Function 00007FFDA34323B5 Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 00007FFDA344A118
X509_get_subject_name.LIBCRYPTO-1_1 ref: 00007FFDA344A12C
X509_NAME_dup.LIBCRYPTO-1_1 ref: 00007FFDA344A134
OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 00007FFDA344A14B
X509_NAME_free.LIBCRYPTO-1_1 ref: 00007FFDA344A157

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
String ID:
API String ID: 2231116090-0
Opcode ID: 82492383bb986031a130ce332d8c4117b49648594df4aaa9f1e28b13961d9d88
Instruction ID: 8f7adc775569a431fe7c8d2f871daf0293c7a96cce17d8b4d93c20430705b904
Opcode Fuzzy Hash: 82492383bb986031a130ce332d8c4117b49648594df4aaa9f1e28b13961d9d88
Instruction Fuzzy Hash: E6016261F0F74241FF65AA65A5653B852D29F48BC4F080430EE1CEB787EEAEE4C04308

Function 00007FFDA3432379 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 270COMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDA346C38A
EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA346C3D1
EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA346C452

Strings

..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FFDA346C344

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: D_size$_time64
String ID: ..\s\ssl\statem\extensions_clnt.c
API String ID: 2874025382-592572767
Opcode ID: 51edfa5d44c433f1c96c1318db48a2aa5f157a6a6b0e2826954d9ef86924e852
Instruction ID: b564ffc27114a0529f0a50d885b24f24709cfc340da281b7533ea50c289fbbbc
Opcode Fuzzy Hash: 51edfa5d44c433f1c96c1318db48a2aa5f157a6a6b0e2826954d9ef86924e852
Instruction Fuzzy Hash: EBB1A57170E78282EA64DF12956027E7692FB84B84F140036DE4DE7B96DFBEE851C708

Function 00007FFDA3476520 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 213COMMON

Download Yara Rule

Strings

..\s\ssl\statem\statem.c, xrefs: 00007FFDA34767C5, 00007FFDA347688C

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID:
String ID: ..\s\ssl\statem\statem.c
API String ID: 0-2512360314
Opcode ID: f4b82ac2777e7e13ee3f52d1b79094b7e670554c20a499e59a0f01eee76fc5dd
Instruction ID: 0009cc16b5f8162dc461e637b360416e8c44af710da64226d19bccb84fa9c8c0
Opcode Fuzzy Hash: f4b82ac2777e7e13ee3f52d1b79094b7e670554c20a499e59a0f01eee76fc5dd
Instruction Fuzzy Hash: 57A19232F0A68685FBA49F25D4643B937A2FB44B48F444036CA4DA7796CFBED485C708

Function 00007FFDA3431492 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON

Download Yara Rule

Strings

..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FFDA346F5BB, 00007FFDA346F5FD, 00007FFDA346F66B, 00007FFDA346F6BB

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID:
String ID: ..\s\ssl\statem\extensions_clnt.c
API String ID: 0-592572767
Opcode ID: e9db389cdf114de96548232ef87d74519a0118fba9b4cd399f754a5bbeac702e
Instruction ID: bf6c6d1003222398ecaf3b1fccacc3be3b0d33380b470611be487bdce7d305bd
Opcode Fuzzy Hash: e9db389cdf114de96548232ef87d74519a0118fba9b4cd399f754a5bbeac702e
Instruction Fuzzy Hash: 1341173270EB4185E7609F11E4611AD77A2FB84B90F480532DA9C93BA6DFBED4B1CB04

Function 00007FFDA344D1B2 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON

Download Yara Rule

APIs

BIO_snprintf.LIBCRYPTO-1_1 ref: 00007FFDA344D453

Strings

ECDSA, xrefs: 00007FFDA344D1B2
SHA256, xrefs: 00007FFDA344D2CF
IDEA(128), xrefs: 00007FFDA344D229

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_snprintf
String ID: ECDSA$IDEA(128)$SHA256
API String ID: 3142812517-1715931570
Opcode ID: 44f7624beab0f323a905dc14c414133b54598305496cbad7365f801c86930631
Instruction ID: 826f2b4396fdd59f97f6b7dc6eb1bfded445e0238ca9666780e3bce2b93ed9a2
Opcode Fuzzy Hash: 44f7624beab0f323a905dc14c414133b54598305496cbad7365f801c86930631
Instruction Fuzzy Hash: 54116632F0EF4242F2B58668A4B81755662BB47340F050136DD4DB2BA78EFFE941860C

Function 00007FFDA344D1BB Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON

Download Yara Rule

APIs

BIO_snprintf.LIBCRYPTO-1_1 ref: 00007FFDA344D453

Strings

SHA256, xrefs: 00007FFDA344D2CF
PSK, xrefs: 00007FFDA344D1BB
IDEA(128), xrefs: 00007FFDA344D229

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_snprintf
String ID: IDEA(128)$PSK$SHA256
API String ID: 3142812517-1637006702
Opcode ID: 22b1fa60e36ba6287f1bc6f14d9eb96c9d991d63a256d015d457473488a5b0b7
Instruction ID: b9c842ed1178e04e1a41124feb896ca1434c688391bcbe4bbc85a9d6b5007a24
Opcode Fuzzy Hash: 22b1fa60e36ba6287f1bc6f14d9eb96c9d991d63a256d015d457473488a5b0b7
Instruction Fuzzy Hash: 3C116332F0EF4242F2B58A68A4B81755662BB47340F050136DD4DB2BA78EFFE9418608

Function 00007FFDA344D1A4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON

Download Yara Rule

APIs

BIO_snprintf.LIBCRYPTO-1_1 ref: 00007FFDA344D453

Strings

SHA256, xrefs: 00007FFDA344D2CF
DSS, xrefs: 00007FFDA344D1A4
IDEA(128), xrefs: 00007FFDA344D229

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_snprintf
String ID: DSS$IDEA(128)$SHA256
API String ID: 3142812517-3841199953
Opcode ID: bcd508023703d1cfa3f383b34bb166623804abcfa86d47c02c90fb4ac799a4e1
Instruction ID: 110ef58d55ced920061c86cc1466358f8f5355d9473573bbee6b115edc1015af
Opcode Fuzzy Hash: bcd508023703d1cfa3f383b34bb166623804abcfa86d47c02c90fb4ac799a4e1
Instruction Fuzzy Hash: A4116332F0EF4242F2B58A68A4B81755662BB47340F050136DD4DB2BA78EFFE9418608

Function 00007FFDA344D1CD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON

Download Yara Rule

APIs

BIO_snprintf.LIBCRYPTO-1_1 ref: 00007FFDA344D453

Strings

SHA256, xrefs: 00007FFDA344D2CF
IDEA(128), xrefs: 00007FFDA344D229
GOST01, xrefs: 00007FFDA344D1CD

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_snprintf
String ID: GOST01$IDEA(128)$SHA256
API String ID: 3142812517-4064199452
Opcode ID: cfd0067d8a8ad8a67da8fc63cc408b603bb97ad56ff2d81728cab1d66831b990
Instruction ID: 22842d6ba464b4bbb9c9b9f9e6ba9ba113e14b3da93fc0706d158e14a210c02d
Opcode Fuzzy Hash: cfd0067d8a8ad8a67da8fc63cc408b603bb97ad56ff2d81728cab1d66831b990
Instruction Fuzzy Hash: CF117532F0EF4242F2B58A68A4A81755662FB47340F450136DD4DB3BA78EFFE941860C

Function 00007FFDA344D1D6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON

Download Yara Rule

APIs

BIO_snprintf.LIBCRYPTO-1_1 ref: 00007FFDA344D453

Strings

SHA256, xrefs: 00007FFDA344D2CF
IDEA(128), xrefs: 00007FFDA344D229
GOST12, xrefs: 00007FFDA344D1D6

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_snprintf
String ID: GOST12$IDEA(128)$SHA256
API String ID: 3142812517-3478822438
Opcode ID: a0bac47b9c82c5a4c1ec5b48d2324b302cca4babee979be204a3a56fc339e4be
Instruction ID: 8b984ef5fe80ca236106535a863c3d5bb97a9b1e8a497243d74ac852e31b43ab
Opcode Fuzzy Hash: a0bac47b9c82c5a4c1ec5b48d2324b302cca4babee979be204a3a56fc339e4be
Instruction Fuzzy Hash: 90117532F0EF5242F2B58A68A4A81755662FB47340F050136DD4DB3BAB8EFFE941860C

Function 00007FFDA344D1C4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON

Download Yara Rule

APIs

BIO_snprintf.LIBCRYPTO-1_1 ref: 00007FFDA344D453

Strings

SRP, xrefs: 00007FFDA344D1C4
SHA256, xrefs: 00007FFDA344D2CF
IDEA(128), xrefs: 00007FFDA344D229

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_snprintf
String ID: IDEA(128)$SHA256$SRP
API String ID: 3142812517-1647395391
Opcode ID: 4c6ebbec9975f5f847d62aac0176e09a990903033811db69cf6212be7734f895
Instruction ID: be2c27de9592e2751c8b7197d7bcb0a422db1ba4f8eb0fb32c0cd30d287488d1
Opcode Fuzzy Hash: 4c6ebbec9975f5f847d62aac0176e09a990903033811db69cf6212be7734f895
Instruction Fuzzy Hash: 12116632F0EF4242F2B58668A4B81755662BB47340F050136DD4DB2BA78EFFE9418608

Function 00007FFDA344D1DF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON

Download Yara Rule

APIs

BIO_snprintf.LIBCRYPTO-1_1 ref: 00007FFDA344D453

Strings

SHA256, xrefs: 00007FFDA344D2CF
IDEA(128), xrefs: 00007FFDA344D229
any, xrefs: 00007FFDA344D1DF

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_snprintf
String ID: IDEA(128)$SHA256$any
API String ID: 3142812517-1956614738
Opcode ID: ba861a5591f4fecf2ff9ffa6c2c0a8a9f92a2a01709c69b466efccf13ece5890
Instruction ID: da733619ff789fa1741c0ddc3e53cf9b30effbdd2ae0f50a3f88b539893aba3a
Opcode Fuzzy Hash: ba861a5591f4fecf2ff9ffa6c2c0a8a9f92a2a01709c69b466efccf13ece5890
Instruction Fuzzy Hash: 5F116332F0EF4242F2B58A69A4A81755662BB47340F050136DD4DB2BA78EFFE9418608

Function 00007FFDA34312AD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3460ABD
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3460B08
X509_free.LIBCRYPTO-1_1 ref: 00007FFDA3460B25

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FFDA3460AA2, 00007FFDA3460AEC

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$X509_free
String ID: ..\s\ssl\ssl_rsa.c
API String ID: 4102096802-2723262194
Opcode ID: 13b20eedb222f1f1f2e6d0bb6c12fea2797da574fd4ff134c3496baec6321aef
Instruction ID: 746566f3f0cc860b97ad36dfe4ca86709a828ab70f0a3e34cb59c3b1b65db3dc
Opcode Fuzzy Hash: 13b20eedb222f1f1f2e6d0bb6c12fea2797da574fd4ff134c3496baec6321aef
Instruction Fuzzy Hash: E3112731B0D24246EB249F25F8202AAA792FB847C4F484034EA4DD7B87DFBEE5508708

Function 00007FFDA343152D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA344B735
OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 00007FFDA344B752
OPENSSL_sk_push.LIBCRYPTO-1_1 ref: 00007FFDA344B767

Strings

..\s\ssl\ssl_cert.c, xrefs: 00007FFDA344B71B

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_new_nullL_sk_pushR_put_error
String ID: ..\s\ssl\ssl_cert.c
API String ID: 1176158178-349359282
Opcode ID: 1683a4ef7acdf72e624ee474a3665e466bd7fcd3fb21707e4e5ca1fa6b0056be
Instruction ID: 17e2f9a3a39a04f2c8f4a9c3a6ce7846e1c46541fbe7267d2d012fe5421e3f99
Opcode Fuzzy Hash: 1683a4ef7acdf72e624ee474a3665e466bd7fcd3fb21707e4e5ca1fa6b0056be
Instruction Fuzzy Hash: CA119022B0A64183EB549F26E4202A973A6FF44B84F080531EF8CD7B97CF7ED5918708

Function 00007FFDA34313E3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345623B
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3456274

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA3456222, 00007FFDA3456266, 00007FFDA3456296

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1767461275-1080266419
Opcode ID: 9c69d3e6be98beb030fa5cf9360c523eb2394a07a3783dabf1ec6d20db28155b
Instruction ID: a887428d5369ea8fe97dfef0ab26a54c4283479587bb90b23f6626513fe83291
Opcode Fuzzy Hash: 9c69d3e6be98beb030fa5cf9360c523eb2394a07a3783dabf1ec6d20db28155b
Instruction Fuzzy Hash: 34118675F1A64686FB64DF61C8202A937A2FB80708F804034E60C93792DFBEE656CB04

Function 00007FFDA3461740 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

d2i_PrivateKey.LIBCRYPTO-1_1 ref: 00007FFDA3461762
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA346178A
EVP_PKEY_free.LIBCRYPTO-1_1 ref: 00007FFDA34617B0

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FFDA346176F

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: PrivateR_put_errorY_freed2i_
String ID: ..\s\ssl\ssl_rsa.c
API String ID: 107863293-2723262194
Opcode ID: 6d9da762f28e668d6c441ad52502f2a15de4d5c06cecd3da551d32028c256582
Instruction ID: 6fe778a77194bb468fb530a16ae302b39ae640fdda9f69e4f9c5395ce7327a6c
Opcode Fuzzy Hash: 6d9da762f28e668d6c441ad52502f2a15de4d5c06cecd3da551d32028c256582
Instruction Fuzzy Hash: F7F0F922B0968542E700DF65F5501ADA392EF887C8F444030EB4C97B47DFBDD5508B08

Function 00007FFDA3437380 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32stringCOMMON

Download Yara Rule

APIs

OPENSSL_sk_new_null.LIBCRYPTO-1_1 ref: 00007FFDA3437559
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3437581
strchr.VCRUNTIME140 ref: 00007FFDA34375B8
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA3437632
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3437669
OPENSSL_sk_free.LIBCRYPTO-1_1 ref: 00007FFDA3437671

Strings

..\s\ssl\d1_srtp.c, xrefs: 00007FFDA3437573
H, xrefs: 00007FFDA343756B

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$L_sk_freeL_sk_new_nullstrchrstrncmp
String ID: ..\s\ssl\d1_srtp.c$H
API String ID: 767303460-1001428523
Opcode ID: 337a7746ba5fd16e49325b5f725d95dd83121c91240e621c8da534d01108f6f7
Instruction ID: f3cd2b4441688797e3d398b94c5cb94d06e2e46956a09006bb5a9458276796bf
Opcode Fuzzy Hash: 337a7746ba5fd16e49325b5f725d95dd83121c91240e621c8da534d01108f6f7
Instruction Fuzzy Hash: 5DF0BB11F0B16685E698E75598116E51792AF04784F114031ED0CD3743ED7EE6578708

Function 00007FFDA34320BD Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 119COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FFDA348732D
memcpy.VCRUNTIME140 ref: 00007FFDA348735C

Strings

..\s\ssl\statem\statem_lib.c, xrefs: 00007FFDA3487289
CLIENT_RANDOM, xrefs: 00007FFDA34872E1

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: memcpy
String ID: ..\s\ssl\statem\statem_lib.c$CLIENT_RANDOM
API String ID: 3510742995-484036895
Opcode ID: 07bb41f7ac5c7284c2c90cd0b8b9988f74b8d342a1ab349fb886773854449c43
Instruction ID: 35e3f991c9543a26f21986395693950cec023e70301ec494d5016359e9773c84
Opcode Fuzzy Hash: 07bb41f7ac5c7284c2c90cd0b8b9988f74b8d342a1ab349fb886773854449c43
Instruction Fuzzy Hash: 94519132B0674186EB90CB55D4643A877A2EB45BC8F184032EF4CA7796DF7EE485C315

Function 00007FFDA346F760 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

OPENSSL_sk_num.LIBCRYPTO-1_1(?,?,?,00007FFDA346D4BF), ref: 00007FFDA346F798
OPENSSL_sk_value.LIBCRYPTO-1_1(?,?,?,00007FFDA346D4BF), ref: 00007FFDA346F7AB
OPENSSL_sk_free.LIBCRYPTO-1_1(?,?,?,00007FFDA346D4BF), ref: 00007FFDA346F7CF
OPENSSL_sk_free.LIBCRYPTO-1_1(?,?,?,00007FFDA346D4BF), ref: 00007FFDA346F7EC

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_free$L_sk_numL_sk_value
String ID:
API String ID: 4251522676-0
Opcode ID: f88cd81b8b2f884d54fda55d39006d2209b12edd05a205fd35b6b38ae48398b8
Instruction ID: d698925d8877fb9baa93f4f20553988d7abe41b63b5a5472db53043442b90d1b
Opcode Fuzzy Hash: f88cd81b8b2f884d54fda55d39006d2209b12edd05a205fd35b6b38ae48398b8
Instruction Fuzzy Hash: DD21CB12B0E64286F610AF25942017D76A2AF85B90F144433EE8DD3797DFBED5928708

Function 00007FFDA344E400 Relevance: 6.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

OPENSSL_sk_new_null.LIBCRYPTO-1_1(?,00007FFDA344DC5D), ref: 00007FFDA344E41E
CONF_parse_list.LIBCRYPTO-1_1(?,00007FFDA344DC5D), ref: 00007FFDA344E448
OPENSSL_sk_free.LIBCRYPTO-1_1(?,00007FFDA344DC5D), ref: 00007FFDA344E454
OPENSSL_sk_free.LIBCRYPTO-1_1(?,00007FFDA344DC5D), ref: 00007FFDA344E46E

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_free$F_parse_listL_sk_new_null
String ID:
API String ID: 4265814531-0
Opcode ID: 7df82fb949e12bf4a216ac0d1243a055229da8c8e7b3ff2f6a825a281c0e489e
Instruction ID: 04ed4172433873dce53aba029e3226983e524286dca69879eba72d9da4eb25e4
Opcode Fuzzy Hash: 7df82fb949e12bf4a216ac0d1243a055229da8c8e7b3ff2f6a825a281c0e489e
Instruction Fuzzy Hash: 2C017121B0AB5281E6619B15F4202696361AF84B80F484031EF8CE3B9BDE7FD8918708

Function 00007FFDA34313E8 Relevance: 6.0, APIs: 4, Instructions: 28COMMON

Download Yara Rule

APIs

EVP_CIPHER_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA345E304
EVP_CIPHER_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA345E31C
COMP_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA345E32F
COMP_CTX_free.LIBCRYPTO-1_1 ref: 00007FFDA345E342

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: X_free
String ID:
API String ID: 2268491255-0
Opcode ID: 0501fa589575d6f3eaf730ced008f5909f2c3022fc05dda30cca060b699d4e5a
Instruction ID: 4acde41f94d2fa7e44ab16e4440bbb8b06239e9db0f6a6ada610ee272a9054b1
Opcode Fuzzy Hash: 0501fa589575d6f3eaf730ced008f5909f2c3022fc05dda30cca060b699d4e5a
Instruction Fuzzy Hash: 00F0CD62B0A74140EB90AF61D4913BC6355EF80B44F080035EF0C9B787CE69D490832D

Function 00007FFDA34516A0 Relevance: 6.0, APIs: 4, Instructions: 28COMMON

Download Yara Rule

APIs

OPENSSL_sk_dup.LIBCRYPTO-1_1(00000000,00007FFDA3450C4A), ref: 00007FFDA34516B9
OPENSSL_sk_free.LIBCRYPTO-1_1(00000000,00007FFDA3450C4A), ref: 00007FFDA34516D4
OPENSSL_sk_set_cmp_func.LIBCRYPTO-1_1(00000000,00007FFDA3450C4A), ref: 00007FFDA34516E6
OPENSSL_sk_sort.LIBCRYPTO-1_1(00000000,00007FFDA3450C4A), ref: 00007FFDA34516EE

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_dupL_sk_freeL_sk_set_cmp_funcL_sk_sort
String ID:
API String ID: 1312970346-0
Opcode ID: 1f93946a7fdee477b04f09b1077695c938391180a9d071c085a2328c569291d2
Instruction ID: 61456e8a23d577fe89e780960f4219b7da9dce99a0355c2aa8a33dc3bf045b8b
Opcode Fuzzy Hash: 1f93946a7fdee477b04f09b1077695c938391180a9d071c085a2328c569291d2
Instruction Fuzzy Hash: 12F08222F0E60582EA65A726F1A13BC53529F88BC4F445031FE0D9B79BEDADD4914309

Function 00007FFDA3482800 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FFDA34828D7

Part of subcall function 00007FFDA3431267: EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FFDA3481496
Part of subcall function 00007FFDA3431267: EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FFDA348149E
Part of subcall function 00007FFDA3431267: EVP_MD_CTX_md.LIBCRYPTO-1_1 ref: 00007FFDA34814B0
Part of subcall function 00007FFDA3431267: EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FFDA34814B8
Part of subcall function 00007FFDA3431267: EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FFDA34814D1
Part of subcall function 00007FFDA3431267: EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FFDA34814D9
Part of subcall function 00007FFDA3431267: EVP_CIPHER_CTX_block_size.LIBCRYPTO-1_1 ref: 00007FFDA34814EF
Part of subcall function 00007FFDA3431267: BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA348156D

BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA3482A07

Strings

..\s\ssl\statem\statem_dtls.c, xrefs: 00007FFDA3482A60

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_ctrlR_flagsX_cipher$D_sizeX_block_sizeX_mdmemcpy
String ID: ..\s\ssl\statem\statem_dtls.c
API String ID: 1483294773-3140652063
Opcode ID: 204412abf80564a97c1fafa206ce13a068008e0f88b764c6312e434c6826633e
Instruction ID: 06b154690ef9cf7434d4db8f64f558b382f919d367a29f0aff332e0391180d1b
Opcode Fuzzy Hash: 204412abf80564a97c1fafa206ce13a068008e0f88b764c6312e434c6826633e
Instruction Fuzzy Hash: 44619A32305B8492D794EB16E5907AE77A9FB88B80F114136EF9C83752CF7AD460C704

Function 00007FFDA3431429 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

APIs

BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA343675E
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA34368C1

Strings

..\s\ssl\d1_lib.c, xrefs: 00007FFDA343679B

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_ctrl
String ID: ..\s\ssl\d1_lib.c
API String ID: 3605655398-490761327
Opcode ID: 4fb5c8f4a442cd5c47344fcfb48cd2715ef5b855b47c975e52132fa561e49fef
Instruction ID: 1d138456fc17258fcfee4f06649a8dce387f2b93c4ef9b2860594cc72efb32ef
Opcode Fuzzy Hash: 4fb5c8f4a442cd5c47344fcfb48cd2715ef5b855b47c975e52132fa561e49fef
Instruction Fuzzy Hash: 5C518F32B0668B86E79CCB15D1943FD37A2FB85B84F544131DA2D977A2CF7E90518B04

Function 00007FFDA3431816 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FFDA3482C08
BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FFDA3482D33

Strings

..\s\ssl\statem\statem_dtls.c, xrefs: 00007FFDA3482B89

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_ctrlmemcpy
String ID: ..\s\ssl\statem\statem_dtls.c
API String ID: 2266715306-3140652063
Opcode ID: e4d82e34aee3a298b4fce358bf4607c529f4486acfee45f1fbe5eab23aec6226
Instruction ID: 9cdfa43229ccfab8fab739a8f5591de11c164edeeb215f8e0a73fa8c3ce14324
Opcode Fuzzy Hash: e4d82e34aee3a298b4fce358bf4607c529f4486acfee45f1fbe5eab23aec6226
Instruction Fuzzy Hash: 60513736305BC496D7989F25E5907AEB7A9FB88B80F104026EF9C83756DF79E0A4C704

Function 00007FFDA3431424 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

OPENSSL_sk_num.LIBCRYPTO-1_1 ref: 00007FFDA346D900
OPENSSL_sk_value.LIBCRYPTO-1_1 ref: 00007FFDA346D915

Strings

..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FFDA346D99B, 00007FFDA346D9CA

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_sk_numL_sk_value
String ID: ..\s\ssl\statem\extensions_clnt.c
API String ID: 557030205-592572767
Opcode ID: 7f95b965ad8b109ce67aa820121db860145efe4b2b9880573eb570dee2adb987
Instruction ID: dc9d4076e79ec2cb6772a458da2959afb1162a2ca62e280972c9afd432a55cb9
Opcode Fuzzy Hash: 7f95b965ad8b109ce67aa820121db860145efe4b2b9880573eb570dee2adb987
Instruction Fuzzy Hash: FD419621B0DB4245F7249B12E56127EA396AF85BC0F140030DE8CE7B9BDFBEE5558B08

Function 00007FFDA3431253 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FFDA343DD50
BIO_write.LIBCRYPTO-1_1 ref: 00007FFDA343DD75

Strings

..\s\ssl\record\rec_layer_s3.c, xrefs: 00007FFDA343DE00, 00007FFDA343DE52

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: ErrorLastO_write
String ID: ..\s\ssl\record\rec_layer_s3.c
API String ID: 186964608-2209325370
Opcode ID: 8d41160d5e821a9b59c27cfcbeb813b5333318ab4bb8ac73822785134f644a65
Instruction ID: 361499a7205f43141547c8b7013e4277ddd5ea79ef7a0e70ee86b17958aa3f62
Opcode Fuzzy Hash: 8d41160d5e821a9b59c27cfcbeb813b5333318ab4bb8ac73822785134f644a65
Instruction Fuzzy Hash: CF41BF32B0AF89C2EB288F15D4542B977A6FB45B88F144231DA4C93B96DFBEE4518704

Function 00007FFDA34314DD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FFDA346C020

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID:
String ID: ..\s\ssl\statem\extensions_clnt.c
API String ID: 0-592572767
Opcode ID: 58218e73376a22996f52c87b212d3caa0290f253a5f46efd9b6d072cc0b82ad2
Instruction ID: ac0448f0ae8a70fc060c0f1118003b469612f63ddc1752cb67506ec4016d36e7
Opcode Fuzzy Hash: 58218e73376a22996f52c87b212d3caa0290f253a5f46efd9b6d072cc0b82ad2
Instruction Fuzzy Hash: 9A31B262B0EA4682FB508B95E4603BD7392EF84794F040131DA5D97BD7DFEED9508B04

Function 00007FFDA34310AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FFDA349C95E
OPENSSL_cleanse.LIBCRYPTO-1_1 ref: 00007FFDA349C975

Strings

traffic upd, xrefs: 00007FFDA349C934

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: L_cleansememcpy
String ID: traffic upd
API String ID: 2817969487-79366657
Opcode ID: f8617069f4cd0e815da06fd2992a78c95339bda7289e02c4423e570d17b17890
Instruction ID: f93b5bcea7ed16793f372425b91793c057e2641817fda218f3e8b8d8bc408b8a
Opcode Fuzzy Hash: f8617069f4cd0e815da06fd2992a78c95339bda7289e02c4423e570d17b17890
Instruction Fuzzy Hash: BB31C42270AB8586E620EB12F4113AAB791FB48784F400035EF8EA7787DF7DE555C708

Function 00007FFDA34320C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

BIO_clear_flags.LIBCRYPTO-1_1 ref: 00007FFDA34795EC
BIO_set_flags.LIBCRYPTO-1_1 ref: 00007FFDA34795F9

Strings

..\s\ssl\statem\statem_clnt.c, xrefs: 00007FFDA34799AB

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_clear_flagsO_set_flags
String ID: ..\s\ssl\statem\statem_clnt.c
API String ID: 3946675294-1507966698
Opcode ID: d30551647313214b532e7e2b796882818c474d38519b687cef5c0ab25d58397c
Instruction ID: 74b152041565c9d7ae47a136c8b1f53a8e44c4d5049b888b50778d0efeda90f1
Opcode Fuzzy Hash: d30551647313214b532e7e2b796882818c474d38519b687cef5c0ab25d58397c
Instruction Fuzzy Hash: 4131DB72B0A64185EB64DF19E4A03B927A2EB49B88F184130DA4DD7797CF7ED491C708

Function 00007FFDA3436540 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32 ref: 00007FFDA343658D
SystemTimeToFileTime.KERNEL32 ref: 00007FFDA343659D

Strings

gfff, xrefs: 00007FFDA34365CF

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: Time$System$File
String ID: gfff
API String ID: 2838179519-1553575800
Opcode ID: 5bab4889fdff038a34dd7d6efd02d934e11c3433e8613633f5b88581a3d60216
Instruction ID: 1b328c8ba7206ba761c5a27d91202f1ed9f54957f862f9fe74ae4684dd14f2df
Opcode Fuzzy Hash: 5bab4889fdff038a34dd7d6efd02d934e11c3433e8613633f5b88581a3d60216
Instruction Fuzzy Hash: E621E672B0964B86EB988F29E4603797BE1EB88BC8F448035DA4DD776ADE7DD0408700

Function 00007FFDA34317A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDA3448782
RAND_bytes.LIBCRYPTO-1_1 ref: 00007FFDA34487B0

Strings

DOWNGRD, xrefs: 00007FFDA34487E6

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: D_bytes_time64
String ID: DOWNGRD
API String ID: 3543108242-2922851170
Opcode ID: badda77ca74e05cbb1b9a1913239d2957b81495fa8a0d3fb60bfa0f44542addb
Instruction ID: d65020198b292a6e18a9caee862001f0a1ba019bb9a99b1e606eb26d02e39fc3
Opcode Fuzzy Hash: badda77ca74e05cbb1b9a1913239d2957b81495fa8a0d3fb60bfa0f44542addb
Instruction Fuzzy Hash: ED21D832F0968243E75C9729AA7107D7293EB94340F544038DB1BD7783DE6EE8A0C304

Function 00007FFDA343167C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

BIO_clear_flags.LIBCRYPTO-1_1 ref: 00007FFDA348BBCB
BIO_set_flags.LIBCRYPTO-1_1 ref: 00007FFDA348BBD8

Strings

..\s\ssl\statem\statem_srvr.c, xrefs: 00007FFDA348BE07

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_clear_flagsO_set_flags
String ID: ..\s\ssl\statem\statem_srvr.c
API String ID: 3946675294-348624464
Opcode ID: c87b56faf171a4358b43028e3704c239902ffb2910c5da52c190f6c6e0bcb5c0
Instruction ID: 4a70008f691bd2638f75f52d31bdec64a80b278ba6d1c0b1c707c30f986b0963
Opcode Fuzzy Hash: c87b56faf171a4358b43028e3704c239902ffb2910c5da52c190f6c6e0bcb5c0
Instruction Fuzzy Hash: 7021AE22B0A6828BE7909B15D4A53BC3B92EB88748F544035EA8DD3793CFFED545C704

Function 00007FFDA345F230 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1(?,00007FFDA345B600), ref: 00007FFDA345F320

Strings

(, xrefs: 00007FFDA345F283
..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345F308

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error
String ID: ($..\s\ssl\ssl_lib.c
API String ID: 1767461275-1617307452
Opcode ID: 7d1b406a4ab2cc278b0194956e2ea246e9ca3ab2704f59a0278e6af02dd3de85
Instruction ID: 760c1e219e08ef7874623708074ad776b9e1333dde0439882df6fa0cb7ac5e8e
Opcode Fuzzy Hash: 7d1b406a4ab2cc278b0194956e2ea246e9ca3ab2704f59a0278e6af02dd3de85
Instruction Fuzzy Hash: A721D271B0AB41C5E3609F54E0103A972A2FB49798F680236EB4C977D6CFBED9418B09

Function 00007FFDA3457140 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3457179
ASYNC_get_current_job.LIBCRYPTO-1_1 ref: 00007FFDA34571C6

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA3457160

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: C_get_current_jobR_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 4281227279-1080266419
Opcode ID: 8f083c8a184d4fd3118b2df8a8c15317da89aba9ac76828985e5f07a173d9a40
Instruction ID: 8696864ae4816645c296efe9f8eea0e1e6664968c8d7220bc7c5cb258de60862
Opcode Fuzzy Hash: 8f083c8a184d4fd3118b2df8a8c15317da89aba9ac76828985e5f07a173d9a40
Instruction Fuzzy Hash: 3621C122F1974682E750DB25E5512AD3392EF88B84F580231FA49A3797EFBDE4818A04

Function 00007FFDA344D1AD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON

Download Yara Rule

APIs

BIO_snprintf.LIBCRYPTO-1_1 ref: 00007FFDA344D453

Strings

SHA256, xrefs: 00007FFDA344D2CF
IDEA(128), xrefs: 00007FFDA344D229

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_snprintf
String ID: IDEA(128)$SHA256
API String ID: 3142812517-2727354722
Opcode ID: d9460424121df0b78aea2e3d6fd0e1f3df40830b56acf255451b65b00fea00d8
Instruction ID: 10a88fe703511b4d7c04995206ade39f1c8882ebdb408019054188e5ea12e8eb
Opcode Fuzzy Hash: d9460424121df0b78aea2e3d6fd0e1f3df40830b56acf255451b65b00fea00d8
Instruction Fuzzy Hash: 40117532F0EF5242F2B58A69A4A81755662BB47340F050136DD4DB3BA78EFFE9418648

Function 00007FFDA3479675 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

-, xrefs: 00007FFDA3479694

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 50f535b0f6b9e0d1da5e18111bc2edabd67c184415786a1ceb57d463008e140f
Instruction ID: 5edfb7ee7d29e489bb49247b304fd607aaae5cce45bc319bfb88fd1ed461b010
Opcode Fuzzy Hash: 50f535b0f6b9e0d1da5e18111bc2edabd67c184415786a1ceb57d463008e140f
Instruction Fuzzy Hash: 05116372F095418AFB908F1AE06437C27A2EB85B58F554135CB0C8B38BDF7ED4958B08

Function 00007FFDA34311E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345FE05
conf_ssl_name_find.LIBCRYPTO-1_1 ref: 00007FFDA345FE34
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345FE60
ERR_add_error_data.LIBCRYPTO-1_1 ref: 00007FFDA345FE77
conf_ssl_get_cmd.LIBCRYPTO-1_1 ref: 00007FFDA345FF30
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345FFC1
ERR_add_error_data.LIBCRYPTO-1_1 ref: 00007FFDA3460001

Strings

..\s\ssl\ssl_mcnf.c, xrefs: 00007FFDA345FDEA
!, xrefs: 00007FFDA345FDF1

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error$R_add_error_data$conf_ssl_get_cmdconf_ssl_name_find
String ID: !$..\s\ssl\ssl_mcnf.c
API String ID: 1136227658-1677383339
Opcode ID: 7024b6112d44a401bdb0f3d32813959a5e408be8cf8b68b193383ec4148f1dbf
Instruction ID: 49504dbed1d9fa12553f1544e4de85c751130543ac76c68d9ffd049cffee5c30
Opcode Fuzzy Hash: 7024b6112d44a401bdb0f3d32813959a5e408be8cf8b68b193383ec4148f1dbf
Instruction Fuzzy Hash: 43014923F0B24182F7249A91A8106BA1252AB407D4F00C035FE0CD7BC3DE7DD9928708

Function 00007FFDA34311C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3454878
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA34548C9

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345485B, 00007FFDA34548AA

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1767461275-1080266419
Opcode ID: 653bc97def7ddd28f1a173005cbf812f26c3eea3de9f75b4993d309b3b478db1
Instruction ID: bd7a1b9bd924d2605a8826f2db70bbff9d71e512ab1a6d68ad8136da3f317d94
Opcode Fuzzy Hash: 653bc97def7ddd28f1a173005cbf812f26c3eea3de9f75b4993d309b3b478db1
Instruction Fuzzy Hash: FA11CE29F0A24282F750AB61D8213F92297AF40304F440031D90CE77C7DFBEEA91C318

Function 00007FFDA345A2D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345A31D
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345A354

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345A2FE, 00007FFDA345A335

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1767461275-1080266419
Opcode ID: 313acef978bffea86714e02ae65a3a584ea264f2087be210df51fc1ee6c682e6
Instruction ID: 8d69b7a6338a81c28810e52b89b7de66e80f38baac3588f9922df52380adbca1
Opcode Fuzzy Hash: 313acef978bffea86714e02ae65a3a584ea264f2087be210df51fc1ee6c682e6
Instruction Fuzzy Hash: 1A015E62F0A34586F7519B55D8143993692FB4074CF948134EA4CD77E2CFBED986CB04

Function 00007FFDA345A1F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345A23D
ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345A274

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345A21E, 00007FFDA345A255

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1767461275-1080266419
Opcode ID: a3402959f9b8482732006edcbc1b967c4b4a5d664d34c2b69162fbf4fa25a2fd
Instruction ID: facbcd9646c4c039d70f7dadec8ad4e42c8a0b8065f3bdb4f35dd7a6a4765974
Opcode Fuzzy Hash: a3402959f9b8482732006edcbc1b967c4b4a5d664d34c2b69162fbf4fa25a2fd
Instruction Fuzzy Hash: 26015E72F0A38586F7519B55C8153993692FB40748F508134EA4C977E2CFBED996CB04

Function 00007FFDA3446191 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

EC_KEY_get0_group.LIBCRYPTO-1_1 ref: 00007FFDA34461A6

Strings

{, xrefs: 00007FFDA3446196

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: Y_get0_group
String ID: {
API String ID: 3268241200-4087598719
Opcode ID: e33d06e3be94e0a184dbb4d4c60d0bab2df72c9bf962c9d4d93606db3ef6c6e7
Instruction ID: ccdeb59c24c40ae6d777c3d48e8ede529c452e6c0222de41027703c8df02e8a2
Opcode Fuzzy Hash: e33d06e3be94e0a184dbb4d4c60d0bab2df72c9bf962c9d4d93606db3ef6c6e7
Instruction Fuzzy Hash: CDF0A921B0E542C6FB61EE50E0202BC6752BB80794F440532DE4DA7797DFFEE1458718

Function 00007FFDA347957A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

BIO_clear_flags.LIBCRYPTO-1_1 ref: 00007FFDA34795EC
BIO_set_flags.LIBCRYPTO-1_1 ref: 00007FFDA34795F9

Strings

&, xrefs: 00007FFDA347957F

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_clear_flagsO_set_flags
String ID: &
API String ID: 3946675294-1010288
Opcode ID: 2bef2fb19a2e1a261c318906132edc35b56a4ae7fdd66ccc087fa3284b20747d
Instruction ID: 19477429fa76df63647794cba0360cfff7631ab65bf7dc084a62b6ac6f589bf3
Opcode Fuzzy Hash: 2bef2fb19a2e1a261c318906132edc35b56a4ae7fdd66ccc087fa3284b20747d
Instruction Fuzzy Hash: 6CF09662B0964186FB50DB26E06537D2792EB85B48F194034CE4C8B78BDF7EC4918704

Function 00007FFDA3479637 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

BIO_clear_flags.LIBCRYPTO-1_1 ref: 00007FFDA34795EC
BIO_set_flags.LIBCRYPTO-1_1 ref: 00007FFDA34795F9

Strings

', xrefs: 00007FFDA3479640

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: O_clear_flagsO_set_flags
String ID: '
API String ID: 3946675294-1997036262
Opcode ID: a3c46faf9a164dc0ce3dd0952da6781b21ed937f7c556786078a3bdb919bd19a
Instruction ID: 259f89f4d2aacfa532223974ab13eac6e7e177a73f42161edab6589d7815d236
Opcode Fuzzy Hash: a3c46faf9a164dc0ce3dd0952da6781b21ed937f7c556786078a3bdb919bd19a
Instruction Fuzzy Hash: 3FF09662B0964186FB509B26E06137C2791EB85B48F154034CE4C8B7CBDF7EC4958704

Function 00007FFDA343237E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA34641EE
memcpy.VCRUNTIME140 ref: 00007FFDA3464210

Strings

..\s\ssl\ssl_sess.c, xrefs: 00007FFDA34641E0

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_errormemcpy
String ID: ..\s\ssl\ssl_sess.c
API String ID: 1385177007-2868363209
Opcode ID: 30f9734ecd00a7bffa40890edf63c63ac05f31dd9d01e44b878c104969c93cc2
Instruction ID: 8177043b341a19b6770b545a61a3bcba21fcef4ed1932ef820f152fee43fad34
Opcode Fuzzy Hash: 30f9734ecd00a7bffa40890edf63c63ac05f31dd9d01e44b878c104969c93cc2
Instruction Fuzzy Hash: B2F0AE65F1609247EB606B9598157EC1751AF40340F800530E10D96783DFAE56568704

Function 00007FFDA34310DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3438EF5

Strings

..\s\ssl\pqueue.c, xrefs: 00007FFDA3438EC3, 00007FFDA3438EDA
+, xrefs: 00007FFDA3438EE1

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error
String ID: +$..\s\ssl\pqueue.c
API String ID: 1767461275-3697747608
Opcode ID: dbf9d5c89b16541b622dc419c562c68810710d0935cac74871ac38a3faf34fae
Instruction ID: a74c25bf29e3be97d80bcd9cb78ceb0a7dfd2c51d8de1f3189235a9d5c9b212d
Opcode Fuzzy Hash: dbf9d5c89b16541b622dc419c562c68810710d0935cac74871ac38a3faf34fae
Instruction Fuzzy Hash: 65F0A025B1B10786EB549B10D0255A97762EF40304F400031EA0CA3393EFBEF65ACB08

Function 00007FFDA343254F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3455C7E
memcpy.VCRUNTIME140 ref: 00007FFDA3455C9B

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA3455C70

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_errormemcpy
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1385177007-1080266419
Opcode ID: 5fe9283d2c71ab4161b7334fd32eb3f44c3a3402327cdb9bd1134ce8e9508b8e
Instruction ID: b4ce1afabf2afdab48807c5d366b82956e2d282b6b67bac5f26c9608d79ac3ee
Opcode Fuzzy Hash: 5fe9283d2c71ab4161b7334fd32eb3f44c3a3402327cdb9bd1134ce8e9508b8e
Instruction Fuzzy Hash: FBE06561F1A15647E361A7A488217A93751FB40344F800030E10DE7783CEAFA65ACB08

Function 00007FFDA345B280 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA345B2AE
memcpy.VCRUNTIME140 ref: 00007FFDA345B2CB

Strings

..\s\ssl\ssl_lib.c, xrefs: 00007FFDA345B2A0

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_errormemcpy
String ID: ..\s\ssl\ssl_lib.c
API String ID: 1385177007-1080266419
Opcode ID: 94ab37f8014b0f27dd2f749edd48aea2620e98c56777c17c97807f3485cf7c3f
Instruction ID: a0933741ec98414b5f2e584bb7c832d788c0e83d6b5a247e14d08df2d55536bb
Opcode Fuzzy Hash: 94ab37f8014b0f27dd2f749edd48aea2620e98c56777c17c97807f3485cf7c3f
Instruction Fuzzy Hash: CEE09261F161A647E760ABA4D42579C3791FB40344F804030F20C93783CEAFA6678B18

Function 00007FFDA3446153 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

ERR_put_error.LIBCRYPTO-1_1 ref: 00007FFDA3446170

Strings

m, xrefs: 00007FFDA3446158
..\s\ssl\s3_lib.c, xrefs: 00007FFDA3446160

Memory Dump Source

Source File: 00000002.00000002.2125928314.00007FFDA3431000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFDA3430000, based on PE: true

Associated: 00000002.00000002.2125906854.00007FFDA3430000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2125928314.00007FFDA34A4000.00000020.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126034771.00007FFDA34C9000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126063083.00007FFDA34CD000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34CE000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34D4000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ffda3430000_file.jbxd

Similarity

API ID: R_put_error
String ID: ..\s\ssl\s3_lib.c$m
API String ID: 1767461275-297842231
Opcode ID: dabded245b1138d054d01c0e447c6de338ca7fe595687a8483ebc962513b1b14
Instruction ID: f5ef69f5e128be92ab34753a44c245e63112c9969d95df067779ebef0031e7ad
Opcode Fuzzy Hash: dabded245b1138d054d01c0e447c6de338ca7fe595687a8483ebc962513b1b14
Instruction Fuzzy Hash: C6D01226F0895597E321EF56F4101D96322F784354F450832EB4C527D6CF7EE5869B14

Source: file.exe, 00000002.00000003.2104835722.00000239C38B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2122964981.00000239C3C40000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104716566.00000239C3222000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: file.exe, 00000000.00000003.2078796039.000002181B332000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.co
Source: file.exe, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: file.exe, 00000000.00000003.2078659802.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2091542556.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079040953.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087073718.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087798746.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085524874.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078144390.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079202900.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078435707.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2091571829.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087840593.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078946153.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085460991.000002181B340000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086749324.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087046471.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089551898.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086703998.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087073718.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078796039.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089487815.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: file.exe, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: file.exe, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.exe, 00000000.00000003.2087073718.000002181B335000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crPyObject_CheckReadBufferpython311.PyObject_CheckReadBufferPyObject_ClearWeakRefspython311.P
Source: file.exe	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: file.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: file.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: file.exe, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: file.exe, 00000000.00000003.2078659802.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2091542556.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079040953.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087073718.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087798746.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085524874.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078144390.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079202900.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078435707.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2091571829.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087840593.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078946153.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085460991.000002181B340000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086749324.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087046471.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089551898.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086703998.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087073718.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078796039.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089487815.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: file.exe, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: libcrypto-1_1.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.exe, 00000000.00000003.2078659802.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2091542556.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079040953.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087073718.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087798746.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085524874.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078144390.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079202900.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078435707.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2091571829.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087840593.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078946153.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085460991.000002181B340000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086749324.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087046471.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089551898.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086703998.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087073718.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078796039.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089487815.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: file.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: file.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: file.exe, 00000002.00000003.2104251717.00000239C390B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2122330234.00000239C3740000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103420247.00000239C390B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: file.exe, 00000002.00000003.2107470310.00000239C3421000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2110567806.00000239C3450000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107232156.00000239C340E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2110906844.00000239C3453000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C3443000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111082663.00000239C3464000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: file.exe, 00000002.00000003.2107470310.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108987087.00000239C34A5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2121639639.00000239C34AD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C348F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: file.exe, 00000002.00000003.2107470310.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2121613410.00000239C349F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109093292.00000239C3499000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C348F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d5937
Source: file.exe, 00000002.00000003.2107470310.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2121613410.00000239C349F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107470310.00000239C3421000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107232156.00000239C340E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109567235.00000239C3466000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109093292.00000239C3499000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C3443000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: file.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: file.exe, 00000000.00000003.2078659802.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2091542556.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079040953.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087073718.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087798746.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085524874.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078144390.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079202900.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078435707.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2091571829.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087840593.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078946153.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085460991.000002181B340000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086749324.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087046471.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089551898.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086703998.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087073718.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078796039.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089487815.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: file.exe, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: file.exe, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: file.exe	String found in binary or memory: http://ocsp.sectigo.com0
Source: file.exe, 00000002.00000002.2122964981.00000239C3C40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: file.exe, 00000002.00000003.2101618066.00000239C3480000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101768333.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102004693.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102150171.00000239C3450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: file.exe, 00000000.00000003.2078659802.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2091542556.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079040953.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087073718.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087798746.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085524874.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078144390.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079202900.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078435707.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2091571829.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087840593.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078946153.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085460991.000002181B340000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086749324.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087046471.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089551898.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086703998.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2087073718.000002181B342000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078796039.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089487815.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000002.00000003.2106591896.00000239C3503000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109975810.00000239C3509000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106115971.00000239C34F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104166897.00000239C34D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: file.exe, 00000002.00000003.2101768333.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102004693.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102150171.00000239C3450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: file.exe, 00000002.00000003.2101618066.00000239C3480000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101768333.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102004693.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102150171.00000239C3450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: file.exe, 00000002.00000003.2107073018.00000239C31CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104251717.00000239C390B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106513414.00000239C31BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111330977.00000239C31CB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106467560.00000239C31A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103420247.00000239C390B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: file.exe, 00000002.00000003.2111125283.00000239C33B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101768333.00000239C33C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C33B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101360000.00000239C33B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2100755088.00000239C3456000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2100212085.00000239C3456000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2110269188.00000239C33B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111817225.00000239C33B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2120983564.00000239C33B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102208957.00000239C33C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue42195.
Source: _cffi_backend.cp311-win_amd64.pyd.0.dr	String found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	String found in binary or memory: https://cryptography.io
Source: METADATA.0.dr	String found in binary or memory: https://cryptography.io/
Source: file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	String found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: _rust.pyd.0.dr	String found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
Source: file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	String found in binary or memory: https://cryptography.io/en/latest/installation/
Source: file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	String found in binary or memory: https://cryptography.io/en/latest/security/
Source: file.exe, 00000002.00000003.2102374817.00000239C3462000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107470310.00000239C3421000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101360000.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107232156.00000239C340E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109567235.00000239C3466000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101535138.00000239C3461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102004693.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C3443000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C33F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2101688059.00000239C346D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102486918.00000239C346C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2110151704.00000239C346D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2102150171.00000239C3450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: _bcrypt.pyd.0.dr	String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: file.exe, 00000002.00000002.2122202015.00000239C3640000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: file.exe, 00000002.00000003.2111970200.00000239C34F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C34F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111255514.00000239C34F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106115971.00000239C34F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104166897.00000239C34D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: file.exe, 00000002.00000003.2099430534.00000239C13FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2096439344.00000239C3141000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106855895.00000239C13DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2114317566.00000239C1413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099518287.00000239C1401000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2118572303.00000239C1414000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107882981.00000239C1406000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099123421.00000239C1405000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099804414.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109428688.00000239C1410000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098285001.00000239C140D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2100696562.00000239C13FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108940623.00000239C140D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098766089.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: _bcrypt.pyd.0.dr	String found in binary or memory: https://github.com/pyca/bcrypt/__version_ex__4.1.2The
Source: file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	String found in binary or memory: https://github.com/pyca/cryptography
Source: file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	String found in binary or memory: https://github.com/pyca/cryptography/
Source: file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	String found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA.0.dr, _rust.pyd.0.dr	String found in binary or memory: https://github.com/pyca/cryptography/issues
Source: _rust.pyd.0.dr	String found in binary or memory: https://github.com/pyca/cryptography/issues/8996
Source: file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	String found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: file.exe, 00000002.00000003.2096439344.00000239C3141000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2119286783.00000239C2D88000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: file.exe, 00000002.00000003.2098766089.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: file.exe, 00000002.00000003.2099430534.00000239C13FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2096439344.00000239C3141000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106855895.00000239C13DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2114317566.00000239C1413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099518287.00000239C1401000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2118572303.00000239C1414000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107882981.00000239C1406000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099123421.00000239C1405000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099804414.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109428688.00000239C1410000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098285001.00000239C140D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2100696562.00000239C13FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108940623.00000239C140D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098766089.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: file.exe, 00000002.00000003.2099430534.00000239C13FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2096439344.00000239C3141000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106855895.00000239C13DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2114317566.00000239C1413000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099518287.00000239C1401000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2118572303.00000239C1414000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107882981.00000239C1406000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099123421.00000239C1405000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2099804414.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109428688.00000239C1410000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098285001.00000239C140D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2100696562.00000239C13FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108940623.00000239C140D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098766089.00000239C13F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: file.exe, 00000002.00000002.2122202015.00000239C3640000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: file.exe, 00000002.00000003.2107470310.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2121613410.00000239C349F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2109093292.00000239C3499000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C348F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: file.exe, 00000002.00000002.2122202015.00000239C3640000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: file.exe, 00000002.00000003.2106627313.00000239C34F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106610803.00000239C3518000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107583289.00000239C351E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106494916.00000239C350C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108495608.00000239C34FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106115971.00000239C34F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104166897.00000239C34D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: file.exe, 00000002.00000003.2109498206.00000239C3473000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: file.exe, 00000002.00000003.2107470310.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111373792.00000239C34E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107907520.00000239C34D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108987087.00000239C34D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106627313.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104166897.00000239C34D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: file.exe, 00000002.00000003.2116021706.00000239C3E28000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000002.2120126103.00000239C3221000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107797394.00000239C348F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2105710336.00000239C3524000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2105814384.00000239C38FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107583289.00000239C3528000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108695923.00000239C3528000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106348484.00000239C3528000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106141104.00000239C31D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: file.exe, 00000002.00000003.2108047474.00000239C31BF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2115650014.00000239C31C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106513414.00000239C31BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108451542.00000239C31C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106467560.00000239C31A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2120001108.00000239C31C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	String found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: file.exe, 00000002.00000003.2116021706.00000239C3DF8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111772823.00000239C34DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2111970200.00000239C34DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: file.exe, 00000002.00000003.2105471619.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104835722.00000239C38B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104765849.00000239C3908000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2122509155.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106826126.00000239C3920000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106070756.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107422942.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106437603.00000239C3901000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104835722.00000239C38E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2105814384.00000239C38FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106796381.00000239C3916000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107342561.00000239C3926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104325449.00000239C38CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	String found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: file.exe, 00000002.00000002.2120171366.00000239C3240000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.dr	String found in binary or memory: https://peps.python.org/pep-0205/
Source: file.exe, 00000002.00000002.2124080160.00007FFD9466B000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr	String found in binary or memory: https://peps.python.org/pep-0263/
Source: file.exe, 00000002.00000002.2119644866.00000239C2F40000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pluvinecollutstogie.sbs/id777
Source: file.exe, 00000002.00000002.2119644866.00000239C2F40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pluvinecollutstogie.sbs/id777index
Source: file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	String found in binary or memory: https://pypi.org/project/cryptography/
Source: file.exe, 00000000.00000003.2082083725.000002181B338000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr	String found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: file.exe, 00000002.00000003.2108047474.00000239C31BF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2115650014.00000239C31C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2116021706.00000239C3DF8000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106513414.00000239C31BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108451542.00000239C31C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106467560.00000239C31A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2120001108.00000239C31C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: file.exe	String found in binary or memory: https://sectigo.com/CPS0
Source: file.exe, 00000002.00000003.2107697642.00000239C31A3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106467560.00000239C31A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2114474082.00000239C31A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: file.exe, 00000002.00000003.2106115971.00000239C34F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106467560.00000239C31A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104166897.00000239C34D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: file.exe, 00000002.00000002.2122330234.00000239C3740000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: file.exe, 00000002.00000002.2122330234.00000239C3740000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: file.exe, 00000000.00000003.2081387871.000002181B335000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: file.exe, 00000000.00000003.2081956102.000002181B343000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081387871.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081346972.000002181B343000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.dr	String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: file.exe, 00000000.00000003.2086703998.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmp, file.exe, 00000002.00000002.2126709512.00007FFDA3828000.00000002.00000001.01000000.0000000A.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr	String found in binary or memory: https://www.openssl.org/H
Source: file.exe, 00000002.00000003.2108047474.00000239C31BF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2115650014.00000239C31C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106513414.00000239C31BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108451542.00000239C31C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106467560.00000239C31A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106239216.00000239C3151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2120001108.00000239C31C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: file.exe, 00000002.00000003.2105471619.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104835722.00000239C38B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104765849.00000239C3908000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2122509155.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106826126.00000239C3920000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106070756.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107422942.00000239C38DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106437603.00000239C3901000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104835722.00000239C38E3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2105814384.00000239C38FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106796381.00000239C3916000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107342561.00000239C3926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104325449.00000239C38CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: file.exe, 00000002.00000002.2119286783.00000239C2D00000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098027317.00000239C31A7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2098073514.00000239C3184000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.dr	String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: file.exe, 00000002.00000002.2124395084.00007FFD94708000.00000004.00000001.01000000.00000004.sdmp, python311.dll.0.dr	String found in binary or memory: https://www.python.org/psf/license/
Source: file.exe, 00000002.00000003.2106627313.00000239C34F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106610803.00000239C3518000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2107583289.00000239C351E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106494916.00000239C350C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2108495608.00000239C34FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2106115971.00000239C34F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2104166897.00000239C34D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2103852414.00000239C34CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Source: file.exe, 00000000.00000003.2078659802.000002181B332000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2091542556.000002181B33B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2077987715.000002181B332000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs file.exe
Source: file.exe, 00000000.00000003.2079040953.000002181B332000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2078144390.000002181B332000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2079202900.000002181B332000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2078435707.000002181B332000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2078946153.000002181B332000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2087046471.000002181B33B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs file.exe
Source: file.exe, 00000000.00000003.2086703998.000002181B33B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs file.exe
Source: file.exe, 00000000.00000003.2078796039.000002181B332000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs file.exe
Source: file.exe, 00000000.00000003.2089487815.000002181B33B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs file.exe
Source: file.exe	Binary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000002.00000002.2123881111.00007FFD942E5000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs file.exe
Source: file.exe, 00000002.00000002.2126087004.00007FFDA34DB000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilenamelibsslH vs file.exe
Source: file.exe, 00000002.00000002.2127978085.00007FFDA57F6000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs file.exe
Source: file.exe, 00000002.00000002.2127860770.00007FFDA5512000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs file.exe
Source: file.exe, 00000002.00000002.2125545910.00007FFD948A7000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenamepython311.dll. vs file.exe
Source: file.exe, 00000002.00000002.2127502970.00007FFDA54C6000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs file.exe
Source: file.exe, 00000002.00000002.2126709512.00007FFDA3828000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs file.exe
Source: file.exe, 00000002.00000002.2128165513.00007FFDAC067000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs file.exe
Source: file.exe, 00000002.00000002.2127190289.00007FFDA5472000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs file.exe
Source: file.exe, 00000002.00000002.2127027976.00007FFDA4705000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs file.exe
Source: file.exe, 00000002.00000002.2119063937.00000239C2C10000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs file.exe
Source: file.exe, 00000002.00000002.2127736814.00007FFDA54EE000.00000002.00000001.01000000.0000000D.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs file.exe
Source: file.exe, 00000002.00000002.2125688081.00007FFDA3395000.00000002.00000001.01000000.00000013.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs file.exe

Source: file.exe	Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: libssl-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: python311.dll.0.dr	Static PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA337D390 push rsi; iretd	2_2_00007FFDA337D3A5
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA337D418 push rsi; retf	2_2_00007FFDA337D419
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA33C4196 push 2B41C88Bh; iretd	2_2_00007FFDA33C419B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00007FFDA33C4CBC push 2B41C88Bh; iretd	2_2_00007FFDA33C4CC1

Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: file.exe, 00000000.00000003.2091571829.000002181B335000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2123640277.00007FFD942E0000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs source: _rust.pyd.0.dr
Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-qj8bun1p\src\_bcrypt\target\release\deps\bcrypt_rust.pdb source: _bcrypt.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: file.exe, 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmp, libssl-1_1.dll.0.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: _rust.pyd.0.dr
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: file.exe, 00000002.00000002.2126503167.00007FFDA372F000.00000002.00000001.01000000.0000000A.sdmp, libcrypto-1_1.dll.0.dr
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1u 30 May 2023built on: Wed May 31 23:27:41 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: file.exe, 00000002.00000002.2126503167.00007FFDA372F000.00000002.00000001.01000000.0000000A.sdmp, libcrypto-1_1.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: file.exe, 00000000.00000003.2077987715.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2128068524.00007FFDAC061000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: file.exe, 00000000.00000003.2077987715.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2128068524.00007FFDAC061000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source:	Binary string: D:\a\1\b\libcrypto-1_1.pdb source: file.exe, 00000002.00000002.2126503167.00007FFDA37B1000.00000002.00000001.01000000.0000000A.sdmp, libcrypto-1_1.dll.0.dr
Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-qj8bun1p\src\_bcrypt\target\release\deps\bcrypt_rust.pdbR source: _bcrypt.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\python311.pdb source: file.exe, 00000002.00000002.2124080160.00007FFD9466B000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb source: file.exe, 00000002.00000002.2126002450.00007FFDA34A6000.00000002.00000001.01000000.0000000B.sdmp, libssl-1_1.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: file.exe, 00000000.00000003.2089487815.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2127931710.00007FFDA57F3000.00000002.00000001.01000000.00000008.sdmp, select.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: file.exe, 00000000.00000003.2078659802.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2127682349.00007FFDA54E7000.00000002.00000001.01000000.0000000D.sdmp, _hashlib.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: file.exe, 00000000.00000003.2078796039.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2125620415.00007FFDA338C000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.4built on: Fri Nov 24 00:12:45 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: _rust.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: file.exe, 00000000.00000003.2078946153.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2127421041.00007FFDA54C3000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: file.exe, 00000000.00000003.2078796039.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2125620415.00007FFDA338C000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: file.exe, 00000000.00000003.2078144390.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2127143410.00007FFDA546D000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs source: _rust.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: file.exe, 00000000.00000003.2079040953.000002181B332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2127817019.00007FFDA5508000.00000002.00000001.01000000.00000007.sdmp, _socket.pyd.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: file.exe, 00000000.00000003.2087046471.000002181B33B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2119063937.00000239C2C10000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: file.exe, 00000002.00000002.2126938285.00007FFDA46ED000.00000002.00000001.01000000.00000009.sdmp, _ssl.pyd.0.dr

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA34E1EF1 appears 1585 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA34312EE appears 568 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA34E24B9 appears 83 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA34E4840 appears 130 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA34E405C appears 783 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FF75A102B10 appears 47 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA349E055 appears 105 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA349DFBF appears 218 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA34E2A09 appears 172 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA34E3012 appears 55 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA3C13710 appears 105 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA34E688E appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA34E4D6D appears 35 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA3C136A0 appears 46 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA34E2739 appears 512 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDA34E698D appears 51 times

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\zstandard\backend_c.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\python311.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md__mypyc.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\zstandard\_cffi.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography\hazmat\bindings\_rust.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\_cffi_backend.cp311-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\bcrypt\_bcrypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI71002\python3.dll	Jump to dropped file

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\_MEI71002\VCRUNTIME140.dll

C:\Users\user\AppData\Local\Temp\_MEI71002\_bz2.pyd

C:\Users\user\AppData\Local\Temp\_MEI71002\_cffi_backend.cp311-win_amd64.pyd

C:\Users\user\AppData\Local\Temp\_MEI71002\_decimal.pyd

C:\Users\user\AppData\Local\Temp\_MEI71002\_hashlib.pyd

C:\Users\user\AppData\Local\Temp\_MEI71002\_lzma.pyd

C:\Users\user\AppData\Local\Temp\_MEI71002\_queue.pyd

C:\Users\user\AppData\Local\Temp\_MEI71002\_socket.pyd

C:\Users\user\AppData\Local\Temp\_MEI71002\_ssl.pyd

C:\Users\user\AppData\Local\Temp\_MEI71002\base_library.zip

C:\Users\user\AppData\Local\Temp\_MEI71002\bcrypt\_bcrypt.pyd

C:\Users\user\AppData\Local\Temp\_MEI71002\certifi\cacert.pem

C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md.cp311-win_amd64.pyd

C:\Users\user\AppData\Local\Temp\_MEI71002\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\INSTALLER

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\LICENSE

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\LICENSE.APACHE

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\LICENSE.BSD

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\METADATA

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\RECORD

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\WHEEL

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography-41.0.7.dist-info\top_level.txt

C:\Users\user\AppData\Local\Temp\_MEI71002\cryptography\hazmat\bindings\_rust.pyd

Windows Analysis Report
file.exe

Function 00007FF75A101000 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 293
windowCOMMON

Function 00007FF75A126B50 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334
timeCOMMON

Function 00007FF75A127A9C Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Function 00007FF75A107B60 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141
COMMON

Function 00007FF75A126DCC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143
timeCOMMON

Function 00007FF75A101700 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 148
COMMON

Function 00007FF75A101A90 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135
COMMON

Function 00007FF75A108290 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90
processsynchronizationCOMMON

Function 00007FF75A101050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154
COMMON

Function 00007FF75A11F9C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Function 00007FF75A11C80C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Function 00007FF75A108860 Relevance: 10.6, APIs: 7, Instructions: 63
COMMON

Function 00007FF75A108B80 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 59
COMMON

Function 00007FF75A103F00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55
COMMON