Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Analysis ID:	1447355
MD5:	786db86691e817294e52423089162e44
SHA1:	3d61074a52365b907591d5590a622a3a4ef10c8a
SHA256:	69e2ae11e1b5cbe120bf02301191a1cf05e87fc09b09d63bd782abbf3615d05d
Tags:	exe
Infos:

Detection

Score:	51
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

.NET source code contains potential unpacker

AI detected suspicious sample

Tries to detect virtualization through RDTSC time measurements

Yara detected Costura Assembly Loader

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to dynamically determine API calls

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe (PID: 5460 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe" MD5: 786DB86691E817294E52423089162E44)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000000.1969730710.0000000000192000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.4431341655.0000000002651000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe PID: 5460	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.190000.0.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.37a2580.6.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

ReversingLabs: Detection: 21%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_6E153670 CryptQueryObject,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,CryptMsgGetParam,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,LocalAlloc,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,CryptMsgGetParam,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,	0_2_6E153670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_6E153470 lstrcmpA,CryptDecodeObject,CertFreeCertificateContext,LocalAlloc,CertFreeCertificateContext,CryptDecodeObject,CertFreeCertificateContext,CertFreeCertificateContext,	0_2_6E153470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_6E153499 lstrcmpA,CryptDecodeObject,CertFreeCertificateContext,	0_2_6E153499

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Zortos\Documents\source\repos\CFUnzipper\CFUnzipper\obj\Release\ZortosUnzipper.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source:	Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source:	Binary string: /home/runner/work/sharpcompress/sharpcompress/src/SharpCompress/obj/Release/netstandard2.0/SharpCompress.pdbSHA256 source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /home/runner/work/sharpcompress/sharpcompress/src/SharpCompress/obj/Release/netstandard2.0/SharpCompress.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: clrjit.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4436676433.0000000005160000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4438182838.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressed\|\|\|Costura.pdb\|52414EC411DEA325110F0AD21378C8D101897989\|2544 source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source:	Binary string: costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source:	Binary string: C:\Dropbox\Dev\ag.v66\Libraries\MSILJitter\bin\RELEASE\win32\AgileDotNetRT.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr

Networking

Yara detected Generic Downloader

Source: Yara match

File source: 0.2.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.37a2580.6.raw.unpack, type: UNPACKEDPE

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: http://s2.symcb.com0
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: http://sv.symcd.com0&
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/adamhathcock/sharpcompress
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/runtime/issues/24271YFailed

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_0263DC2C	0_2_0263DC2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_0634A340	0_2_0634A340
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_078CEFC0	0_2_078CEFC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_078C356C	0_2_078C356C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_078C4A63	0_2_078C4A63
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_07912408	0_2_07912408
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_0796BD00	0_2_0796BD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_07960040	0_2_07960040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_0796F259	0_2_0796F259
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_07A135D0	0_2_07A135D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_07A13592	0_2_07A13592
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_0833F943	0_2_0833F943

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSharpCompress.dll< vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4429870159.00000000007AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000000.1969906724.0000000000388000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameZortosUnzipper.exe6 vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSharpCompress.dll< vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Binary or memory string: OriginalFilenameZortosUnzipper.exe6 vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.37a2580.6.raw.unpack, AesDecoderStream.cs	Cryptographic APIs: 'TransformBlock'
Source: 0.2.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.37a2580.6.raw.unpack, AesDecoderStream.cs	Cryptographic APIs: 'TransformBlock'
Source: 0.2.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.37a2580.6.raw.unpack, WinzipAesCryptoStream.cs	Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock'

Source: classification engine

Classification label: mal51.troj.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

File created: C:\Users\user\AppData\Local\Temp\ZortosUnzipper

Jump to behavior

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

ReversingLabs: Detection: 21%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Automated click: Extract

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static file information: File size 2181120 > 1048576

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1f4200

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\Zortos\Documents\source\repos\CFUnzipper\CFUnzipper\obj\Release\ZortosUnzipper.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source:	Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source:	Binary string: /home/runner/work/sharpcompress/sharpcompress/src/SharpCompress/obj/Release/netstandard2.0/SharpCompress.pdbSHA256 source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /home/runner/work/sharpcompress/sharpcompress/src/SharpCompress/obj/Release/netstandard2.0/SharpCompress.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: clrjit.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4436676433.0000000005160000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4438182838.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressed\|\|\|Costura.pdb\|52414EC411DEA325110F0AD21378C8D101897989\|2544 source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source:	Binary string: costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Source:	Binary string: C:\Dropbox\Dev\ag.v66\Libraries\MSILJitter\bin\RELEASE\win32\AgileDotNetRT.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, AssemblyLoader.cs

.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])

Yara detected Costura Assembly Loader

Source: Yara match	File source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, type: SAMPLE
Source: Yara match	File source: 0.0.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.190000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1969730710.0000000000192000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4431341655.0000000002651000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe PID: 5460, type: MEMORYSTR

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static PE information: 0xB266165F [Tue Nov 4 14:34:07 2064 UTC]

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Code function: 0_2_6E15A090 GetCurrentProcess,GetCurrentProcess,GetFileVersionInfoSizeW,GetProcessHeap,HeapAlloc,GetFileVersionInfoW,VerQueryValueA,LoadLibraryW,GetProcAddress,GetProcessHeap,HeapFree,

0_2_6E15A090

Source: GunaUIDotNetRT.dll.0.dr	Static PE information: section name: .didat
Source: GunaUIDotNetRT.dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_0263F0D2 push esp; iretd	0_2_0263F0D9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_06346B6D pushad ; iretd	0_2_06346B81
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_06346B82 pushad ; iretd	0_2_06346B81
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_078672B3 push esp; iretd	0_2_078672B9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_07869A3B push 400779DBh; retf	0_2_07869A45
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_078AC7E2 push es; ret	0_2_078AC7ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_078AB610 pushfd ; ret	0_2_078AB61D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_078ABE33 pushad ; ret	0_2_078ABE3D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Code function: 0_2_07A19FAA pushfd ; ret	0_2_07A19FB1

Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Static PE information: section name: .text entropy: 7.781616525832242

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

File created: C:\Users\user\AppData\Local\Temp\21130707-67bd-4fd2-91d2-b9f759127e7b\GunaUIDotNetRT.dll

Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

RDTSC instruction interceptor: First address: 6E151D36 second address: 6E152A87 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-10h], eax 0x00000005 mov dword ptr [ebp-0Ch], edx 0x00000008 mov eax, dword ptr [ebp-10h] 0x0000000b sub eax, dword ptr [ebp-08h] 0x0000000e mov edx, dword ptr [ebp-0Ch] 0x00000011 sbb edx, dword ptr [ebp-04h] 0x00000014 pop edi 0x00000015 pop esi 0x00000016 pop ebx 0x00000017 mov esp, ebp 0x00000019 pop ebp 0x0000001a ret 0x0000001b mov dword ptr [6E1653C0h], eax 0x00000020 mov dword ptr [6E1653C4h], edx 0x00000026 mov dword ptr [ebp-0Ch], 00000000h 0x0000002d jmp 00007FAB34C7041Bh 0x0000002f mov eax, dword ptr [ebp-0Ch] 0x00000032 cmp eax, dword ptr [ebp+08h] 0x00000035 jnl 00007FAB34C70456h 0x00000037 rdtsc

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Memory allocated: 25F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Memory allocated: 2650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Memory allocated: 4650000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Code function: 0_2_6E152A40 rdtsc

0_2_6E152A40

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Window / User API: threadDelayed 1826			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Window / User API: threadDelayed 8076			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\21130707-67bd-4fd2-91d2-b9f759127e7b\GunaUIDotNetRT.dll

Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe TID: 3276	Thread sleep time: -182600s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe TID: 3276	Thread sleep time: -807600s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Code function: 0_2_6E160CF3 VirtualQuery,GetSystemInfo,

0_2_6E160CF3

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Code function: 0_2_6E152A40 rdtsc

0_2_6E152A40

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Code function: 0_2_07779D20 LdrInitializeThunk,

0_2_07779D20

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

0_2_6E15A090

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Code function: 0_2_6E157AB0 GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapAlloc,VirtualProtect,VirtualProtect,

0_2_6E157AB0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Code function: 0_2_6E15B100 GetTempPathA,GetSystemTime,GetDateFormatA,GetTimeFormatA,CreateFileA,GetProcessHeap,HeapAlloc,InitializeCriticalSection,

0_2_6E15B100

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Code function: 0_2_6E1525C0 GetVersionExW,

0_2_6E1525C0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	2 Virtualization/Sandbox Evasion	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	12 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	2 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	115 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe	21%	ReversingLabs	Win32.Trojan.Generic

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\21130707-67bd-4fd2-91d2-b9f759127e7b\GunaUIDotNetRT.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
http://crl.thawte.com/ThawteTimestampingCA.crl0	0%	URL Reputation	safe
http://www.symauth.com/cps0(	0%	URL Reputation	safe
http://www.symauth.com/rpa00	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
https://github.com/dotnet/runtime/issues/24271YFailed	0%	Avira URL Cloud	safe
https://github.com/adamhathcock/sharpcompress	0%	Avira URL Cloud	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://crl.thawte.com/ThawteTimestampingCA.crl0	SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	false	URL Reputation: safe	unknown
http://www.symauth.com/cps0(	SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	false	URL Reputation: safe	unknown
http://www.symauth.com/rpa00	SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	false	URL Reputation: safe	unknown
https://github.com/dotnet/runtime/issues/24271YFailed	SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.thawte.com0	SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr	false	URL Reputation: safe	unknown
https://github.com/adamhathcock/sharpcompress	SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1447355
Start date and time:	2024-05-24 21:31:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Detection:	MAL
Classification:	mal51.troj.evad.winEXE@1/1@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 218 Number of non-executed functions: 29
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
VT rate limit hit for: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Simulations

Behavior and APIs

Time	Type	Description
15:32:25	API Interceptor	12034488x Sleep call for process: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\21130707-67bd-4fd2-91d2-b9f759127e7b\GunaUIDotNetRT.dll	SecuriteInfo.com.Win32.MalwareX-gen.15133.26520.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.MalwareX-gen.15133.26520.exe	Get hash	malicious	Unknown	Browse
	Y396jKhotN.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	XGFd6I7SyU.exe	Get hash	malicious	RedLine	Browse
	bAuiCxmAoF.exe	Get hash	malicious	CryToy, TrojanRansom	Browse
	Lunar_Builder.exe	Get hash	malicious	Unknown	Browse
	INVOICE_CI40959 AND PACKING LIST.xlsx	Get hash	malicious	NetWire	Browse
	143649FCBD66ADF3E5D8062091486977DF9D70E58AED5.exe	Get hash	malicious	AgentTesla	Browse
	Lunar_Builder.exe	Get hash	malicious	Discord Token Stealer	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\21130707-67bd-4fd2-91d2-b9f759127e7b\GunaUIDotNetRT.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	96664
Entropy (8bit):	5.567444078679915
Encrypted:	false
SSDEEP:	1536:JKQ7ZLTFq31bfnHSukoY1IPtan1sBrGxEm5g:JKc/FM1bfnyNNdkrGxJg
MD5:	14FF402962AD21B78AE0B4C43CD1F194
SHA1:	F8A510EB26666E875A5BDD1CADAD40602763AD72
SHA-256:	FB9646CB956945BDC503E69645F6B5316D3826B780D3C36738D6B944E884D15B
SHA-512:	DAA7A08BF3709119A944BCE28F6EBDD24E54A22B18CD9F86A87873E958DF121A3881DCDD5E162F6B4E543238C7AEF20F657C9830DF01D4C79290F7C9A4FCC54B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: SecuriteInfo.com.Win32.MalwareX-gen.15133.26520.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.MalwareX-gen.15133.26520.exe, Detection: malicious, Browse Filename: Y396jKhotN.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: XGFd6I7SyU.exe, Detection: malicious, Browse Filename: bAuiCxmAoF.exe, Detection: malicious, Browse Filename: Lunar_Builder.exe, Detection: malicious, Browse Filename: INVOICE_CI40959 AND PACKING LIST.xlsx, Detection: malicious, Browse Filename: 143649FCBD66ADF3E5D8062091486977DF9D70E58AED5.exe, Detection: malicious, Browse Filename: Lunar_Builder.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........jr..jr..jr..8...ir......kr......cr..jr..9r..8...kr......sr......kr....x.kr..jr..kr......kr..Richjr..................PE..L...5 .\...........!.........F...............0......................................Z.....@..........................C......0b..d....................b..........4...`A..8...........................x7..@............`..0....p..`....................text...h........................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....idata.......`.......<..............@..@.didat..a....p.......J..............@....00cfg...............N..............@..@.rsrc................P..............@..@.reloc...............X..............@..B........................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.741296703577211
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
File size:	2'181'120 bytes
MD5:	786db86691e817294e52423089162e44
SHA1:	3d61074a52365b907591d5590a622a3a4ef10c8a
SHA256:	69e2ae11e1b5cbe120bf02301191a1cf05e87fc09b09d63bd782abbf3615d05d
SHA512:	8670e6e717dfbb7dd331117372040e78a69a3f8eedc63622f890486333ba57e735f21e6e9cdb45272cba78f784e49c8022e0c77363107262db8c695f0a6b5165
SSDEEP:	49152:5MwrFQmuXuFdHWjIjCqZVD6cTB2rP0LTxmwCjD:mwZVuXuFdH0IeUPTALVwCjD
TLSH:	83A5ADAE1C505B03C5F642F432B12AEDC7212C4DEB49F99C7906B09971F2DDB6221F9A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._.f...............0..B...........`... ........@.. ........................!...........`................................

File Icon


Icon Hash:	9c9ccdaeee6e666f

Static PE Info

General

Entrypoint:	0x5f602e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xB266165F [Tue Nov 4 14:34:07 2064 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1f5fdc	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1f8000	0x201c0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x21a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1f5f30	0x38	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1f4034	0x1f4200	86f67d27acbb7bd6389ec26a70b652ba	False	0.8659051057548113	data	7.781616525832242	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x1f8000	0x201c0	0x20200	84eb7a07c7f8438a6fe58ab64d3156ad	False	0.3826073078793774	data	5.662300923762837	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x21a000	0xc	0x200	093fe78aba7cb5bef175f9a8fead7311	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x1f81a0	0x7510	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9975640683395622
RT_ICON	0x1ff6c0	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m	0.16050514610197564
RT_ICON	0x20fef8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m	0.2305739253660841
RT_ICON	0x214130	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m	0.2671161825726141
RT_ICON	0x2166e8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m	0.3630393996247655
RT_ICON	0x2177a0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m	0.5487588652482269
RT_GROUP_ICON	0x217c18	0x5a	data	0.7666666666666667
RT_VERSION	0x217c84	0x33c	data	0.42391304347826086
RT_MANIFEST	0x217fd0	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 24, 2024 21:32:13.971980095 CEST	53	61889	1.1.1.1	192.168.2.5

Target ID:	0
Start time:	15:31:49
Start date:	24/05/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe"
Imagebase:	0x190000
File size:	2'181'120 bytes
MD5 hash:	786DB86691E817294E52423089162E44
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.1969730710.0000000000192000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.4431341655.0000000002651000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	11.9%
Dynamic/Decrypted Code Coverage:	83.9%
Signature Coverage:	4.1%
Total number of Nodes:	851
Total number of Limit Nodes:	58

Executed Functions

Function 6E15A090 Relevance: 44.1, APIs: 11, Strings: 14, Instructions: 301
memorylibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(clrjit.dll), ref: 6E15A0F8
GetCurrentProcess.KERNEL32(mscorjit.dll), ref: 6E15A14D
GetFileVersionInfoSizeW.VERSION(?,?), ref: 6E15A1A9
GetProcessHeap.KERNEL32(00000000,?,?,?), ref: 6E15A1BD
HeapAlloc.KERNEL32(00000000), ref: 6E15A1C4
GetFileVersionInfoW.VERSION(?,00000000,?,?), ref: 6E15A1E7
VerQueryValueA.VERSION(?,?,?,?,?,?), ref: 6E15A21C
LoadLibraryW.KERNEL32(?,?,?,?,?,?,?), ref: 6E15A49E
GetProcAddress.KERNEL32(?,getJit), ref: 6E15A4B6
GetProcessHeap.KERNEL32(00000000,?,.text,.text,?,00000000,00000001), ref: 6E15A562
HeapFree.KERNEL32(00000000), ref: 6E15A569

Strings

clrjit.dll, xrefs: 6E15A120
clrjit.dll, xrefs: 6E15A0F3
4.0.30319.17379, xrefs: 6E15A3C3
2.0.50727.3053 (netfxsp.050727-3000), xrefs: 6E15A236
v4.0, xrefs: 6E15A0B5
\StringFileInfo\040904b0\FileVersion, xrefs: 6E15A1EC
mscorjit.dll, xrefs: 6E15A175
2.0.50727.3068 (QFE.050727-3000), xrefs: 6E15A258
.text, xrefs: 6E15A52A, 6E15A543
2.0.50727., xrefs: 6E15A27A
4.0.30319.17626, xrefs: 6E15A427
4.0.30319.17020 built by: FXM3REL, xrefs: 6E15A3A1
mscorjit.dll, xrefs: 6E15A148
getJit, xrefs: 6E15A4AA

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: HeapProcess$CurrentFileInfoVersion$AddressAllocFreeLibraryLoadProcQuerySizeValue
String ID: .text$2.0.50727.$2.0.50727.3053 (netfxsp.050727-3000)$2.0.50727.3068 (QFE.050727-3000)$4.0.30319.17020 built by: FXM3REL$4.0.30319.17379$4.0.30319.17626$\StringFileInfo\040904b0\FileVersion$clrjit.dll$clrjit.dll$getJit$mscorjit.dll$mscorjit.dll$v4.0
API String ID: 874064189-1563454514
Opcode ID: 2b356cd68bbd7df53ff75f001c4a06774ef46c8e8a54270711c1e6ea81e62bd8
Instruction ID: 91e7c9d91c5c2a36a72f48a8f03023e2e14552dd4fa64662bc1381195dd5cded
Opcode Fuzzy Hash: 2b356cd68bbd7df53ff75f001c4a06774ef46c8e8a54270711c1e6ea81e62bd8
Instruction Fuzzy Hash: 6FD13FF1A002189FDB50CF94CD88BADB7B8EB49304F0084E9EA1997341E7359AD5DF69

Function 6E157AB0 Relevance: 9.4, APIs: 6, Instructions: 377
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25a75c958108246ec6b737f2ac3e205af0a9d12f201ae9c2efb81d0e10a3aabe
Instruction ID: 22375e5ebdca731698c72894aeeecdba8bc86fc3dd23f65ce8a1c1e313487cf3
Opcode Fuzzy Hash: 25a75c958108246ec6b737f2ac3e205af0a9d12f201ae9c2efb81d0e10a3aabe
Instruction Fuzzy Hash: 1412E8B0A00928CFDB64CF58DC90BAAB7B5AB4834AF1081D9D41DA7381DB31AED5DF40

Function 07960040 Relevance: 6.3, Strings: 2, Instructions: 3805
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

+\q, xrefs: 07960214
L'eq, xrefs: 0796038A

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: L'eq$+\q
API String ID: 0-3357618209
Opcode ID: 313e7465c0652d69547fb46016a47ec78c377fa79f2ba69a012e4a383b11ec1d
Instruction ID: 466efcfd64f73e9ead3ad61182d83822aa738750e82279e1938920966a498f6c
Opcode Fuzzy Hash: 313e7465c0652d69547fb46016a47ec78c377fa79f2ba69a012e4a383b11ec1d
Instruction Fuzzy Hash: 0793BB74A00218DFD755EF34D990AA9B7B6FBC9304F5091E9D90A97358CB36AE82CF40

Function 6E152A40 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 51sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064), ref: 6E152A91

Strings

a2y, xrefs: 6E152A62, 6E152AC1

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Sleep
String ID: a2y
API String ID: 3472027048-2799910280
Opcode ID: 22d651d723a92c1ad53e099821b0a5edac7f78d49000584768eccb1d6c06228c
Instruction ID: eace22ad86174035864c692e9a0c9bcd2548053d80535d24076965869bb1a239
Opcode Fuzzy Hash: 22d651d723a92c1ad53e099821b0a5edac7f78d49000584768eccb1d6c06228c
Instruction Fuzzy Hash: 94115AB1E0064ADFCB40DFDAC9806AEBBF5FB45300F608469D424E7304D770AA90EB51

Function 07A135D0 Relevance: 1.8, Strings: 1, Instructions: 597COMMON

Download Yara Rule

Strings

Haq, xrefs: 07A13EFA

Memory Dump Source

Source File: 00000000.00000002.4440400655.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a10000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Haq
API String ID: 0-725504367
Opcode ID: b4e67c123daa76b1663cab0603c22f5ccacebc5ef1b8bd69e8ced883a18203b0
Instruction ID: 811701d140bf253c2c0d14167ee3e333dc4d208262fb657b4badfb92ca38b745
Opcode Fuzzy Hash: b4e67c123daa76b1663cab0603c22f5ccacebc5ef1b8bd69e8ced883a18203b0
Instruction Fuzzy Hash: 45521671D1061ADFDB11DF68C850AD9FBB1FF89300F15869AE509B7261EB70AA85CF80

Function 07779D20 Relevance: 1.6, APIs: 1, Instructions: 137libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0777C0DB

Memory Dump Source

Source File: 00000000.00000002.4439554559.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7770000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e6a94881b9b400efa8cc325433999437165b4f8219ca82a73e5ad2ce5ccd9165
Instruction ID: 19d2b19e9917cc669e9cf560057e444913bbee62059a8bff5f529d02bbdb9d64
Opcode Fuzzy Hash: e6a94881b9b400efa8cc325433999437165b4f8219ca82a73e5ad2ce5ccd9165
Instruction Fuzzy Hash: 17412C757001009FE745EB69C85096AB7EAEBCD754B24C4AE9909DB359CF32ED03CB90

Function 078CEFC0 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440010343.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: ecdcd31f71d1cc0846147333ef5ac6dfdb8aa63af2283bfc6b2072eec92f4116
Instruction ID: 41c8263e02b07783a3d0744bdf4969af5863e5d7ff11c48199381694402ea1e3
Opcode Fuzzy Hash: ecdcd31f71d1cc0846147333ef5ac6dfdb8aa63af2283bfc6b2072eec92f4116
Instruction Fuzzy Hash: 52F168B1A002098FEB14DFA9C844B9DBBF2BF58304F148569D509EB265DBB4E985CF81

Function 07A13592 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440400655.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a10000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c45cf6895567d76e5dc9297eeb3d8c0bf6b110b1eadd2096a5996f0a4dfb300e
Instruction ID: a69cae78baf384d9811ccebcc55f3c1a5e09ac6ff1839c9ea5d7b6fe15fac57a
Opcode Fuzzy Hash: c45cf6895567d76e5dc9297eeb3d8c0bf6b110b1eadd2096a5996f0a4dfb300e
Instruction Fuzzy Hash: 16F1D47591061ADBDB11DF68C880AD9F7B1FF89300F1186DAE5196B221EB71AAC5CF80

Function 0796BD00 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3520116055c349413000faeaca9debbbb6dc3b6371484ebddf19995ba392f0e0
Instruction ID: 4d6666dcb606262663e4a29cd2032a3f18e1d97606c0fd46fd188315862a7c6e
Opcode Fuzzy Hash: 3520116055c349413000faeaca9debbbb6dc3b6371484ebddf19995ba392f0e0
Instruction Fuzzy Hash: E5B1C5B4600202DFC714EF64D498969B7B2FF85358B25CA6DD416DB3A6EB71EC02CB90

Function 0263DC2C Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4431300858.0000000002630000.00000040.00000800.00020000.00000000.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c2d5b1869b4ee57a5a6268d65fd5795b02162d40a1a4f69eb4d55d4fe110016
Instruction ID: 55772d6d9c46443df79a9e7d4b0f2c875f96b33e9dfc2e4e5f5303f687e61b51
Opcode Fuzzy Hash: 5c2d5b1869b4ee57a5a6268d65fd5795b02162d40a1a4f69eb4d55d4fe110016
Instruction Fuzzy Hash: 18A16B32E10209CFCF16DFB4C8405AEB7B6FF85304B25856AE902AB265DB75E916CF40

Function 0833F943 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440610314.0000000008330000.00000040.00000800.00020000.00000000.sdmp, Offset: 08330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8330000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed46d02ee49e34b5654e05e747959830bc1bad6817c10fdb711e082b9e36e19d
Instruction ID: 66c8e783e5407498b81728f92d7edd655d4fd8721fc94e2b9600d39fcbfee497
Opcode Fuzzy Hash: ed46d02ee49e34b5654e05e747959830bc1bad6817c10fdb711e082b9e36e19d
Instruction Fuzzy Hash: 0C318F315083909FCB0AEF74C495A9ABFB1FF46300F0545DAC0478B2A2CF756915DB41

Function 6E156E10 Relevance: 21.6, APIs: 1, Strings: 11, Instructions: 566
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000000,00000001), ref: 6E156EA1

Strings

.text, xrefs: 6E156EC1, 6E156F10
E, xrefs: 6E157294
U, xrefs: 6E15737E
e, xrefs: 6E1573D9
e, xrefs: 6E15767A
U, xrefs: 6E1574E8
E, xrefs: 6E157535
U, xrefs: 6E15761F
`, xrefs: 6E1573A8
`, xrefs: 6E157649
M, xrefs: 6E1574FD

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: FileModuleName
String ID: .text$E$E$M$U$U$U$`$`$e$e
API String ID: 514040917-4216370458
Opcode ID: bb831168695600558c8f0e9986fa9ea22a4eccea5c8bb6d01a15c6e0e432bac8
Instruction ID: 66ad5cb785d0f01a3e23bfa16a6ffba31fa7fe1a344ab41f2553dda28172ce06
Opcode Fuzzy Hash: bb831168695600558c8f0e9986fa9ea22a4eccea5c8bb6d01a15c6e0e432bac8
Instruction Fuzzy Hash: 90529F70A0469ACFDB64CF98C895FA9B7B1AB06314F108AD9D0A5AB3D1C7709DC1EF50

Function 6E154890 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 265
memorysynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RaiseException.KERNEL32(00000111,00000000,00000001,?,?,?,00843158), ref: 6E1549BA
WaitForSingleObject.KERNEL32(000004AC,00000000,?,00000000,?,00007263,?,00000000,?,?,00843158), ref: 6E154A3B
WaitForSingleObject.KERNEL32(000004D0,000003E8), ref: 6E154A79
GetProcessHeap.KERNEL32(00000000,0000001C,00000000,00000000,?), ref: 6E154AEB
HeapAlloc.KERNEL32(00000000), ref: 6E154AF2
GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E154BB1
HeapFree.KERNEL32(00000000), ref: 6E154BB8
GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E154BCA
HeapFree.KERNEL32(00000000), ref: 6E154BD1

Strings

Agile.NET runtime internal error occurred., xrefs: 6E154978
cr, xrefs: 6E154B3A
(=z, xrefs: 6E1548E6, 6E1548F6, 6E15490C, 6E1548E9

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$Process$FreeObjectSingleWait$AllocExceptionRaise
String ID: (=z$Agile.NET runtime internal error occurred.$cr
API String ID: 2104414052-951634140
Opcode ID: 312b7433956e1606abf5867f76308a0d39cec17822058d4a2bb65a3a192070db
Instruction ID: 0ffcf1c06c0cc8208ac66ad9ee71e84569cb43ab04786fec286fd9976280571d
Opcode Fuzzy Hash: 312b7433956e1606abf5867f76308a0d39cec17822058d4a2bb65a3a192070db
Instruction Fuzzy Hash: 77B102B5A00208EFDB44CF98C884FDEB7B9BF48304F108559E91A9B390DB70A996DF50

Function 6E1523F0 Relevance: 16.6, APIs: 11, Instructions: 113
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

K32EnumProcessModules.KERNEL32(00000000,00000000,00000000,00000000), ref: 6E152421
GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E152442
HeapAlloc.KERNEL32(00000000), ref: 6E152449
K32EnumProcessModules.KERNEL32(00000000,00000000,00000000,00000000), ref: 6E152462
GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E15248F
HeapFree.KERNEL32(00000000), ref: 6E152496

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: HeapProcess$EnumModules$AllocFree
String ID:
API String ID: 579338898-0
Opcode ID: 17135324094a8d210fa284f0e6e5c68a93cd212a32b03fe17261b29b25c7e0ac
Instruction ID: abca62695d450d1401c06b756101859df0553fac000cfb9f7710cd0da0236ce6
Opcode Fuzzy Hash: 17135324094a8d210fa284f0e6e5c68a93cd212a32b03fe17261b29b25c7e0ac
Instruction Fuzzy Hash: 5F41F7F6A14108EFDF50CFD8C944BEEB7B8AB48305F1085A9E619E7240D7349A84DFA4

Function 6E1555C0 Relevance: 15.1, APIs: 10, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

K32EnumProcessModules.KERNEL32(00000000,00000000,00000000,00000000), ref: 6E1555F4
GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E15560E
HeapAlloc.KERNEL32(00000000), ref: 6E155615
K32EnumProcessModules.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E15562E
K32GetModuleInformation.KERNEL32(00000000,?,?,0000000C,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E155668
GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,?,0000000C,00000000,?,?,0000000C,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E155696
HeapFree.KERNEL32(00000000), ref: 6E15569D
GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E1556B9
HeapFree.KERNEL32(00000000), ref: 6E1556C0
VirtualQuery.KERNEL32(00000000,?,0000001C,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E1556E7

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$Process$EnumFreeModules$AllocInformationModuleQueryVirtual
String ID:
API String ID: 4262206646-0
Opcode ID: 63f229bf1c901ef701b920296255a33944e58d82e6fb34230799954dd75499c7
Instruction ID: 0d5aa0ff657be18ce7e7468c5ff94cac184fb75fc992ae1f1afa4b7494bc436a
Opcode Fuzzy Hash: 63f229bf1c901ef701b920296255a33944e58d82e6fb34230799954dd75499c7
Instruction Fuzzy Hash: 9551E3B5E04108EFDB44CFD9C894BAEBBB8BF08305F10845AE525E7240D774AA91DB60

Function 6E1529B0 Relevance: 7.5, APIs: 5, Instructions: 40
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 6E1529C1
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 6E1529D4
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 6E1529E7
GetCurrentThreadId.KERNEL32 ref: 6E1529F2
CreateThread.KERNEL32(00000000,00000000,Function_0000156E,00000000,00000000,?), ref: 6E152A0E

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Create$Event$Thread$Current
String ID:
API String ID: 4115085679-0
Opcode ID: a692f7839dbe95ed5554c826b82bb65a7b5b0ea589891f5b2932cd8e9b819c7a
Instruction ID: 55544ec5d52976672e71ab1bcdf65bd460bf3e18d46ce059f7efbfe3db6a19de
Opcode Fuzzy Hash: a692f7839dbe95ed5554c826b82bb65a7b5b0ea589891f5b2932cd8e9b819c7a
Instruction Fuzzy Hash: 98F030747E4718BBFFA05BA08D4BF7A3B65E706F12F208021FB09A92C0D6F024449A55

Function 6E15B770 Relevance: 6.1, APIs: 4, Instructions: 88
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32(00000001,00000001,00000001,00000000,00000003,00000000,00000000), ref: 6E15B7BC
GetFileSize.KERNEL32(?,?), ref: 6E15B7CD
ReadFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E15B809
FindCloseChangeNotification.KERNEL32(?), ref: 6E15B813

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: File$ChangeCloseCreateFindNotificationReadSize
String ID:
API String ID: 2135649906-0
Opcode ID: 46cacab1c17a6df6c71a3ad12ec22faabf41cdf33f5f4571aada8868d0150f70
Instruction ID: 440ae7044956bb7fcab243b0de066569c4fa5c1aa1e156dc7aeb17f43e5ab20a
Opcode Fuzzy Hash: 46cacab1c17a6df6c71a3ad12ec22faabf41cdf33f5f4571aada8868d0150f70
Instruction Fuzzy Hash: 2A3196B5A40208EFDB04CF98C999FDEBBF8AB48304F2441A5E904AB381D775AE44DF54

Function 6E15AAC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

UKKED, xrefs: 6E15AB2D

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: UKKED
API String ID: 0-4206113906
Opcode ID: dd69d838b1a89bc56a99841069099e83d66f45a099849244738aadae5a5481ef
Instruction ID: e8538589285d067da489e8d2e1420427d1631803f9a7f04bbdf13e0eb1b577eb
Opcode Fuzzy Hash: dd69d838b1a89bc56a99841069099e83d66f45a099849244738aadae5a5481ef
Instruction Fuzzy Hash: A2510FB0B40119AFDB48DBD9C9A1FEDB7B9AF44304F104499E526A7381CB305EA4EB61

Function 6E15921E Relevance: 4.6, APIs: 3, Instructions: 57
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 6E15923E
VirtualProtect.KERNEL32(?,?,00000004,?), ref: 6E159267
VirtualProtect.KERNEL32(?,?,?,00000000), ref: 6E1592C3

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Virtual$Protect$Query
String ID:
API String ID: 3618607426-0
Opcode ID: bc1d9ff5ad49bcc1fe2e349e81f9c4e0630abc6c63f41323d059de2711000dee
Instruction ID: bae0a9d8f1922d56c7296a119e231ed281af32f5c21a86e1d3a9127432d6ca6c
Opcode Fuzzy Hash: bc1d9ff5ad49bcc1fe2e349e81f9c4e0630abc6c63f41323d059de2711000dee
Instruction Fuzzy Hash: 1211F6B5A04248EFCB00CF99D494DEEBBB8EF4E310F00819AE955EB241D234AA41DF61

Function 6E159210 Relevance: 4.6, APIs: 3, Instructions: 55
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 6E15923E
VirtualProtect.KERNEL32(?,?,00000004,?), ref: 6E159267
VirtualProtect.KERNEL32(?,?,?,00000000), ref: 6E1592C3

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Virtual$Protect$Query
String ID:
API String ID: 3618607426-0
Opcode ID: 7d48a5c0e42ec472ecb492252a193221aa35c97faab7e54f57ac65c8e889225d
Instruction ID: 2950ad9ce628d9ed8d1ba34f1c81609389bd2a1129df9b92f6468598f9e8e84e
Opcode Fuzzy Hash: 7d48a5c0e42ec472ecb492252a193221aa35c97faab7e54f57ac65c8e889225d
Instruction Fuzzy Hash: C811B2B5A0020DEFCB00CF99D484DEEBBB9EB8D310F10815AE925A7340D634AA51DFA1

Function 6E156E25 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000000,00000001), ref: 6E156EA1

Strings

.text, xrefs: 6E156EC1

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: FileModuleName
String ID: .text
API String ID: 514040917-2719751843
Opcode ID: 1482a4f406ae18289c3c016347efcae029080c554716263f5c6d7c0d75a020db
Instruction ID: 16018b8a9c3a2e95abbbf068943276b2b132961080dd62813879892c85caa990
Opcode Fuzzy Hash: 1482a4f406ae18289c3c016347efcae029080c554716263f5c6d7c0d75a020db
Instruction Fuzzy Hash: A631FDB5E142189FDB05CF44C8A4EEDB7B4EF19310F00459AE559A7351CB30AE84CF90

Function 6E156B50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

SetEnvironmentVariableW.KERNEL32(UKKED,6E1634E0,?), ref: 6E156B87

Strings

UKKED, xrefs: 6E156B82

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: EnvironmentVariable
String ID: UKKED
API String ID: 1431749950-4206113906
Opcode ID: 666ecb4c1f64924937083cf58fae8ae9208fe87b049f82e843f6aed2a9d81e52
Instruction ID: 92a7b98c92183cb45aca7808f2b6f5e8fb91e7c1ccb2c9b0430aaa855676a1a7
Opcode Fuzzy Hash: 666ecb4c1f64924937083cf58fae8ae9208fe87b049f82e843f6aed2a9d81e52
Instruction Fuzzy Hash: 0C2147B1A1010CEFCB00CFD9C484B9DBBB9AB14344F2080A9E5259B350C730DEE4EB90

Function 6E157DEB Relevance: 3.1, APIs: 2, Instructions: 107memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,0000000C,00000004,?,?,?,?,?,?,?,?,?), ref: 6E157F82
VirtualProtect.KERNEL32(?,0000000C,?,?,?,?,?,?,?,?,?), ref: 6E157FE6

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: dd3172e1edb5d810e519527f8b6a2e4e44973d4c59339b2d6b75746a17c6dc55
Instruction ID: e7cbb7eea38e73d69498af760a5681bf6ca67dda875abfd4464138e30e0a9339
Opcode Fuzzy Hash: dd3172e1edb5d810e519527f8b6a2e4e44973d4c59339b2d6b75746a17c6dc55
Instruction Fuzzy Hash: 0E5175749049288FEB64CF58DC94BAAB7B1EB4834AF1081D9D91DA7341DB31AEC5DF40

Function 6E155D30 Relevance: 3.1, APIs: 2, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E155DBD
RtlAllocateHeap.NTDLL(00000000), ref: 6E155DC4

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 68b16b4abad9394d4c2387c106575782e76ad2f273545e3f2ce0d74b477f04fa
Instruction ID: 66bdfcfd160d8e2bf74f91577e66519db8c9d6a0847e200f4d9dc6348bf7690c
Opcode Fuzzy Hash: 68b16b4abad9394d4c2387c106575782e76ad2f273545e3f2ce0d74b477f04fa
Instruction Fuzzy Hash: B221B4B5A00208EFDB04CF98C598EADBBF5FB48314F258199E9099B351C771AE45EB80

Function 6E15156E Relevance: 3.0, APIs: 2, Instructions: 32COMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(000004D0), ref: 6E151C8F
SetEvent.KERNEL32(000004AC), ref: 6E151CBB

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Event
String ID:
API String ID: 4201588131-0
Opcode ID: 4c9b58e7de34dd971ce769e6981002390ba4efe2904e91f63c378f8bfe2db02c
Instruction ID: e5b11aea92c4379b1541cc47a6037e857115d6baef9479bf48792a0c0a6df790
Opcode Fuzzy Hash: 4c9b58e7de34dd971ce769e6981002390ba4efe2904e91f63c378f8bfe2db02c
Instruction Fuzzy Hash: 10F0AEF1700518FBDF019FD997086AA77BC9706349F404431E911D6300D7729DACBA51

Function 6E160090 Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?), ref: 6E16009F
RtlAllocateHeap.NTDLL(00000000), ref: 6E1600A6

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: e511b1cf596c0943768d1ce0b3289b77d903bd473f0b72f62d9de532c9e026b9
Instruction ID: 850c28b9e2e1e9d672f26c4eea67b665419dffd505b278bfda2366715c30168d
Opcode Fuzzy Hash: e511b1cf596c0943768d1ce0b3289b77d903bd473f0b72f62d9de532c9e026b9
Instruction Fuzzy Hash: 5CD0C97660520CBBDA506AEAAC49EBFBB6CEB465A6F004166FA0DC2140D561981446F2

Function 6E1600C0 Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?), ref: 6E1600CF
RtlFreeHeap.NTDLL(00000000), ref: 6E1600D6

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 1164ee07f026564e3892de7f906be427ba8880efd848f2a996c6cb6490c23a51
Instruction ID: 5ac3c85ac75981a288c12eac514e4b95b0507a7292a34493500c255e53506238
Opcode Fuzzy Hash: 1164ee07f026564e3892de7f906be427ba8880efd848f2a996c6cb6490c23a51
Instruction Fuzzy Hash: 1CD0C97660520CFBDA506AEAAC49EBFBB6CEB465A6F008166FA09C2140D561981446F2

Function 6E159310 Relevance: 2.6, APIs: 2, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?), ref: 6E1593C0
HeapFree.KERNEL32(00000000), ref: 6E1593C7

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: efc44d999fb98e1ac4c031c897d0edbdd56becf5c17598fe05e7777def336349
Instruction ID: db543343b280937aa9b49e72715d649a5b077b1b336aee29765a270a3ffe6309
Opcode Fuzzy Hash: efc44d999fb98e1ac4c031c897d0edbdd56becf5c17598fe05e7777def336349
Instruction Fuzzy Hash: A53190B8E04209EFCB44CF98C5949AEFBB5FB49304F208199E929A7351C730AE51DF91

Function 6E1565B0 Relevance: 2.6, APIs: 2, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0000000C,?,?), ref: 6E15660F
HeapAlloc.KERNEL32(00000000), ref: 6E156616

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: b6b08ebfd610834d84504fd9ae54eb74a4005ef1b7968da28d67dfdf2245e945
Instruction ID: 56f7839406d7e7d6b8c59a7a22def88a80995f9796fc3b31189bc585d9980454
Opcode Fuzzy Hash: b6b08ebfd610834d84504fd9ae54eb74a4005ef1b7968da28d67dfdf2245e945
Instruction Fuzzy Hash: A0210CB4A04608EFCB05DF98C5909ADFBB5FF49350F108199E91AAB351C731AE91EF90

Function 0263AF70 Relevance: 1.7, APIs: 1, Instructions: 205COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 0263B1D6

Memory Dump Source

Source File: 00000000.00000002.4431300858.0000000002630000.00000040.00000800.00020000.00000000.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 0649040af670fc239c7b0bcb27f210b4048535071178562e8b8b2b4f54a8ea7a
Instruction ID: 4f0773696c7ff3fd6ab19a7049cbba6f0a633cc088fd2bbb9d4988e5f3b3f9d8
Opcode Fuzzy Hash: 0649040af670fc239c7b0bcb27f210b4048535071178562e8b8b2b4f54a8ea7a
Instruction Fuzzy Hash: 37811F70A00B458FDB25DF2AD54076ABBF2FF88304F00892ED49A97B50DB75E905CB95

Function 08339800 Relevance: 1.7, APIs: 1, Instructions: 181COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000014,?,?,0365413C,02686088,?,00000000), ref: 0833996E

Memory Dump Source

Source File: 00000000.00000002.4440610314.0000000008330000.00000040.00000800.00020000.00000000.sdmp, Offset: 08330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8330000_SecuriteInfo.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: acb885580ce1d45bde04a23c1ccf751e8a4d8c97dcfbda97183d646a34218768
Instruction ID: 3a410680016c20adb730cf00a819f55e66d65c99216f4bfb747aba8fd7268f5e
Opcode Fuzzy Hash: acb885580ce1d45bde04a23c1ccf751e8a4d8c97dcfbda97183d646a34218768
Instruction Fuzzy Hash: 3C71A234A01258EFCB55DF69D884EAEBBB6FF89315B114099F901AB361CB71EC41CB50

Function 0786FB50 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

d, xrefs: 0786FD05

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 93399a24de610c2e64bf87da818af3d492b278c8b4b0e6587cbbe0474226c397
Instruction ID: 4ce03710c178d2a8e0eaa91df522b7eb43c245d5a0d18e6b6f033601b1db2239
Opcode Fuzzy Hash: 93399a24de610c2e64bf87da818af3d492b278c8b4b0e6587cbbe0474226c397
Instruction Fuzzy Hash: B4E11570600606DFC715DF28E4C89AAFBB6FF85310B158AAAD959CB245DB30FC56CB90

Function 02635F4A Relevance: 1.6, APIs: 1, Instructions: 122COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 02636019

Memory Dump Source

Source File: 00000000.00000002.4431300858.0000000002630000.00000040.00000800.00020000.00000000.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_SecuriteInfo.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 05e72b2d0cc9e50944a0d9dbd39a1f2b7bbceba00f9304893e4e40296ef66f87
Instruction ID: 6a73bdbaec56d7f5c50a2b4eb41f77f9f2fc8242a7a153b9fb11afcd7866035d
Opcode Fuzzy Hash: 05e72b2d0cc9e50944a0d9dbd39a1f2b7bbceba00f9304893e4e40296ef66f87
Instruction Fuzzy Hash: 764165B0C00259CBDB25CFA9C944B9EBBB1FF48304F20809AD409AB215DB716846CF91

Function 078C3FE0 Relevance: 1.6, APIs: 1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440010343.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f39d5fd9746b0931138846be1eea3503f9eb0e805990aaf4a680d81c2a9f424b
Instruction ID: bb06aca4d670aa341e1d0b9f363ba377d63ba62ddc29609bcef52321ffeec746
Opcode Fuzzy Hash: f39d5fd9746b0931138846be1eea3503f9eb0e805990aaf4a680d81c2a9f424b
Instruction Fuzzy Hash: F841B0B5A00349CFC711DFA8D844AAEBBF5EF55310F1484AAE519AB321C735E844CBA1

Function 0777C080 Relevance: 1.6, APIs: 1, Instructions: 106libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0777C0DB

Memory Dump Source

Source File: 00000000.00000002.4439554559.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7770000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 73d415a84fcb9a431effbd896892e505831eb7bf37db75faf6939230157eba42
Instruction ID: fe9d6fa73e7458fd0ff23d340966f7a7c1e1ca5e72f2a40682210f33205ff82d
Opcode Fuzzy Hash: 73d415a84fcb9a431effbd896892e505831eb7bf37db75faf6939230157eba42
Instruction Fuzzy Hash: 96314E75B001109FE745EB59D8509AAB7E6EBCD354B24C4AE9909DB349CF32ED03CBA0

Function 02634774 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 02636019

Memory Dump Source

Source File: 00000000.00000002.4431300858.0000000002630000.00000040.00000800.00020000.00000000.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_SecuriteInfo.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 436cb9f7818f2f502dc060b5679107fd5a7d08ed4215976dddb244034564c062
Instruction ID: 44423aa138994af457958a7839fee47f63f87adf57474f0f7b582120070c7c67
Opcode Fuzzy Hash: 436cb9f7818f2f502dc060b5679107fd5a7d08ed4215976dddb244034564c062
Instruction Fuzzy Hash: E141F3B0C0071DCBDB25CFA9C944B9EBBF5BF48304F20805AD408AB251DB756946CF90

Function 0777C066 Relevance: 1.6, APIs: 1, Instructions: 93libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0777C0DB

Memory Dump Source

Source File: 00000000.00000002.4439554559.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7770000_SecuriteInfo.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d280e8fda9b4f595e9b860906e1a12d101f5b271839e56235d4279cc035d1a80
Instruction ID: 767a7a1fbe3a3616c7954d7bfe047fabc79194b783aeb88bbdf876b29e506580
Opcode Fuzzy Hash: d280e8fda9b4f595e9b860906e1a12d101f5b271839e56235d4279cc035d1a80
Instruction Fuzzy Hash: B5314B757041009FE705EB59C8A096AB7A7EBCD754B24C4AE9909DB399CF32ED03CB60

Function 0634AEF0 Relevance: 1.6, APIs: 1, Instructions: 92COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,?,?), ref: 0634AF90

Memory Dump Source

Source File: 00000000.00000002.4438931245.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_SecuriteInfo.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 01965c41d20604bdf1428e21480d14d60bc7cdc4c8fa245a96ec0651e2bbb68a
Instruction ID: a856f44e5ebc96a51d846d1cc186b7568d780c23af953b5301ea4dc7ecc6427a
Opcode Fuzzy Hash: 01965c41d20604bdf1428e21480d14d60bc7cdc4c8fa245a96ec0651e2bbb68a
Instruction Fuzzy Hash: 5731F5B1D052489FDB50DF99D884ADEFFF5AF48310F14802AE419E7254DB34A845CF90

Function 0634AEE4 Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(00000000,?,?), ref: 0634AF90

Memory Dump Source

Source File: 00000000.00000002.4438931245.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_SecuriteInfo.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 7cb40f861db11a6955336b146878881ff9607269a2b08cf0a9c347d366774c59
Instruction ID: 0d86f4321dc8d257588c15444ce22c7fa3b8e03950bd4f1a59f3d4ad418c7ed9
Opcode Fuzzy Hash: 7cb40f861db11a6955336b146878881ff9607269a2b08cf0a9c347d366774c59
Instruction Fuzzy Hash: 1E3102B1D012499FDB50DFAAC994ADEFFF5AF08310F24802AE419E7244D734A849CF90

Function 078AA068 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 078AA107

Memory Dump Source

Source File: 00000000.00000002.4439929726.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_SecuriteInfo.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 2cb2ba44c570acf7e531755e1225ee5df5ff5abc556ccccff9fab69bea77138c
Instruction ID: 824c5f8f6b5e92c8517e538f10c6a4126eb9cc31ba76b832b4591f6756e9d8bf
Opcode Fuzzy Hash: 2cb2ba44c570acf7e531755e1225ee5df5ff5abc556ccccff9fab69bea77138c
Instruction Fuzzy Hash: 2921E3B5D00209AFDB10CF9AD884AEEFBF5FF58310F14842AE519A7610D375A944CFA5

Function 078AA070 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 078AA107

Memory Dump Source

Source File: 00000000.00000002.4439929726.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_SecuriteInfo.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: a5bd888775ab46d7979b73f7bab1c33a65ebd1d722ebaa1a20bc6fa7189e50bf
Instruction ID: c8eea75129caf406e67cd87ff515c4b8057cc2e213be8109cc6b2bb5c68d9e6f
Opcode Fuzzy Hash: a5bd888775ab46d7979b73f7bab1c33a65ebd1d722ebaa1a20bc6fa7189e50bf
Instruction Fuzzy Hash: 9B21FFB5D00209AFDB10CF9AD884ADEFBF4FF58320F14842AE919A7210D775A944CFA1

Function 0263B5D0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0263D546,?,?,?,?,?), ref: 0263D607

Memory Dump Source

Source File: 00000000.00000002.4431300858.0000000002630000.00000040.00000800.00020000.00000000.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 25ddc6a93ae5c6e2e96c0347ce5d878a8eda13de716d2ce918f9ecfbe7304fef
Instruction ID: 3908a68a96ad86d89e5c7db0894be73354ec1cf7706b89518b7bbdf9ef1cb977
Opcode Fuzzy Hash: 25ddc6a93ae5c6e2e96c0347ce5d878a8eda13de716d2ce918f9ecfbe7304fef
Instruction Fuzzy Hash: B521E4B59002489FDB10CF9AD584AEEFFF9FB48314F14845AE918A3311D378A950CFA4

Function 0263D579 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0263D546,?,?,?,?,?), ref: 0263D607

Memory Dump Source

Source File: 00000000.00000002.4431300858.0000000002630000.00000040.00000800.00020000.00000000.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: fc17460bf82c2e5f8644455fadf22d100b5c44394ea77abe94a654ec3616bd5a
Instruction ID: d71edd7a50afbe99228e1533886f8db8d8631f0c42a697495fdd0b4f4bf243b7
Opcode Fuzzy Hash: fc17460bf82c2e5f8644455fadf22d100b5c44394ea77abe94a654ec3616bd5a
Instruction Fuzzy Hash: D221E0B59002089FDB10CFAAD584ADEBBF5EB48324F24801AE918B7311D378A944CFA4

Function 078C4137 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

SetWindowRgn.USER32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 078C4109

Memory Dump Source

Source File: 00000000.00000002.4440010343.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: aa5e63ff510ceacfeaed9fc16c417d0fa15dec9c82d19b813dc196ce5719f2cc
Instruction ID: 96fc86ca0c235c60a45ac2f688e3076db770c34e8285d5798c2d81e9cc3147aa
Opcode Fuzzy Hash: aa5e63ff510ceacfeaed9fc16c417d0fa15dec9c82d19b813dc196ce5719f2cc
Instruction Fuzzy Hash: E911BEB29002598FCB10DF99E4447EEBFF4EF99324F14805ED549E7241C738AA45CBA2

Function 07A18D60 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 07A18D8D

Memory Dump Source

Source File: 00000000.00000002.4440400655.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a10000_SecuriteInfo.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 5568773cd82430ae0627ee6aaa886a31b1876166196654268718ba474e16630c
Instruction ID: 196f9f7a2e2cd879784317edb95f2952f56f40101e50f39f8955ef45fe2a4100
Opcode Fuzzy Hash: 5568773cd82430ae0627ee6aaa886a31b1876166196654268718ba474e16630c
Instruction Fuzzy Hash: BD11D6B43112118FD715AB3DC85496A3BBAAFD9A1431540EEE512CF375DE36DC02CB51

Function 07A18D70 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 07A18D8D

Memory Dump Source

Source File: 00000000.00000002.4440400655.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a10000_SecuriteInfo.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 7839ea80811c4f47da31539ca9afa2289830ec0843a66e9327ea394bff7af704
Instruction ID: 6fe9fe1b0e7eef905ac0bfbd7c0c44380a6076c4fd6f0fb25294e273783f89c8
Opcode Fuzzy Hash: 7839ea80811c4f47da31539ca9afa2289830ec0843a66e9327ea394bff7af704
Instruction Fuzzy Hash: 41118CB03116118FD618AB3DC81892A77EABFD8A2431140AEE502CB375EE36DC02CB91

Function 078CF580 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 078CF5F0

Memory Dump Source

Source File: 00000000.00000002.4440010343.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 27d46b70049642c0b1732d7d3a085293b76fc00d8ad7f1c40c503f4dc73c06bc
Instruction ID: ba3a1da0699f7e3d27bc23732a3fa29414df9c52608e6ce517018b56950f0130
Opcode Fuzzy Hash: 27d46b70049642c0b1732d7d3a085293b76fc00d8ad7f1c40c503f4dc73c06bc
Instruction Fuzzy Hash: B82117B68002499FDB10CF9AD845BEEFBF8FB08320F10841AE958A3651D378A544CFA5

Function 078C34E8 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetWindowRgn.USER32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 078C4109

Memory Dump Source

Source File: 00000000.00000002.4440010343.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 2038350a6144edce98f51f6bc0ed150f7fdd9e63199bb1325438591e4bd87c4b
Instruction ID: a2ac0161af92052f328c989cf77a84f3d2a7e73c7887ccaaa596cc3d2266bfac
Opcode Fuzzy Hash: 2038350a6144edce98f51f6bc0ed150f7fdd9e63199bb1325438591e4bd87c4b
Instruction Fuzzy Hash: 892186B580435A8FDB10CF99D494BEEBFF8EF58310F20841AD959A7241C378A984CFA5

Function 0263B208 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0263B651,00000800,00000000,00000000), ref: 0263B862

Memory Dump Source

Source File: 00000000.00000002.4431300858.0000000002630000.00000040.00000800.00020000.00000000.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 221755c0b696b923d5eef7c64a410935cee029a795387f8a132ae2f64b6cb6e0
Instruction ID: de87910f4745011ad6b84979cb207d5b6caa4555353b3279ebf6db3c47ae9bf0
Opcode Fuzzy Hash: 221755c0b696b923d5eef7c64a410935cee029a795387f8a132ae2f64b6cb6e0
Instruction Fuzzy Hash: 091114B6D00349DFDB10CF9AC444A9EFBF4EB48314F10842ED519A7210C379A545CFA4

Function 06341CB9 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,00000000), ref: 06341D2A

Memory Dump Source

Source File: 00000000.00000002.4438931245.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_SecuriteInfo.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 93548e86e3b164b3cc94dc53397de57200f8cd66858a8fbe55aaf292f233afa6
Instruction ID: 06ab085b3b19e186dd25caf390909ad83a86db3e0442f4d69034ceda51166c72
Opcode Fuzzy Hash: 93548e86e3b164b3cc94dc53397de57200f8cd66858a8fbe55aaf292f233afa6
Instruction Fuzzy Hash: 181103B6C006098FDB14DF9AD844BEEFBF4EF49310F14802AD869A7240D378A545CFA5

Function 0263B7F0 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0263B651,00000800,00000000,00000000), ref: 0263B862

Memory Dump Source

Source File: 00000000.00000002.4431300858.0000000002630000.00000040.00000800.00020000.00000000.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: bdefefef372cdd3bef455ba86d1ba6329c66d30158795aff4765aafb23f5ff41
Instruction ID: 8c13ef21ceb757f23017c3e0bc354dbd9ad0f4d127f1534065e4956d4a420781
Opcode Fuzzy Hash: bdefefef372cdd3bef455ba86d1ba6329c66d30158795aff4765aafb23f5ff41
Instruction Fuzzy Hash: B31112B6D002488FDB10DFAAC544AEEFBF5EB88314F14842ED959A7310C3B9A545CFA0

Function 06341CC0 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,00000000), ref: 06341D2A

Memory Dump Source

Source File: 00000000.00000002.4438931245.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_SecuriteInfo.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 2963ab5454472a4784b48b5f882a28a65bd8eff7be7d845835297f33d18711ec
Instruction ID: 6f517dd32d87ce78bd90e16fb766dd14e332de408e9a9681b5f28a3fe689b51a
Opcode Fuzzy Hash: 2963ab5454472a4784b48b5f882a28a65bd8eff7be7d845835297f33d18711ec
Instruction Fuzzy Hash: 6E1126B6C006098FDB10DF9AD444BEEFBF4EF49310F10802AD868A7240D378A545CFA5

Function 078AEB31 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 078AEB95

Memory Dump Source

Source File: 00000000.00000002.4439929726.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_SecuriteInfo.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: a46f96b366b89a6713ebbc0dccdebf7739883db138e6f74ce7e6e37a05e25956
Instruction ID: 5a86ba0150daf4b4faf79e9125253000ca8b4b360e251f1814c2acb3be5965e8
Opcode Fuzzy Hash: a46f96b366b89a6713ebbc0dccdebf7739883db138e6f74ce7e6e37a05e25956
Instruction Fuzzy Hash: E31116B5800759DFDB10CF9AC845BEEFBF8EB58310F108819E558A3240D378A544CFA5

Function 078CF588 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 078CF5F0

Memory Dump Source

Source File: 00000000.00000002.4440010343.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 21f23c246478a37bd399c2a853cd3a65f9321103318345b41d56ff885c542df4
Instruction ID: 67b5d1bd04e4da0782a48ae278eec0e8ca2bcaef7309769305de756d3068a967
Opcode Fuzzy Hash: 21f23c246478a37bd399c2a853cd3a65f9321103318345b41d56ff885c542df4
Instruction Fuzzy Hash: 901107B5C042499FDB10CF9AD544BDEFBF8FB48310F10842AE959A3251C378A544CFA5

Function 078C34D8 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

SetWindowRgn.USER32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 078C4109

Memory Dump Source

Source File: 00000000.00000002.4440010343.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 2905c6b42a276a43339a3709bb8dcd21a5edac1e07f3ad340e89ad9f64fe298e
Instruction ID: abeb76f35dff5daa13b7f24973f593b922167b13cbd9ca5a41a314f0ff2e89cf
Opcode Fuzzy Hash: 2905c6b42a276a43339a3709bb8dcd21a5edac1e07f3ad340e89ad9f64fe298e
Instruction Fuzzy Hash: 551128B58006499FDB10DF99D485BEEBBF8EB58314F10841AE959A3241C378A984CFA5

Function 078AEB38 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 078AEB95

Memory Dump Source

Source File: 00000000.00000002.4439929726.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_SecuriteInfo.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 9a1e662b84d5dd117b8a297c286f8ab279f9df51d62bc581cc7249e782e11c83
Instruction ID: caa2c64e641d0e77f908840235a6db4fc03b9f7647f12bfb8d1cb19fa97b9e24
Opcode Fuzzy Hash: 9a1e662b84d5dd117b8a297c286f8ab279f9df51d62bc581cc7249e782e11c83
Instruction Fuzzy Hash: F911F5B5800749DFDB10CF9AC889BEEFBF8EB48320F108819E558A3251D378A544CFA5

Function 07A14398 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

DispatchMessageA.USER32 ref: 07A143FD

Memory Dump Source

Source File: 00000000.00000002.4440400655.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a10000_SecuriteInfo.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: f524c6cd573c6f8a70b9d866559762f8cd1572f4025cf8beab4c48b6eeb5d138
Instruction ID: d167bdd03f0b540cccf1a621441ec58b4ab33d4bc40ebd7d7be8ef2252864990
Opcode Fuzzy Hash: f524c6cd573c6f8a70b9d866559762f8cd1572f4025cf8beab4c48b6eeb5d138
Instruction Fuzzy Hash: 8111FEB1D046498FDB10DF9AD848BDEFBF4EF48320F10842AD829A7250D379A544CFA5

Function 0263B170 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 0263B1D6

Memory Dump Source

Source File: 00000000.00000002.4431300858.0000000002630000.00000040.00000800.00020000.00000000.sdmp, Offset: 02630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2630000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 5583dea1cea32da4adde75b15cb66cb511c16c6b155cac9f3c8ae63faba6e77f
Instruction ID: 77cc5696ae1d0b7c99ea13f9c1e7cd48e094835ac94e93281a310f588040820c
Opcode Fuzzy Hash: 5583dea1cea32da4adde75b15cb66cb511c16c6b155cac9f3c8ae63faba6e77f
Instruction Fuzzy Hash: DF11DFB5C006498FCB10DF9AD944A9EFBF8EF89314F10845AD829B7710C3B9A545CFA5

Function 06348784 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?,?,?,?,00000000), ref: 06348E7D

Memory Dump Source

Source File: 00000000.00000002.4438931245.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 7dba7de9637b373dcce1023ce61d2d14a62986540fb8294a6e0a65011f28863e
Instruction ID: c574a9fc0167d2eafd3320884f529ea30d41ebd9eda6398a4b2007304ddaf145
Opcode Fuzzy Hash: 7dba7de9637b373dcce1023ce61d2d14a62986540fb8294a6e0a65011f28863e
Instruction Fuzzy Hash: C211F5B58007489FDB10DF9AD485BDEFBF8EB48310F108459E959A7210C375A984CFE5

Function 078CFC78 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,078CF2E7), ref: 078CFCDD

Memory Dump Source

Source File: 00000000.00000002.4440010343.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 3770bc4b19eebdc250c061a97e4c8ed15147b7fc92337d8be40064090aaac8c4
Instruction ID: 5ea24b47bf20b00aab33d005b5fc86c6b614bf09cd7c5759c2cf3b7a7e3237d3
Opcode Fuzzy Hash: 3770bc4b19eebdc250c061a97e4c8ed15147b7fc92337d8be40064090aaac8c4
Instruction Fuzzy Hash: 631110B1C046498FCB10DF9AD844BCEFBF4EB48324F10891AD928A3250D378A544CFA5

Function 078ADB79 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 078ADBDD

Memory Dump Source

Source File: 00000000.00000002.4439929726.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: e42851935948cbc0cf9fdaee3614e396a75c63d90266085fb03a16a4515ca13d
Instruction ID: fa1b29812c105c14c2c9a77bb283de9e7f85c9f983101b46860fffdaa69e81d0
Opcode Fuzzy Hash: e42851935948cbc0cf9fdaee3614e396a75c63d90266085fb03a16a4515ca13d
Instruction Fuzzy Hash: 8D11F2B59007499FDB10DF9AD445BDEFBF8FB48310F108419E558A7210C379A944CFA1

Function 06348E18 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?,?,?,?,00000000), ref: 06348E7D

Memory Dump Source

Source File: 00000000.00000002.4438931245.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 2dc093b99098a6b5770efef07b10121113314b13bd046b7b0a4aa29bbe6f1ded
Instruction ID: df96d57b543228eb77a3ff098cd03424e280794bd46814129168ccff9cbe1352
Opcode Fuzzy Hash: 2dc093b99098a6b5770efef07b10121113314b13bd046b7b0a4aa29bbe6f1ded
Instruction Fuzzy Hash: 911103B58002499FDB10DF99D985BDEFBF4FB48310F10845AD958A7310C379A584CFA0

Function 078CCF34 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,078CF2E7), ref: 078CFCDD

Memory Dump Source

Source File: 00000000.00000002.4440010343.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: a9c4eec3f369376d7c5b855b7a5ad5dac27e28bba889f5745ba7dc98717eba3d
Instruction ID: ce0d5465fdc2afe07ee5674293fdcb116333559ebda33e6596d953f360bdb449
Opcode Fuzzy Hash: a9c4eec3f369376d7c5b855b7a5ad5dac27e28bba889f5745ba7dc98717eba3d
Instruction Fuzzy Hash: 241122B1D046598FDB10DF9AD448BDEFBF4EB48324F10841AD928B3200C378A544CFA5

Function 078ADB80 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 078ADBDD

Memory Dump Source

Source File: 00000000.00000002.4439929726.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 97fd3b995d61b150fcf72c9495f16e1b6ddab661514e533b79daff6591323715
Instruction ID: bf56abe09c589feaed625425ff8be64cd383eb066f257a1f7cc7adf1ddef99ed
Opcode Fuzzy Hash: 97fd3b995d61b150fcf72c9495f16e1b6ddab661514e533b79daff6591323715
Instruction Fuzzy Hash: 351115B58003499FDB10DF9AD445BDEFBF8FB48310F108419D558A3200C379A944CFA1

Function 07A143A0 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON

Download Yara Rule

APIs

DispatchMessageA.USER32 ref: 07A143FD

Memory Dump Source

Source File: 00000000.00000002.4440400655.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a10000_SecuriteInfo.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 6cab56969229f8757d40747f7e03f494912f7a8b2106cbbc2ad6f7bc97479e08
Instruction ID: fc8a9ac4940c76b7824a30fc10775af851ad50ee5a3bc329c7a2da529973a811
Opcode Fuzzy Hash: 6cab56969229f8757d40747f7e03f494912f7a8b2106cbbc2ad6f7bc97479e08
Instruction Fuzzy Hash: 2611E2B5C046498FDB10DF9AD444BDEFBF4EB48314F10842AD929B7250D378A544CFA5

Function 06348EB0 Relevance: 1.5, APIs: 1, Instructions: 30windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?,?,?,?,00000000), ref: 06348E7D

Memory Dump Source

Source File: 00000000.00000002.4438931245.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: c38e5d495c6199bc1159a47c4f57731e2bb80120990f4a74f8237f4fcf422ef6
Instruction ID: f74acff293a5c965270f58c6352f702d9fa7b1deccdab3899a23c46041868936
Opcode Fuzzy Hash: c38e5d495c6199bc1159a47c4f57731e2bb80120990f4a74f8237f4fcf422ef6
Instruction Fuzzy Hash: 4DF054B6C00304CEDB50AF59D4457DEFBE4AB54315F24804AD558A6650C37DA2C9CBD1

Function 0786EE90 Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

/, xrefs: 0786EF51

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 6be3130f9667113e8e342e63d7ddac63a95df974c185035c3b7a7d3bb46a3bad
Instruction ID: 59c4ff0681082ca6e63beb23f810abfc2d3c5d341b3c7b4be731c51b65ea8a70
Opcode Fuzzy Hash: 6be3130f9667113e8e342e63d7ddac63a95df974c185035c3b7a7d3bb46a3bad
Instruction Fuzzy Hash: A1914178600106EFC714DF68D998969BBB2FF89358F248569E416DB3D5CB32ED02CB90

Function 0786EE80 Relevance: 1.5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

/, xrefs: 0786EF51

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 3525845b0ee403db37e9c81f8addbae0292287bf8cf549e1a401c0ba0cc88449
Instruction ID: 4492630ee5d442b4cc3195387a2c70ac1f50a3105665cb54346377f6bef767f1
Opcode Fuzzy Hash: 3525845b0ee403db37e9c81f8addbae0292287bf8cf549e1a401c0ba0cc88449
Instruction Fuzzy Hash: 0B917178600106EFC714DF68D998969BBB2FF89358B248569D416DB3D5CB32ED03CB90

Function 0796E298 Relevance: 1.5, Strings: 1, Instructions: 219COMMON

Download Yara Rule

Strings

s"$k^, xrefs: 0796E391

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: s"$k^
API String ID: 0-3463187023
Opcode ID: 495f2b893bbbb547acd08026aa7d38bc8bd5c3166fe4f1741902180815b6aca2
Instruction ID: a603895ceb71224c2105f9baa2b8b0e93e1e16dcf83a2226bc9599f9cbebe028
Opcode Fuzzy Hash: 495f2b893bbbb547acd08026aa7d38bc8bd5c3166fe4f1741902180815b6aca2
Instruction Fuzzy Hash: EC818F75A00205CFCB04EFA8D9489ADBBF6FF89318F248669D406DB354DB74AD0ACB41

Function 0786F21A Relevance: 1.4, Strings: 1, Instructions: 183COMMON

Download Yara Rule

Strings

/, xrefs: 0786F2BD

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 9c8ea800f9208dce8cb2998a6cebb8d7e7f2b7031ff76944150e20129d8142d2
Instruction ID: 5cc3a70651803238b4f0289f60ec4e45269e7ac25475bd88e9bf6d3cb7261f41
Opcode Fuzzy Hash: 9c8ea800f9208dce8cb2998a6cebb8d7e7f2b7031ff76944150e20129d8142d2
Instruction Fuzzy Hash: 8771F174600146DFC715DF68E994869B762FF89368B24C669D926CB3D9CB32ED03CB80

Function 07918B3C Relevance: 1.3, Strings: 1, Instructions: 92COMMON

Download Yara Rule

Strings

Haq, xrefs: 0791C9CB

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Haq
API String ID: 0-725504367
Opcode ID: 07f0e965223418079ade93100eee424c8bfd9ef0e86a36fd081b6f130c9f60fa
Instruction ID: 4f85e296d557aa5ae00fee445c73de1c878eb9d51f3ac265e98206c197a15554
Opcode Fuzzy Hash: 07f0e965223418079ade93100eee424c8bfd9ef0e86a36fd081b6f130c9f60fa
Instruction Fuzzy Hash: 1831B3B0E4420D9FD740DFA9D855ABEBFF5EF8A300F0484AAD144E7361EA349855CBA1

Function 0786CBA9 Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

fbq, xrefs: 0786CBCB

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: fbq
API String ID: 0-3185938239
Opcode ID: 5849cf72c03f6c4c21f149c145e2369e6ab66e6a789e3528b4c79791b2f17d76
Instruction ID: cdfcb6206872fbc2974122e35dd342664be1c47d37b7a8d9e207cb6246e93e8c
Opcode Fuzzy Hash: 5849cf72c03f6c4c21f149c145e2369e6ab66e6a789e3528b4c79791b2f17d76
Instruction Fuzzy Hash: 55119EB1A05244AFD710DB7998486AE7FA1DF82610F10815ED949D7341D9307C04CBE2

Function 0791C51C Relevance: 1.3, Strings: 1, Instructions: 55COMMON

Download Yara Rule

Strings

Haq, xrefs: 0791C522

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Haq
API String ID: 0-725504367
Opcode ID: 1a58648c5efdcbaf54429db7d098c8e9c178e05165683528ea7ebc75d1a054fa
Instruction ID: 375d4615b243ac6a7e632c7e01078c10c20f4a99e70f34fccabef848f5ca929f
Opcode Fuzzy Hash: 1a58648c5efdcbaf54429db7d098c8e9c178e05165683528ea7ebc75d1a054fa
Instruction Fuzzy Hash: F301F160B8D3944FCB4B5B7814240BD7FA2AAC760031A40DBC042CB2C3DC18980B83E2

Function 6E153C10 Relevance: 1.3, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(00843158), ref: 6E153C9C

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: CriticalInitializeSection
String ID:
API String ID: 32694325-0
Opcode ID: 3a5eb2a707f51c4d26bd22d464ec4dd65e8ebd6181c9921504d9de28e65c8965
Instruction ID: a24353c01f3ce607e752ee7c631b98f8b2c0801453143fa12c77dcb8a05917c0
Opcode Fuzzy Hash: 3a5eb2a707f51c4d26bd22d464ec4dd65e8ebd6181c9921504d9de28e65c8965
Instruction Fuzzy Hash: B011BFB0A406088EDB80CF68CC40BAABBE8AB05304F5084FAE418D7341D7728A96EF50

Function 0796D7A8 Relevance: .6, Instructions: 644COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d7cba842c1ab9efeb122a96228a03d22c46bd15672494481259bf5923f26a5f
Instruction ID: a0784db29fc892c652a5775638e2ccbfe422e3fc99783f122cf74da3b94099ff
Opcode Fuzzy Hash: 8d7cba842c1ab9efeb122a96228a03d22c46bd15672494481259bf5923f26a5f
Instruction Fuzzy Hash: 79523830A00619CFCB54EF24EC586ADB7B1FF85345F2086A8D44AAB254EF71AD95CF81

Function 0791E5F0 Relevance: .6, Instructions: 593COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ece0010d212c8b06b1d2d02006884888e2a9d54c8d41942a7bbb1ede97cad907
Instruction ID: 539fe9e07d3f23a61ce55acdbf534c50d8c157b86b852008865fc24be4b6ba01
Opcode Fuzzy Hash: ece0010d212c8b06b1d2d02006884888e2a9d54c8d41942a7bbb1ede97cad907
Instruction Fuzzy Hash: 1B428070A00709CFCB14EF78C8505A9B7B1FF99304F14C69AD85AAB265EF70E985CB81

Function 07861090 Relevance: .5, Instructions: 526COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3309e33d830b79bed1c2c8ffde1f854c03e6b1b5d6a96583fb31ad3a9e52272d
Instruction ID: 33c290021576bc378a73ffd3bf1f2568e8665aa970ced5b68158cab675d6c993
Opcode Fuzzy Hash: 3309e33d830b79bed1c2c8ffde1f854c03e6b1b5d6a96583fb31ad3a9e52272d
Instruction Fuzzy Hash: CB22F670B002049FDB44EB78D994A6DB7F6AF88304F248579D50ADB359DF32AC02DB55

Function 07861081 Relevance: .5, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64324694ea6c5ca732c40187a3ece9ad012df1a22aff9e199ac69da1de59b25e
Instruction ID: 460f82c03a4ac06c7dda41d1ccce32210fabb0466e1a991905631ca1aeed5373
Opcode Fuzzy Hash: 64324694ea6c5ca732c40187a3ece9ad012df1a22aff9e199ac69da1de59b25e
Instruction Fuzzy Hash: 35120670B002049FDB44EB78D994AADB7F6AF88304F248579D50ADB399DF32AC02DB55

Function 0796D7A7 Relevance: .4, Instructions: 436COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39041004ae7d55de38c5d0d89499ed870e22914584ec109c67fa053dac2fd5f0
Instruction ID: 91d17b92a3ed04fac2fe3ea439230f94a095118acfd68e0379f7ea2d9527de82
Opcode Fuzzy Hash: 39041004ae7d55de38c5d0d89499ed870e22914584ec109c67fa053dac2fd5f0
Instruction Fuzzy Hash: A7124830A00619CFCB54EF24EC585ADB7B6BFC9345F2082A9D44AA7354EF31AD95CB81

Function 0796D798 Relevance: .4, Instructions: 407COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9960493066c0a940e022fa5918da77aff5d5dc46340befe9adfa4b90d3f65056
Instruction ID: 70fcce627dd7d8f74b1a7a30b9706eace1c191201a52d10882b00aa1c971d683
Opcode Fuzzy Hash: 9960493066c0a940e022fa5918da77aff5d5dc46340befe9adfa4b90d3f65056
Instruction Fuzzy Hash: DA025A70A00619CFCB54EF24EC585ACB7B2FFC5345F2082A9D44AA7254EF31AD95CB81

Function 0791E5EF Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20d8fd7535f906299b104c4a1d3a14d5411cdb97691a1a1e54607c6ca629bbc7
Instruction ID: 75d9001650dcf66052d5d5f83ee57e4933b5a66b37560e6e8e72564eb5131f34
Opcode Fuzzy Hash: 20d8fd7535f906299b104c4a1d3a14d5411cdb97691a1a1e54607c6ca629bbc7
Instruction Fuzzy Hash: 4CF14C71D1071ACBDB15EF68C8506A9F7B5FF99300F10869AD849A7221EB70EAC4CF91

Function 079188FC Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c999ba2c5bc3830d261c824e4b2d7620ca86b286a875e82c8921da3213699466
Instruction ID: f8927e7d23e5eb1833d6ae0f3866b8b5037ed959f94d8527df8fc071c28fbcb7
Opcode Fuzzy Hash: c999ba2c5bc3830d261c824e4b2d7620ca86b286a875e82c8921da3213699466
Instruction Fuzzy Hash: E9E14B7590021ADFCF11CF64C880AD9B7B6FF49314F15C196E908AB221E772EA96CF90

Function 0796B5B7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b84aee250cbcc1673f188f978fa50883712efa7351db3e77b30c9601e21ef3c
Instruction ID: 4a919a763c92b563d8bc4ff77ebe71311334815dd8489ae0971bcaccde7ca749
Opcode Fuzzy Hash: 9b84aee250cbcc1673f188f978fa50883712efa7351db3e77b30c9601e21ef3c
Instruction Fuzzy Hash: 84A1C1B5304242DFC315DB78D898869B762EF86768B248AADD416CB7D5DB32DC03CB90

Function 0791D7DC Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab7baa700a5026299a8aba43c3f6b899728a7a9edb0b622afc8db87c18843ec2
Instruction ID: 5be802f23ebf844a4f7b6047e67eda46220785306d830ae1ec09ea8304c2c379
Opcode Fuzzy Hash: ab7baa700a5026299a8aba43c3f6b899728a7a9edb0b622afc8db87c18843ec2
Instruction Fuzzy Hash: B5C17F70E00A0ECBCB14FFA4E5844ACFB71FF89304F208699D4A567299DF319965CB81

Function 0791D7F0 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7153a93e855cf507e5160354e45f5e4447d38890b78f544a9f7dba6872a8d3b
Instruction ID: 241dd24efccd41672cb811822b3cf29b9c89fe121cf97d623c854978ace46667
Opcode Fuzzy Hash: a7153a93e855cf507e5160354e45f5e4447d38890b78f544a9f7dba6872a8d3b
Instruction Fuzzy Hash: CBB15E70E00A0ECBCB14FFA4E5844ADFB71FF89304F208699D4A567299DF319965CB91

Function 078605A3 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdcc5279e96f00c9d9e27af7561c73a385db92c19745afcccdb25ab9a479bd9e
Instruction ID: 55feff98b7483db658d98992038d343f7c174d24bf4de9ecf7039d9ce09b7bd9
Opcode Fuzzy Hash: cdcc5279e96f00c9d9e27af7561c73a385db92c19745afcccdb25ab9a479bd9e
Instruction Fuzzy Hash: DAB17474A10605DFC704EF68D998958FB71FF8A314B24C66DE816AB399DF32E842CB40

Function 078605B0 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87a18a680c5f42c6d87888857f260f87648309a2003a63ca98a8169fd3d25637
Instruction ID: 1da7211656ba77cbf378573160c189b1edb0d02a43c8aad4cfa4c05519b1ff32
Opcode Fuzzy Hash: 87a18a680c5f42c6d87888857f260f87648309a2003a63ca98a8169fd3d25637
Instruction Fuzzy Hash: D4B16474A10605DFC704EF68D998958FB71FF99314B24C66DE816AB399DF32E842CB40

Function 07862EC8 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c318e6373e58ac41b6b7369b09161e5caea48f05d2b267abf3d59f5d624af683
Instruction ID: 4656fc21fc33baa184ce08abe5cd157e927ebe2582df2431042b248336c452d6
Opcode Fuzzy Hash: c318e6373e58ac41b6b7369b09161e5caea48f05d2b267abf3d59f5d624af683
Instruction Fuzzy Hash: 47813174700245AFC714DF68D994929B7A2FB89358B24857DD81ACB396CB32ED03CB91

Function 07964F00 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7b2607bf45321900922a84bac9b3409006e546597ecf827970eb8913902cfd7
Instruction ID: cb1a4ac6327a653f97f3a4e1ecf6abfe3dfd2e76215e5a9a377c9581e94815f1
Opcode Fuzzy Hash: a7b2607bf45321900922a84bac9b3409006e546597ecf827970eb8913902cfd7
Instruction Fuzzy Hash: 48911BB0A14245DFCB18EFA4D8585AEBBB6BFC9348F114529D806AB354DB71DD82CB80

Function 0791D310 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bacf7ebd1078db471c9581ae7b1f0c366331c614cf84e805550310837a3d141
Instruction ID: 9ee58c5d32178f5033bf55c6b132fc26951ca9a2a8ad0e90410aff644e025bf4
Opcode Fuzzy Hash: 1bacf7ebd1078db471c9581ae7b1f0c366331c614cf84e805550310837a3d141
Instruction Fuzzy Hash: 49A1C231E00B1ADBCB10DF68C844699F772FF85304F118AAAD8497B345DB71AA96CF80

Function 07865A00 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb5a2b24ef4d6f54170c315857e8682356c44864615bf7e580b3d8111abf0634
Instruction ID: 0bc821fc2c67f187d2eaca4648474e9f41ad32b9e18f5d511ea29a164f0473da
Opcode Fuzzy Hash: bb5a2b24ef4d6f54170c315857e8682356c44864615bf7e580b3d8111abf0634
Instruction Fuzzy Hash: 93815274600105EFC704DB68D996969B7B2FB89324F248569E816DB3D9CB32ED13CB90

Function 0791D300 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98aa68fe55e6dadd668946d1b0a2c4ea5cd05e6b343a9f7f855f5f9a7bb07d21
Instruction ID: 9f48a94308ee2e9470139ef65ec3cbaacdc2c97553038dd7aa4b1a1ccb3007e4
Opcode Fuzzy Hash: 98aa68fe55e6dadd668946d1b0a2c4ea5cd05e6b343a9f7f855f5f9a7bb07d21
Instruction Fuzzy Hash: 0591A031E0071ADFCB11DF64C8446A9F772FF86304F118AAAD4497B295DB71AA96CF80

Function 0791E301 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97b5276e1182675eec4b6938cacb9180540beeb1c88e408d6fdbcdba7aeb6ac8
Instruction ID: 62712c66a7798eb738c04e69f2f6d362241b8170c5c307d892a75cac504d8d14
Opcode Fuzzy Hash: 97b5276e1182675eec4b6938cacb9180540beeb1c88e408d6fdbcdba7aeb6ac8
Instruction Fuzzy Hash: E1819071A00709CFCB04EFB8D8544ADB7B5FF98305B14866ED8069B261EF30D995CB81

Function 07865A10 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23107cb11401353a766c3b07224abf6bd4682bef71b7bfe8381cf230782f4d90
Instruction ID: 6d697e99f9d0ef12258820178176ff2a7793efff5d1519253f0b73f29638417f
Opcode Fuzzy Hash: 23107cb11401353a766c3b07224abf6bd4682bef71b7bfe8381cf230782f4d90
Instruction Fuzzy Hash: 5A812074600105EFC704EB68D996969B7B2FB89324F248569E817DB3D9CB32ED13CB90

Function 0791D2E1 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f36a86a9859bc6e59771d7be30d75d7e198d9e16482f2f220db621297b9de4dd
Instruction ID: 14ff348de4883c7f97c574c0ac1f3236d891d1661d0c9134ef1d9f434183262e
Opcode Fuzzy Hash: f36a86a9859bc6e59771d7be30d75d7e198d9e16482f2f220db621297b9de4dd
Instruction Fuzzy Hash: 4791B231E0071ADFCB11DF68C844698F771FF85304F618AAAD8497B255DB71AA96CF80

Function 07964EF1 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74292f733a232f0a33ec2a46786184239e76404868a28bfe1d439b127ca97d26
Instruction ID: 19bda195f65bd024219a87a066bd27730e6f1938ca530136ec6f88e89b5894d5
Opcode Fuzzy Hash: 74292f733a232f0a33ec2a46786184239e76404868a28bfe1d439b127ca97d26
Instruction Fuzzy Hash: 4D710770A10245DFDB18EFB4D85896EBBB6BF89348F144129D806AB354DE35DD82CB80

Function 07969B1B Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2e4bd1e0afdcdfab897b96cba16b1bc0a0afc2c334882adbc63f3744a018b64
Instruction ID: b85d98a2d175541cf76fff2107c59a7eca8240a99d26febf3784e9498df549e4
Opcode Fuzzy Hash: b2e4bd1e0afdcdfab897b96cba16b1bc0a0afc2c334882adbc63f3744a018b64
Instruction Fuzzy Hash: 92712274304241DFC704DB78D9988697BB5EF8A728B2486ADE4168F3E5CB32EC02CB51

Function 0796F743 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e823861c0117a5109dc8666971370a8a152b961d60932fb1286ef0938e0b88f4
Instruction ID: 349b9f76e69d4f6e268a0b76eaec1923009dafd16102c3ef49ad1a302a7b7bfa
Opcode Fuzzy Hash: e823861c0117a5109dc8666971370a8a152b961d60932fb1286ef0938e0b88f4
Instruction Fuzzy Hash: F67112746082419FC304EF28E59492ABBA2FFC9354F64CA6DE8568B3D5CB32DC06CB51

Function 0796F4BF Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37c1e72796bc5ef90c2b5d342f77ba62a59e0898f95eb6e6b8721dc25c167f31
Instruction ID: 55e1a08a4f656a21cd8bc6f4a976ff48896a16eacfb84c49db37d9e652345c95
Opcode Fuzzy Hash: 37c1e72796bc5ef90c2b5d342f77ba62a59e0898f95eb6e6b8721dc25c167f31
Instruction Fuzzy Hash: 37615474605602DFC314EB38E55881ABBA2FFCA354B248B9DE85A873E5CB32DC16C751

Function 0796F4D0 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78ed383f03ac8cba43b53824ed11fa75dab0d96167fae4b13e585a8a80efc76b
Instruction ID: c24241e9a26cf867b5508de7470ce8c67b08f63ae776abc1147ea77d81dc84ba
Opcode Fuzzy Hash: 78ed383f03ac8cba43b53824ed11fa75dab0d96167fae4b13e585a8a80efc76b
Instruction Fuzzy Hash: 82612274605602DBC314EF28E59981ABBA2FFC9354F248B9DE85A87395CB32DC06C791

Function 0791E310 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa33127c62a60ff0cde185e1ce3cb15980ed3357823372461fb687400e43d07e
Instruction ID: bf74938dfa3dc6f08c0e0198ead45178659b4302cd976ef6f65ad752bcb571e0
Opcode Fuzzy Hash: aa33127c62a60ff0cde185e1ce3cb15980ed3357823372461fb687400e43d07e
Instruction Fuzzy Hash: 08715170A00709CBCF05EF78D8944ADB7B6FF98345B10866DD40A9B265EF30E985CB91

Function 0796DF1F Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 731a037260b153204fe28dcad578a6682747615f5296869aa364a030a710f439
Instruction ID: d19c64c21cf23d562a3ed6292266ce8a803f767bb1d63c24324598d65631dddf
Opcode Fuzzy Hash: 731a037260b153204fe28dcad578a6682747615f5296869aa364a030a710f439
Instruction Fuzzy Hash: 2C811930A10A19CFCB10BF64D8585ACBBB1FF85345F1086D9D48A66264EF3199A4CF81

Function 0786D758 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bedff53decd00a528b34111c9ee84e7ee11d7e53230a11235440a26a9a704d9
Instruction ID: 7f4e7a8c308ccd9c1a7b56ace4c5deb7e2349efbd851fc1f8e3fb2a5178b29ca
Opcode Fuzzy Hash: 8bedff53decd00a528b34111c9ee84e7ee11d7e53230a11235440a26a9a704d9
Instruction Fuzzy Hash: F251EF74700505EFC714DB68E999829BB72FF89228724C669E8178B3D5DB32DD03CB91

Function 07969B50 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9023bb3181d731bc9b783f5ac2e668829dcdaa0c8085d1feb070a23ca5652768
Instruction ID: 89420a58a1dbbd1ae7614945dbeb08f3d0e5a4747e2e327375bbffaab03302b2
Opcode Fuzzy Hash: 9023bb3181d731bc9b783f5ac2e668829dcdaa0c8085d1feb070a23ca5652768
Instruction Fuzzy Hash: 2351EF74300101DFC714DB78E998869B7A6FF89769B24866DE4168B3E5CB32ED02CB90

Function 0786C900 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4af47ad9ca955e4a051d6c6356080cda7f428928b18c73341ef029f430e9427a
Instruction ID: 5348b0f672b120e991a33b82432dea3db410c586f1da9996fa05dede02b4d51d
Opcode Fuzzy Hash: 4af47ad9ca955e4a051d6c6356080cda7f428928b18c73341ef029f430e9427a
Instruction Fuzzy Hash: 27516EB0E1071A9FDB14DF65C84479EBBB2FF89304F108699D448BB201EB70A985CF91

Function 07865D0B Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8e7a9a4892820a7d87333ed7c8eeafa89c52b8a33ffaf6f5ed2316c4e4b57ba
Instruction ID: c20e89d43fd2cb874e2c12556bb1a7133b46495214b46641e91d2de9aa002442
Opcode Fuzzy Hash: c8e7a9a4892820a7d87333ed7c8eeafa89c52b8a33ffaf6f5ed2316c4e4b57ba
Instruction Fuzzy Hash: 01519474600106EFC714CF18D99C969BBB2FF9A364F248569D9268B3D5CB32AD13CB50

Function 0786C8F0 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d83baafcf04501262f2a06d7cde36b47e63e845c4ba8f992dc80cd280c5e1e8
Instruction ID: 3a914a81b794ad58a0f81c23b243487d9481ae883c6750ef46c1f9fcc187e36a
Opcode Fuzzy Hash: 8d83baafcf04501262f2a06d7cde36b47e63e845c4ba8f992dc80cd280c5e1e8
Instruction Fuzzy Hash: 195170B1E1071A9FDB14DF65C84069DFBB2FF99300F14869AD448BB201EB70A986CF91

Function 0796DED6 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a2e74e2ebdc467951fac1b422445944d188bd01f977c82e9335ce3ba337df1c
Instruction ID: 7fbb62e5328fe12733da7382c9ae7ea7005ac3fcf0438ac50cd84fb40b6b0ee0
Opcode Fuzzy Hash: 1a2e74e2ebdc467951fac1b422445944d188bd01f977c82e9335ce3ba337df1c
Instruction Fuzzy Hash: 6B613D30A00619CFCB54BF64EC985ACBBB1FF85305F1086E8D48A66264EF715DA9CF81

Function 07864DCB Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72c2b40c3fd5ac1fade0c138da25446d6fb88d1a744ffca164e2684d65388028
Instruction ID: d6c6161b58a4312f0b2436117b77eb816da80bbea499a53835ee47cb5bffe648
Opcode Fuzzy Hash: 72c2b40c3fd5ac1fade0c138da25446d6fb88d1a744ffca164e2684d65388028
Instruction Fuzzy Hash: B2519470604285EFC755DB68D95896DBBB2FB86324F248169E42ACB3D5CB319E43CB80

Function 0786D3C8 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aadf40758d7a83c7bbb8d77fe19db5885ad5c70eb90c2f94451584bdc26b6d8
Instruction ID: ecebad07411f57ac604cc3e5debf75aeb1551d959971c5a754336ef73e3837be
Opcode Fuzzy Hash: 4aadf40758d7a83c7bbb8d77fe19db5885ad5c70eb90c2f94451584bdc26b6d8
Instruction Fuzzy Hash: 82410F74300605EFC714DF28E998929B7A6FF95328B24C669D417CB399DB72E903CB50

Function 07864DE0 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea9ecf6e3f2d8369a79203489d70e3d9e4df24ec79850d88a644077a9bec7bfe
Instruction ID: c97b6721202b28912fc471f0ae5e02b1a63758d84fbd985da9ca311864e04f64
Opcode Fuzzy Hash: ea9ecf6e3f2d8369a79203489d70e3d9e4df24ec79850d88a644077a9bec7bfe
Instruction Fuzzy Hash: 38418370600145EFC754DB68D958A7EB7B2FB85324F248569E52ACB3D5CB31AE43CB80

Function 0786C123 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f73ef83de72af1136557dcd5384f47c99ce5470a5018b8c6660ff56cb768eaf
Instruction ID: 7b8456444d16e2da444c7aed3214dee4fa567fa53dbb7b8eefb94c5fc4ac1a66
Opcode Fuzzy Hash: 8f73ef83de72af1136557dcd5384f47c99ce5470a5018b8c6660ff56cb768eaf
Instruction Fuzzy Hash: 8441D8763082559FD706DB68D844916FBB2EFCA72472482ABD465CB396CB32EC13C790

Function 0791A439 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78dba339f7aae297247e4abcaa9f332500c7168a911fcd73b679f493bbea61ce
Instruction ID: 1473006f3e50f3d2ef1edc4a161922e4e6b37dafa0bee95090fbdae6115e3706
Opcode Fuzzy Hash: 78dba339f7aae297247e4abcaa9f332500c7168a911fcd73b679f493bbea61ce
Instruction Fuzzy Hash: 0641DAB6A0120A8FCB50CF69D941ADEBBF1FF48354F14842AE959D3351E234E925CBA1

Function 07965DC1 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 452f28a7ebbddb43adcf54296d9333a4452c490f0b4ccb91e53a3975d4a50690
Instruction ID: 183f971afcfb0747a78ef3e6cfe26044cf3319376b463945bca69363c03c4035
Opcode Fuzzy Hash: 452f28a7ebbddb43adcf54296d9333a4452c490f0b4ccb91e53a3975d4a50690
Instruction Fuzzy Hash: EC31F2767442269FCB059A64EC4DAEDFBB5EF88666B04452BD402DB691CB308812CBE1

Function 0796BCF0 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72061f90917171b09abd21e5ead2e79a462d90f1bd487b9e40f29a97001570cd
Instruction ID: f9866fdc9a50392505794b47c3b4669ad499a6b1575ac97e677074fe9e2a6f30
Opcode Fuzzy Hash: 72061f90917171b09abd21e5ead2e79a462d90f1bd487b9e40f29a97001570cd
Instruction Fuzzy Hash: 6241B6F5A04246DFCB25DF74C49859EB7B6FF81308B218A69D503EB251EB70E845CB81

Function 07861A90 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b278f4863a485a8e9d641a582010dc221d4e1da16b28c3c0eb2fe070f7c2e2ac
Instruction ID: faf33c35316da6a7362258281c9d0dd36fdfa03efd772b1fb59f5a833ff6ab7e
Opcode Fuzzy Hash: b278f4863a485a8e9d641a582010dc221d4e1da16b28c3c0eb2fe070f7c2e2ac
Instruction Fuzzy Hash: 8B316BA1A4F3E66FD30347355C655997F618F93121B5E41EBD1C8CF1E3D608681AC362

Function 0786CB3F Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed3dbdaa2391fc784b09f98a0cb5772038b41e90fab1dc70f89547c289ff071e
Instruction ID: d2f3026feb08c5422e217f50f0cead621eb0bd8bd1bf678aefb8466882e08a95
Opcode Fuzzy Hash: ed3dbdaa2391fc784b09f98a0cb5772038b41e90fab1dc70f89547c289ff071e
Instruction Fuzzy Hash: AD416EB0E0071A9FDB14CF65C88079EB7B2FF89304F148699D449EB245EB70A986CF91

Function 0791F763 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9975b99a80c365f8283a65375c8708cf0696fa4d6894c542e754ff594c9a099b
Instruction ID: a29c9431eb3980a357c3e8962b79e6703017bf1faec0cf68822ab46ed1afec2d
Opcode Fuzzy Hash: 9975b99a80c365f8283a65375c8708cf0696fa4d6894c542e754ff594c9a099b
Instruction Fuzzy Hash: 9A41E470504B49CBC705FB78D860468BB71FF9A320F048B9EE49697391DF31999ACB92

Function 0791F5C8 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29d5325a7f82949637de676641c7bdaa2090e021048cbbbb4f5faeaa32b38fa2
Instruction ID: 1f89bef09265e8c0d477bde8e97475359b67bc6850756398b61bb0006516540e
Opcode Fuzzy Hash: 29d5325a7f82949637de676641c7bdaa2090e021048cbbbb4f5faeaa32b38fa2
Instruction Fuzzy Hash: 4141E271514709CFC700EF78D860469BB71FFA5314F049B5AE4195B2A5EF31DA92CB81

Function 0796E560 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0690a404767ad0182b1e544b386204c8a8011ec9255a9826b782a657a28d0b40
Instruction ID: 5a8b7147af826bb22b46f1ba0ecdd555dbf4511b196a449ac3ad2bd1e37b55e8
Opcode Fuzzy Hash: 0690a404767ad0182b1e544b386204c8a8011ec9255a9826b782a657a28d0b40
Instruction Fuzzy Hash: BF41C7743046419BD714EB28D85852ABBA2FBC9354F648A6CE85B873D8EF31DC12C786

Function 0796E541 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f2746ddc000c0a6a35cc1db8115560865561995e1d1cf31e51c78466ae14b96
Instruction ID: a5620eaf5f3479d4b74da3df14cb6134dda051c2b1edc64110d51e726bcf7ce7
Opcode Fuzzy Hash: 1f2746ddc000c0a6a35cc1db8115560865561995e1d1cf31e51c78466ae14b96
Instruction Fuzzy Hash: 0631A434304641DBD700EB28E89952AB7A2FFC9258F248A6DE45B873D9DF32DC12C785

Function 07866E50 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 618bd09c0688cd05ce17af1ee428c838e57a4fb204653fe7661abdf330bca10b
Instruction ID: 26f25aaf97362ffb7f629ad827267b2dd1428dd83c28ca982b8ffe1fcf36ef45
Opcode Fuzzy Hash: 618bd09c0688cd05ce17af1ee428c838e57a4fb204653fe7661abdf330bca10b
Instruction Fuzzy Hash: F53166B5B10285EBCF64EF18D9489AEB7BAEF98314B508429D406D3240EB31ED51CB95

Function 07965D15 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 164e1888fd157a5e8bdcb34960043a93a1daec25e56b34ce706ee6aadcac9bd5
Instruction ID: dc4d0468adbac3ee5de5abdab432d557446968cf23fa49f4a9a196f600221091
Opcode Fuzzy Hash: 164e1888fd157a5e8bdcb34960043a93a1daec25e56b34ce706ee6aadcac9bd5
Instruction Fuzzy Hash: 463102B17002228FCB05CB64EC1DAEDB7B5FF88655F14462AD806DB390DB749812CBD0

Function 0796E721 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 345202b0d747ddd8f203eca51c4f23a28a95ee2405b75a8aea78f03ab84c6fb9
Instruction ID: 0324e18c7adebe49f3bc12749caf4dbdb123fc3fa81b160058eaf3ae6818807b
Opcode Fuzzy Hash: 345202b0d747ddd8f203eca51c4f23a28a95ee2405b75a8aea78f03ab84c6fb9
Instruction Fuzzy Hash: D9319E34304541DFC754AB38E849929B7E5FF8A358B288ABDE85A8B3D4DF36D812C741

Function 07965E35 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11d81439b5b5011aa39d96da9e099e740253f6563847a5ced38951fe2bbf02f2
Instruction ID: 7414ac48fd71df9a91385d4d98d0991895449106def8a6d7f2d1cb410a576fe0
Opcode Fuzzy Hash: 11d81439b5b5011aa39d96da9e099e740253f6563847a5ced38951fe2bbf02f2
Instruction Fuzzy Hash: BE3133717052268FCB05CB64EC0DAEEBBB9EF89604F04416AD406DB751CB348811CBE1

Function 0796E730 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042251919e6557c25038d61a4ea1c1c4f2c5cbb08101506a69d18a413eb358e7
Instruction ID: f664bdf29dc9a833d7602499bbb3ee3772e8fec79c3a974506bc387e2af795bf
Opcode Fuzzy Hash: 042251919e6557c25038d61a4ea1c1c4f2c5cbb08101506a69d18a413eb358e7
Instruction Fuzzy Hash: 76316B38304500CFC754AB38E949929B7A6FF8A358F248A7CE85A8B3D4DF76D812C741

Function 0786C160 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5a1ff2067553f3b040b7ee1409154095de1bbda73bb2510d458dee175933d81
Instruction ID: a78c76a3a386fbbaa5787ce4b5961cad82858351a8fbe3633f3550ccf30193c6
Opcode Fuzzy Hash: c5a1ff2067553f3b040b7ee1409154095de1bbda73bb2510d458dee175933d81
Instruction Fuzzy Hash: 923141753041059FD344DF69D894925B7A2FBC9724B24C669D81ACB399CB32EC03CB90

Function 07861B91 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47ea5f28e0063b81216bc6d43223a80f9785d75b2dd56628e3328435e792b58e
Instruction ID: 67c110b1e59c30b3a9ada281fd7ad13eab1967eefdec4779a8c76511699a86e2
Opcode Fuzzy Hash: 47ea5f28e0063b81216bc6d43223a80f9785d75b2dd56628e3328435e792b58e
Instruction Fuzzy Hash: 3021DBB4B04219EFD704DB28E94C969B7A2EF99364B148569E416CB396EF31DC02C790

Function 07867169 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8631ba470192149bbff224507fdb13fd669f89691802f7fbf1ce88b330c6563
Instruction ID: 71ca232f86b732e2a3befda32dc47b9a53f37746a006f9019cf995f6ddf51fbe
Opcode Fuzzy Hash: a8631ba470192149bbff224507fdb13fd669f89691802f7fbf1ce88b330c6563
Instruction Fuzzy Hash: 8D21E6B16002059BEB15EF68D8047EE7BB2FF84704F104466E106EB258CB359905CBD1

Function 0791ABB7 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b41df4fb902d981d03807cf111dff009f7acd92609c83eb90c84ada4e050fd8a
Instruction ID: b3877ecb5c52ea02b682dfbeac8d7903ecd7dc97251f89908fc929ac94a5d830
Opcode Fuzzy Hash: b41df4fb902d981d03807cf111dff009f7acd92609c83eb90c84ada4e050fd8a
Instruction Fuzzy Hash: 943155786101059FCB14DF64C994DA8BBB2EF4A318F1885A9E9198B3A5CB32ED42CF40

Function 079662FB Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44c94e45dda5babd04db4ada6a724636ae0e8dc1fa576af3071cb08e0a63a656
Instruction ID: 39eac7838f129127ffb487de13ba90a2c400ebc9291cef4f8d37d01605409334
Opcode Fuzzy Hash: 44c94e45dda5babd04db4ada6a724636ae0e8dc1fa576af3071cb08e0a63a656
Instruction Fuzzy Hash: 77311A74A10215DFCB18DBA5D898AAEBBBAFF88318F148529D802A7350DB31EC41CF50

Function 078672BB Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945afa4ff358b79ead234f23759b9a615287a1fb387e8cf83baeae61fb8acf3d
Instruction ID: 39a7d4c3922b9baf82895746acc11c586cd4449e7c3954663928cc086749f3ae
Opcode Fuzzy Hash: 945afa4ff358b79ead234f23759b9a615287a1fb387e8cf83baeae61fb8acf3d
Instruction Fuzzy Hash: 43211479B005058FDB04DF69C988D6EBBF6FF88614B1140A9E505DB331EB30EC418B90

Function 078672C0 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de794d616c1ecf9484c50760034165e770cc8e93519eca3a5923ab3276e1bcec
Instruction ID: fa4ea10ba98e96091739d06db777c43f4bc2644dca31afdfab669784e656a770
Opcode Fuzzy Hash: de794d616c1ecf9484c50760034165e770cc8e93519eca3a5923ab3276e1bcec
Instruction Fuzzy Hash: DF213775B005058FDB04DF6AC988D6EBBF6FF88614B5140A8E505DB331EB30EC418B90

Function 0791DC90 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dda87d280bb5fa6824fe2135d2f7d9974bb9ccd765af9223651c5f4484aaf8a7
Instruction ID: c84ed61ce99600be29ff32ec7c8dea9fb240bfb8df935597fd68ab21d12c37fa
Opcode Fuzzy Hash: dda87d280bb5fa6824fe2135d2f7d9974bb9ccd765af9223651c5f4484aaf8a7
Instruction Fuzzy Hash: 1E215E31914B4A8ACB05EFB8D8104AAB770FE96250B11875FE49867221EB70E6D5C7C2

Function 07861D71 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20297d4982376cff75e8d8282315fdaa40d4601124973c62e5c0300523a3f6b9
Instruction ID: c91607ab642d6c6361e8575e160ff93da315479cbe090ec53c2ab36e23921d75
Opcode Fuzzy Hash: 20297d4982376cff75e8d8282315fdaa40d4601124973c62e5c0300523a3f6b9
Instruction Fuzzy Hash: 1B21F671704149BBC745DA19D84C835BBA2EF9A264718C669E916CB3D7CB319C03C790

Function 0786E3D8 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db22893f09e45c619250a747f20764da57b56c5249542ac61ba6060f83fcbaf0
Instruction ID: ff34f6d15f2f34f0cfdbb8d98cd46b6b4fad1385b5c5a5e71108efdb57143c68
Opcode Fuzzy Hash: db22893f09e45c619250a747f20764da57b56c5249542ac61ba6060f83fcbaf0
Instruction Fuzzy Hash: B521D7712016005BD61AAB35E854A6E7B9BDFC1740F14493DC10ACB264DF78AD09CB92

Function 0245D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4431030593.000000000245D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0245D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_245d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bc37fdd64164f8e32ee7941d739de5649d923f3be1b70a6e870c993df561375
Instruction ID: 3a7e197b171bdf997c1c1b19190228867a7f8863382dd5f5b7cc95379ab93c4a
Opcode Fuzzy Hash: 4bc37fdd64164f8e32ee7941d739de5649d923f3be1b70a6e870c993df561375
Instruction Fuzzy Hash: D221CF71904204EFDB05DF24D980B26BBA5FF88314F20C56AED894F356C37AD446CA61

Function 0245D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4431030593.000000000245D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0245D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_245d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddfe2c784bd4e6bc281fd2bf1ab313a4efe7bb642bc6a99c6e1293974ee544a9
Instruction ID: 6682a602751f144e5c7a476133088c9a4eec0090ca3047973c6b351d60fa516c
Opcode Fuzzy Hash: ddfe2c784bd4e6bc281fd2bf1ab313a4efe7bb642bc6a99c6e1293974ee544a9
Instruction Fuzzy Hash: C721D071A04204DFDB14DF24D984B26BBA5EF88718F20C56ADD8A4B357C33AD447CA62

Function 0245D2BC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4431030593.000000000245D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0245D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_245d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c1b9a645ace100a91473d72809b9d0c375068c3c7623401952b8f3c68b59e8
Instruction ID: cba5d5bde136e1e34acbe3709b139d9df12d9632eb358ee6d18c2be2de0797c8
Opcode Fuzzy Hash: d6c1b9a645ace100a91473d72809b9d0c375068c3c7623401952b8f3c68b59e8
Instruction Fuzzy Hash: 9221F371904244DFDB05DF14D9C4B2ABB65FF88324F24C56AEC890B346C3BAD446CAA2

Function 0786CAEC Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 530b91699db3f9032ca474a09cda16023d723b61d5f0eb536e1da2ff91924f29
Instruction ID: 269b3122ff8c8c76914235694fe9f935c183808137d027df45e82fc505e42b85
Opcode Fuzzy Hash: 530b91699db3f9032ca474a09cda16023d723b61d5f0eb536e1da2ff91924f29
Instruction Fuzzy Hash: DF218BB0E4031AEFDB14CF65C85079EBBB2BF86304F108599D589EB241DB70A986CF51

Function 078617F1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36ace2b022d6fdbd15d2469ad1c6ebdf3c8d609ce6ff9c2880000f5a2f94ece1
Instruction ID: 9ad5e9882ce3a202a5c311f01812f13ee796d222468d5eb9b1c5a3d425e55fc0
Opcode Fuzzy Hash: 36ace2b022d6fdbd15d2469ad1c6ebdf3c8d609ce6ff9c2880000f5a2f94ece1
Instruction Fuzzy Hash: 5911F0B1D0021DABEF159F68C00C6EEBBB2EF99711F24C429D801BB281CB365850CBD1

Function 0796C563 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a7768a5d206bc83baf0ae91516d55f3541b257e5fb2985263243c2c562759e9
Instruction ID: 90a988178bf3a19e3ca047f40d8e5a6699b5e3d4491c6f0992fe252801993293
Opcode Fuzzy Hash: 4a7768a5d206bc83baf0ae91516d55f3541b257e5fb2985263243c2c562759e9
Instruction Fuzzy Hash: AA11E9313043414FDB169B39E8545AA3BAAEFC6205B0046BEE48BCB259DF34F956C762

Function 0245D005 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4431030593.000000000245D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0245D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_245d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 266d076ffbc27420170c6480e2790c51790dfd7c0df073f6b125b97f754967ff
Instruction ID: b8080dafbb6cf9654789eb8294de49b2a45eff967a164ea6bf01fc4a53926cb1
Opcode Fuzzy Hash: 266d076ffbc27420170c6480e2790c51790dfd7c0df073f6b125b97f754967ff
Instruction Fuzzy Hash: 6C218675508380DFDB06CF14D594716BF71EF46214F24C5DAD8894F2A7C33A9806CB62

Function 07861D80 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8130048d88296c1aef5c7b1bdfd335a10711b31be9eefca5e4ae202e446def9
Instruction ID: c989fa47bdf304e34cd2693c00a4a7ed6ca3e70b1a41ca49382181e14f2c2eb0
Opcode Fuzzy Hash: d8130048d88296c1aef5c7b1bdfd335a10711b31be9eefca5e4ae202e446def9
Instruction Fuzzy Hash: 17118234700108ABC754DA19E99D935B7A6EBD9364B24C52DE91BCB3D6CB32DC03C790

Function 07965EB1 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92d26b20a49623b1da7ed5db5227d690dbb1c4f31d8cb8b45499fdeaeacd438a
Instruction ID: ee0b11b32f66fd80ebfe5cbc157bf738442a724f140c17c33ebac98603f85bd8
Opcode Fuzzy Hash: 92d26b20a49623b1da7ed5db5227d690dbb1c4f31d8cb8b45499fdeaeacd438a
Instruction Fuzzy Hash: 3D113A71B002158BDB18DB64D85DAAEBBBAFF88305F144529E806E7364DF749C11CB91

Function 0791D730 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfcefc5a47ef17de86e357ccd244e9eda304aad0d617f85c120ec2cd9756da69
Instruction ID: c688a357dec69749aec5e753bfda3239261971738d4551fe93a28100e88218a2
Opcode Fuzzy Hash: bfcefc5a47ef17de86e357ccd244e9eda304aad0d617f85c120ec2cd9756da69
Instruction Fuzzy Hash: FF11A1717002159BD714EA94D9507EE77E2EB89651F10486ED402E7385CF769D06CBD0

Function 0791A900 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 378eb220adeae3966a78f3a409119a9c7a55606d58e6d53d4cda92439ed87410
Instruction ID: b12bad05fe31584431ba107ed8b764883acde594b7a398fea62d58cd4b9c286e
Opcode Fuzzy Hash: 378eb220adeae3966a78f3a409119a9c7a55606d58e6d53d4cda92439ed87410
Instruction Fuzzy Hash: 090184367052948FC307EB68D85086A7FB69F86224315C0E7D448CF262CA32DD46C792

Function 0245D2B7 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4431030593.000000000245D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0245D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_245d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
Instruction ID: e8feaed9dde8be8d46b0bf36dbe1f0473f48c40711ddf04cb0551b42deb45952
Opcode Fuzzy Hash: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
Instruction Fuzzy Hash: 91119075904280CFDB12CF14D5C4B1ABB61FB84224F24C6AADC894B756C37AD40ACBA2

Function 0245D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4431030593.000000000245D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0245D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_245d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction ID: 2aefe55f89ae8db6bd86ed858aa179f039ef51a6ea1db6666a898ecb7ec1bfd5
Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction Fuzzy Hash: B7117975904280DFDB16CF14D5C4B16BBA1FB84214F24C6AAEC894B796C33AD44ACB62

Function 0786708F Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ece91467193188f091dc004b26c52c1c3e02b9a51f37838b5e9dc2f9d969c1aa
Instruction ID: cab3fd64741e814e5f2a285e2f359978725f38b03220fa56084cf9f2724074b4
Opcode Fuzzy Hash: ece91467193188f091dc004b26c52c1c3e02b9a51f37838b5e9dc2f9d969c1aa
Instruction Fuzzy Hash: D8019E76A056018BC305CF2CF89005AFBF2BF85610754867BDC09CB718FA749C558792

Function 0791DCA0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd379e467560a30d184625acae4ea33d20425ea1a2b9d6a3ef598cc0ec8a183a
Instruction ID: b6ea1f218bcfe54f32bdf92b0c5ed3568ce2c385f6d92bc9e5cc1136f5b7f6b0
Opcode Fuzzy Hash: cd379e467560a30d184625acae4ea33d20425ea1a2b9d6a3ef598cc0ec8a183a
Instruction Fuzzy Hash: DC11DA31814B0ACACB05EFB8C4544AAB770FF95250B119B5EE4582B221FF70E6D4CB82

Function 0796C4C8 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e3a3e9a9ff1f9dfa74eb7ea0c3924e5497f7ea9cd9b23a5689f067bced63c3a
Instruction ID: 20e78a43c40f02b3fbadcde0e7e2c18b0ac468503e76967f63ee952427ca13d5
Opcode Fuzzy Hash: 5e3a3e9a9ff1f9dfa74eb7ea0c3924e5497f7ea9cd9b23a5689f067bced63c3a
Instruction Fuzzy Hash: 6101D4302087408FC325AB39E84442ABFA9EF86260310476ED0DACB2D5CB34A819C7A1

Function 0244D731 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4430978761.000000000244D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0244D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_244d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c3747a541d2106c495a063544a56a6a31b2cfc27760beb433be791dd9d71fae
Instruction ID: d2ae1c16e3549c80304cb5afff6460b718fd81fae37ff2dd37ec3be1b4a0a315
Opcode Fuzzy Hash: 4c3747a541d2106c495a063544a56a6a31b2cfc27760beb433be791dd9d71fae
Instruction Fuzzy Hash: BC01F731804B04DAF7108A25CD84F67FFD8EF45324F18C42BED094A286CB389840C6B1

Function 07965164 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22a8339cd9b85c9a72b8bf1721bcd8d36c189931b6951a2268ad863af5b1c128
Instruction ID: b3b3cb034bed2d42a47a6b12e7bb71260d09de715c0b38f6c9cc93d2e6f0e2b5
Opcode Fuzzy Hash: 22a8339cd9b85c9a72b8bf1721bcd8d36c189931b6951a2268ad863af5b1c128
Instruction Fuzzy Hash: BA111EB0E1134ADFCB18DFA0D45459EBB72FF95348F218619E806BB604DBB0A556CB41

Function 0786C2F8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1cb07549ac7d4341c3b3fa9d946f4b7c6830adb3ffb2f78bd2c26860791dcbd
Instruction ID: 987013ea7522d638b135f32182c7c4afe2b5e3584c78185a9bfb4ecdc84008c2
Opcode Fuzzy Hash: e1cb07549ac7d4341c3b3fa9d946f4b7c6830adb3ffb2f78bd2c26860791dcbd
Instruction Fuzzy Hash: 680128B2F05254BFD716CAF5E454AAEBBF6CB81624F1440EBE454CB241EA30A9068B61

Function 0791C5A0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2199312247c619bcbcb26e05203cf54bdbf44aa44ef567d4ac7f5b0c6fb1c72
Instruction ID: 5f7dd609b85d2bd269946ce9d408dc23000d59a3e279040dab6c7eda65436f64
Opcode Fuzzy Hash: c2199312247c619bcbcb26e05203cf54bdbf44aa44ef567d4ac7f5b0c6fb1c72
Instruction Fuzzy Hash: 59F0C231A4C3885FC706DBB598104EEBFFA9E86210B0988EBE449CB292E934584087E1

Function 0786BBB1 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95fb1be890cf6ab18d11f4dd18ddff72a5e741326bd083e58f3871d3ced1c920
Instruction ID: 14c8ab48608fd4f10248267215ffc3e683cd4ad75212ce9d6df496627893f221
Opcode Fuzzy Hash: 95fb1be890cf6ab18d11f4dd18ddff72a5e741326bd083e58f3871d3ced1c920
Instruction Fuzzy Hash: E1016DB5610105EFC704DF24D94496EBBA2FFC9358B248528D416C7398DB36E803CB54

Function 0791C8B9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74838421c2aa78000b62a1e90e5fdfc8dacce5a409a05d93f1b71e28aa985aea
Instruction ID: 0f98b325a443ef65a49d73ebfb43b6ba3b408cffbfc732ed54f7ae52eb33963d
Opcode Fuzzy Hash: 74838421c2aa78000b62a1e90e5fdfc8dacce5a409a05d93f1b71e28aa985aea
Instruction Fuzzy Hash: 48F022B078421A9FD300DBD9D801ABEBBB8DF8A254F014453E500CB341EB718842C7E1

Function 0791C8E8 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e40adb158432af2147f8b5280850666df2a40c804bee500efb5aa7b99beb6c02
Instruction ID: 100b9746ca5cee45535821284e7c6bc05e98af85961cf036343a542a902d3ff1
Opcode Fuzzy Hash: e40adb158432af2147f8b5280850666df2a40c804bee500efb5aa7b99beb6c02
Instruction Fuzzy Hash: 840178B4D4020A9FE700CFA9C486AAEBFF4AF4A224F14856AD540E7380E77484808FA0

Function 07864021 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb1f3c82f6ed6c0bdd9e34f4fc8bc7be34bc03d5ed0a67a371e41d9e799637a4
Instruction ID: a9020605600d6ec3e1e275ab63934980523cad4b2131a3985f8575f3f857a062
Opcode Fuzzy Hash: eb1f3c82f6ed6c0bdd9e34f4fc8bc7be34bc03d5ed0a67a371e41d9e799637a4
Instruction Fuzzy Hash: 690162B43042469BC314EB75DD658297762EBD5368B24D569E826CB3CADF32ED03C780

Function 079673F2 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 372658cda52cc96cc4461ed1a8d51162d7c4e441cea84b11fb56143b67468410
Instruction ID: 2494a28ba0050307a19540f6ad3af4bdf907f10147bec4d63549bad030079d3f
Opcode Fuzzy Hash: 372658cda52cc96cc4461ed1a8d51162d7c4e441cea84b11fb56143b67468410
Instruction Fuzzy Hash: D701FF74610501DBC304DB64D998965B722FF8A36CB24CA58D81B8B395DB77E803CA80

Function 0791AFC6 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8b1010137bed5f72a9bcafdc7555b402c7b9b797e8b1239d0066bb0b465cc18
Instruction ID: 6eda9d27d115b2d0a6c041f57285b70bd4ba25307a001fabe81d270016e6f073
Opcode Fuzzy Hash: d8b1010137bed5f72a9bcafdc7555b402c7b9b797e8b1239d0066bb0b465cc18
Instruction Fuzzy Hash: E1018C34A00615DFC711EB68C8549A8B7B2FF8A310F11C699D51A6B3B5DB31EE82CF80

Function 0796D328 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e18a52198f707e2a0177d5e6cb96b87597bac9e90b75552a09fb1f586ed6f7d
Instruction ID: 2a88d7942e67ce516a72f1e13922ffbdbdd717d5ce5f5e919354826156cbb971
Opcode Fuzzy Hash: 3e18a52198f707e2a0177d5e6cb96b87597bac9e90b75552a09fb1f586ed6f7d
Instruction Fuzzy Hash: 65F096B1F142568FDB40DFB894854AD7FB0EA55258B1001A7D558DB301E3258551D791

Function 0796C4D8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80330530079165ddc2c82afbcab5e7c023467ddd12bb86400d0e140fd195031b
Instruction ID: 8e549ec547cbf83e08c419a1787cc76cb4e8523b4b11d51841d6a84e1e77bd59
Opcode Fuzzy Hash: 80330530079165ddc2c82afbcab5e7c023467ddd12bb86400d0e140fd195031b
Instruction Fuzzy Hash: DCF0C8302007008BC324AF29F84442A7FAEEBC5761310473DD19B876D8CF34E815CB95

Function 0786C308 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79c07fdb377e087857d5b089c355cd4ae7e37ef4d99157c4ebbab9c1ebc5370a
Instruction ID: b641c7effedbc7f6b898f5c78200282f651f2b6e1ee09b0e08a3c214ff40dedd
Opcode Fuzzy Hash: 79c07fdb377e087857d5b089c355cd4ae7e37ef4d99157c4ebbab9c1ebc5370a
Instruction Fuzzy Hash: 28F0B471F04208BBD715DAA5D450A9EB7EADBC4754F1080BAE515DB344DE31A9028BA1

Function 0244D5DB Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4430978761.000000000244D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0244D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_244d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a94959efab0bf56f0ddbd0ee5267831e495b2a736d9626f06b91b9eb0dabee0
Instruction ID: 32ea8c722f7d177656c0af57fd910869a4c5a871b22eaf969a5bee317a8b201d
Opcode Fuzzy Hash: 9a94959efab0bf56f0ddbd0ee5267831e495b2a736d9626f06b91b9eb0dabee0
Instruction Fuzzy Hash: 80F0E776600A00AF97208F0AD985C27FBADEBD4674719C55AE84A4B612C671EC42CAA0

Function 0796F21A Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4af4e89c6ba71fd737267277fb96359a8e049a7d7d28f00a73a906f727f28df3
Instruction ID: e61a99017caf6401086619fdd2481c489477cc089a9b8b8cd8dfdc743472503c
Opcode Fuzzy Hash: 4af4e89c6ba71fd737267277fb96359a8e049a7d7d28f00a73a906f727f28df3
Instruction Fuzzy Hash: 98F08272B4402ACFCB11EEACFC848DCBB71EB54755B014676DA44DF166DB31855A87C0

Function 0786DF6B Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3176b6c6ccca40b0dc69c4ea61858a7e01d780b7343623ce2968a595f14dfbd1
Instruction ID: 2f9a441972dba0ff8ad29073abc555bf6f8215d7d1c74c6cf2e481173ebf9014
Opcode Fuzzy Hash: 3176b6c6ccca40b0dc69c4ea61858a7e01d780b7343623ce2968a595f14dfbd1
Instruction Fuzzy Hash: 02F0242530C3D15FEB43277894257EA7F728F82420B5880B7D486CBA43CE58182587D1

Function 0244D730 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4430978761.000000000244D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0244D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_244d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cac8964883e2c7519795bb0383a61612d71dd550dbca553e196a8e748c65cab5
Instruction ID: cc9ab9c7b6f4adba9cf7161b8940bd864003671287f8e33ba6bfa72dbf6f1cf6
Opcode Fuzzy Hash: cac8964883e2c7519795bb0383a61612d71dd550dbca553e196a8e748c65cab5
Instruction Fuzzy Hash: 72F0C271404744DAF7108A16D984B67FFD8EF81334F18C45BED084B386C3799840CAB0

Function 07866F73 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 288c2385c44fea8abdc8488e0055e56aaf36a9ed6fed5365b9edb146873db90c
Instruction ID: bc1951fd36e9998f82a7badfae5140af1f82010a4457da27d230bea1cc22de11
Opcode Fuzzy Hash: 288c2385c44fea8abdc8488e0055e56aaf36a9ed6fed5365b9edb146873db90c
Instruction Fuzzy Hash: E1F0E932305390EFDB024F65980459A3FAEDFC721130480AEF445CB252C636ED47DB90

Function 0244D5CC Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4430978761.000000000244D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0244D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_244d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e38f2574d63672a2ed625aade2d491cee3befea5e22e4f15fb254130d2b020f
Instruction ID: 82cb7b7615634256d00ed5a36a338532c8d44019682ed716c0e4f2b2676461c1
Opcode Fuzzy Hash: 4e38f2574d63672a2ed625aade2d491cee3befea5e22e4f15fb254130d2b020f
Instruction Fuzzy Hash: 9DF0EC75504A80AFD725CF06C985C23BBB9EF897607198489E85A8B762C675FC42CF60

Function 0791A5A1 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6b05dee9deef6189c32e6a511d5fbba8af8274276a2fa8a2f60deff3c16849a
Instruction ID: b599fee56e97ceaea5d3dcc520c4faef9adedd797a095258b86bb3440445cf36
Opcode Fuzzy Hash: a6b05dee9deef6189c32e6a511d5fbba8af8274276a2fa8a2f60deff3c16849a
Instruction Fuzzy Hash: E1F0BEB1209B058FC329CB56E4549A6BBF5EF45615704C4AFE08ACBAA1CB70FC80CB81

Function 0796EFBF Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64eb91c42e851cdb4bb33910ef79e51aa6b828507a356fae703c4d6eaa48db95
Instruction ID: 4838ccc068332eec123bb73f37e4da6e2a49733889ee2c517becb11306567971
Opcode Fuzzy Hash: 64eb91c42e851cdb4bb33910ef79e51aa6b828507a356fae703c4d6eaa48db95
Instruction Fuzzy Hash: B4F062B5600105CFCB00EF68ED8989CB771EB45364B104775E9258B2A5DB31981ACB80

Function 07866DF0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9d3f9b499173d96a03d51024eb5807430ae68e619f6af31a1a61ee48d01fad4
Instruction ID: 886596c35e232ec5cbe096ce5427cb9c619fb8049f4295f7663e3afa9148a78b
Opcode Fuzzy Hash: e9d3f9b499173d96a03d51024eb5807430ae68e619f6af31a1a61ee48d01fad4
Instruction Fuzzy Hash: F3F05E36A0021CFFCF51DFA5D8048DEBBB9EF48355B20C06AE918D6210E732DA65DB90

Function 0786B140 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e092f405fcfa53acb9ec985b7f12251491193fbeb521a72ffcafeb398d36246
Instruction ID: 28e4d87085c3f133281b760d844710fee883fb887504738791b5a3f69aa97ea7
Opcode Fuzzy Hash: 9e092f405fcfa53acb9ec985b7f12251491193fbeb521a72ffcafeb398d36246
Instruction Fuzzy Hash: 55F0A77120A3847FC7074A24D4219963F555F52360B148096E548CF262C632DD86CBA1

Function 0796F420 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb6a70ddd3ccd406c1c956ebf0b9dfe502117cef0209669e40ba80f39f39ec71
Instruction ID: 6127f3fba648dcaa89259743fef4c0550782456239d79a9f86dfdc97f4434d8a
Opcode Fuzzy Hash: eb6a70ddd3ccd406c1c956ebf0b9dfe502117cef0209669e40ba80f39f39ec71
Instruction Fuzzy Hash: C0F0A07111A389DFC7062B7465080597FB59F4620570844BBF8D4CA322DB3A8459D762

Function 07866FBF Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fcc1e92682bc3377bdcb9f08031f03d99eac91110d0ed086f53274fd22e8007
Instruction ID: c12f2e14c877fff7cd2d55535e62adaed32715352eb7c1703f704f2552785813
Opcode Fuzzy Hash: 6fcc1e92682bc3377bdcb9f08031f03d99eac91110d0ed086f53274fd22e8007
Instruction Fuzzy Hash: 2AF0E5333082505FC305AB29E8408D7BBAAEFDA22131500ABE109C7732C9209C51C650

Function 07861B48 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 110f250df369e49cc98d4a8fcf677a9a2315827f0461f9abce65612942ea867b
Instruction ID: df5751de4c0a0720fd901cf95868ce5fff728133c56e4eab777cf7b9214e8ad8
Opcode Fuzzy Hash: 110f250df369e49cc98d4a8fcf677a9a2315827f0461f9abce65612942ea867b
Instruction Fuzzy Hash: 20E068A6B082643BD312227AB8544FF3FDE8BCA6723A4807FE108C7342CC195C0543B1

Function 0791B29F Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb2c3fc2e550dbcb670ee39cdeb459e6250981176a70d1b3b7de2a0157b9d396
Instruction ID: 76de07022100d1c1381e7cd63a7e8c6f9267f3f747e426f4df4aa7f0a6b22dce
Opcode Fuzzy Hash: cb2c3fc2e550dbcb670ee39cdeb459e6250981176a70d1b3b7de2a0157b9d396
Instruction Fuzzy Hash: 6C014B35910619DFCB01EB64C8548A9B7B2EF8A310F0585D9E6092B371DB319A91CF81

Function 07861C98 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c24d9b9aea43334ae346ab8faf4cc9947aacb5193e9230655720ab2bf76f9cb
Instruction ID: 9cbd1c32ab2938dcd2c4a5a9eaa753515fbec6bf15600265eb09240e3a2b8272
Opcode Fuzzy Hash: 5c24d9b9aea43334ae346ab8faf4cc9947aacb5193e9230655720ab2bf76f9cb
Instruction Fuzzy Hash: 7DE0D8B1F443955FE713D638AD156AF27F68B96320B084576D005CB796DF24EC1983C1

Function 0791C591 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0af833496e959f0638a8b25067775d983080847da2935b3384372e68ca132ff8
Instruction ID: 3ca31006b257152ef328ed505dc9543660f42ef4b62edcb8e0641f5d25f59e73
Opcode Fuzzy Hash: 0af833496e959f0638a8b25067775d983080847da2935b3384372e68ca132ff8
Instruction Fuzzy Hash: 52E0D873A093595F8705DBF5E8404DEBFF9DE87160F04C0ABD409D7151E631860187D1

Function 07965218 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6385e174b5dd083734363fdc558b6ffb2e9ccedcaa25d8c4b709d7491a4070f2
Instruction ID: a56ded26eee73a8ae353d410ba8fb595105d87789e443f62203977b8d8964d99
Opcode Fuzzy Hash: 6385e174b5dd083734363fdc558b6ffb2e9ccedcaa25d8c4b709d7491a4070f2
Instruction Fuzzy Hash: 08E026B22093D22FC352126D28148AB3FEE89EB16032E41B3F944C3302C9658D2693B2

Function 0786B180 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b1c559f88a9acd6f14f547eb49126314a9fcefd6d523af8f56266d8b809abf1
Instruction ID: 28024debbc9aa58caf6df8e638dcdecfb05812d313702b53d16a320dd3124d6e
Opcode Fuzzy Hash: 2b1c559f88a9acd6f14f547eb49126314a9fcefd6d523af8f56266d8b809abf1
Instruction Fuzzy Hash: 22E02BF1B042887EDF52A6B4A8047A9BF725B15518F2041A7D90CCB141E0218A1283C2

Function 07866DE3 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8e4b6fa2bdae03340f7d7293d964e6a92a0e30778cd8e9615d79ab70b445432
Instruction ID: b9e683b3a69ed535bde5e6acb38de8b8fb4e8b062f3eb675dda8f2c8031180d3
Opcode Fuzzy Hash: a8e4b6fa2bdae03340f7d7293d964e6a92a0e30778cd8e9615d79ab70b445432
Instruction Fuzzy Hash: 42F0A032904248EFCB42DFB5D8099CABFF8AF09210B14C0AAE908C7112F2328A15CB91

Function 07863CCF Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bd0a0ed6c4ea1c9676626dafcdea44b4ea5e3cf26d3fc11a91ba3dfe2dd0c7b
Instruction ID: 3607b7d1ae3f2d6dc1f3613340c7919dbcb3e569e6fdbc8cdc749f1babe18ab2
Opcode Fuzzy Hash: 5bd0a0ed6c4ea1c9676626dafcdea44b4ea5e3cf26d3fc11a91ba3dfe2dd0c7b
Instruction Fuzzy Hash: 47F08278300141EBC704EB39E9958297767FBC9368B208569E417CB384CB32DD03CB80

Function 07866F80 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45b085209d8a20f65217a6702ebc9c139289946b3729b57133d202641d4b6330
Instruction ID: 5b07434e6e455e51d05de3ffc085dbdb73e206b82947aa556effbd56473056a1
Opcode Fuzzy Hash: 45b085209d8a20f65217a6702ebc9c139289946b3729b57133d202641d4b6330
Instruction Fuzzy Hash: 2BE04F36301314EBCB055F66E8049AEB7AEEFC9221314807EF809D7391CA36E852CB90

Function 0786DB14 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee1da47ec399a68bb098207008481b5e81ea62953b6b7127f1a02a6b482444e8
Instruction ID: 7fcf4cce5c569aebe55acef052b096adc2c3828b40640d57a2c2d383dab0b23c
Opcode Fuzzy Hash: ee1da47ec399a68bb098207008481b5e81ea62953b6b7127f1a02a6b482444e8
Instruction Fuzzy Hash: 77F08270B00205AFC704DB58C898468BBB5FF99318714C55AD817D7396DB71D903CB90

Function 07867120 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8894a1012b697383c5b0d3d40ed4439e0a125f11952a156de35398d3f117f073
Instruction ID: 82f4a3cf3bf952fb64db68b1bfa62a5ea74f1daed827dbc5a05ac0a4aa3dbca0
Opcode Fuzzy Hash: 8894a1012b697383c5b0d3d40ed4439e0a125f11952a156de35398d3f117f073
Instruction Fuzzy Hash: F2E08CF2304320AFDB229A78E8084A47FF8DF1A57532604A3E508CF622EA21DC41CBD0

Function 07863ED8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 878d875f9763dc0be113adba5c87ca200baf8230359f761e6862e792d2962c7b
Instruction ID: df097673be83d7ae69554e974813c121ed7d2085a41997ec543ebf2b0ebab2ab
Opcode Fuzzy Hash: 878d875f9763dc0be113adba5c87ca200baf8230359f761e6862e792d2962c7b
Instruction Fuzzy Hash: 1FF0C0743002469BC704EB75E95582A77A6EBC9768B20D569E817873D9CB32DD03CB90

Function 07863E40 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7db6156055d933da0d75fa5e51b486485f259a70ccbc19aa102fc6bffd5854a
Instruction ID: 12b80e77c3e6e8548139db2b691b3d6e1cc105f61edbcd684b442d991510728c
Opcode Fuzzy Hash: e7db6156055d933da0d75fa5e51b486485f259a70ccbc19aa102fc6bffd5854a
Instruction Fuzzy Hash: 63F030743002059BC304EB35D95582A77A2EBC9368B209569E8278B3C8CB32DD03CB80

Function 078642BA Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c34eff3acf308648234bde8981957f0a05b743ca7dca8e1c5b3049136c2b344
Instruction ID: 058bc71d66e7bf4a8aae82eae3acf85bcae92d042fb9a6c1d4ab9c2b781e581a
Opcode Fuzzy Hash: 4c34eff3acf308648234bde8981957f0a05b743ca7dca8e1c5b3049136c2b344
Instruction Fuzzy Hash: A7F030743001019BC304EB35D95582A7766FBC9368B209568E8178B3D8CB32DD03CB90

Function 07867130 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bcf0559f2dde504e87a7ed57d90e4f0a98d50ac2d7c3751859977e9a71be15d
Instruction ID: 3271bdeff04141e53a1d08614546252af19d33fc33e921b38a4006649227e921
Opcode Fuzzy Hash: 5bcf0559f2dde504e87a7ed57d90e4f0a98d50ac2d7c3751859977e9a71be15d
Instruction Fuzzy Hash: 72E046767102248FC744EF7CE40C8557BE8EF8CAA931180A6E50ECB325DA71DC008B80

Function 07861B58 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c9fa372153452d59b30d73f48820531f50b700c724bb9ef732d38a177d9c6a5
Instruction ID: eb603b504f1c5e59a3cc057b70247457e3c41da9d8eda090367884d4efe6ad96
Opcode Fuzzy Hash: 5c9fa372153452d59b30d73f48820531f50b700c724bb9ef732d38a177d9c6a5
Instruction Fuzzy Hash: AAD05B6670412427575475AFA8548AF7ECEC7CD9B1354803FF20DC3341CD659C0657B5

Function 0796B294 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8cfd9e825e66ff21c60d61d5b440e3cfa7a95b2c39446e4ab75085ea8d9db00
Instruction ID: 5a75941bea0646b884af7f6e9ff17e7645327f7aa776377baed2f3ecff22e7ef
Opcode Fuzzy Hash: e8cfd9e825e66ff21c60d61d5b440e3cfa7a95b2c39446e4ab75085ea8d9db00
Instruction Fuzzy Hash: 6BF039B4204142CBC714DB28D99982DB763FB86369B348A68D8229B3D4DB32DC03CB10

Function 0796F1B0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b38ec28ad1413251030f7bb2bab3e27b93c38b9e9bce4c96953f75cfbeeeb841
Instruction ID: d52dee2415e35a497f3bf8a02f2441dbbabc8b37f57caa6b36c0aa17416cb2d4
Opcode Fuzzy Hash: b38ec28ad1413251030f7bb2bab3e27b93c38b9e9bce4c96953f75cfbeeeb841
Instruction Fuzzy Hash: 55E01A36640019CFCF00AF98E8848DDB770FF48315F1041B6E9089B23ADB31995ACB90

Function 0791A570 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7da2ee0841ad08fd65cb66bf8fcb6e612a2e417b095d898b1923a2e2ff92930d
Instruction ID: ab93bbb7fab10413d56a6a5e7ea5cd94a1ff5215c98cd56db7cd024ad37460a8
Opcode Fuzzy Hash: 7da2ee0841ad08fd65cb66bf8fcb6e612a2e417b095d898b1923a2e2ff92930d
Instruction Fuzzy Hash: A9D05E2134D7A21BC30763A8B8125E97FAD8B4B561B0400D7E459CB693DE454D8587F7

Function 07861CA8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef70292ba9b271fc84e50f596ff79d45ef420b8832a40adcd88f28567c605ddd
Instruction ID: 51ab13ac7540ce4df4da4773dda9b8e9e25bbb13924adbb2b6e798c9af1f8de3
Opcode Fuzzy Hash: ef70292ba9b271fc84e50f596ff79d45ef420b8832a40adcd88f28567c605ddd
Instruction Fuzzy Hash: 1CD02E30B003185BE324EA3EE800A6B33DF9BC0214F004934E40ACB748EF60EC0583C0

Function 0791A958 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fee5a5219b5b2eb5d982d16ad385defc28753eb95e3204a5ec57fa885a6d3350
Instruction ID: a1ad3b155d676dfc71aed536a33fd262037de95f59b070a72e27b1a56edd3f95
Opcode Fuzzy Hash: fee5a5219b5b2eb5d982d16ad385defc28753eb95e3204a5ec57fa885a6d3350
Instruction Fuzzy Hash: CED05E31700118574348E25EE45083BB7DFCBC9538328807AD90DC7345CE62EC0383D6

Function 0786B150 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d548c264010db39fda159c15488965947e551aa9a5aa1dbc8f4e2371c94a3755
Instruction ID: 7022bf39546639edb0319a2fe0b8ccfa2eee5a417ae2bb461898abf984c27e1b
Opcode Fuzzy Hash: d548c264010db39fda159c15488965947e551aa9a5aa1dbc8f4e2371c94a3755
Instruction Fuzzy Hash: 46E0C271300208BBCB059E24D400A5A7BAAAF857A0F24C069F90CCF350CB32DD52CB90

Function 0796F430 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78cc634aeaaf85c0f881fc6f18e7f57fc345808ab7a40886f5f8710322485b6b
Instruction ID: bd06029fa571a24fa5786908ac6ec8c830a3575231d099c5fb696db370ac0a7a
Opcode Fuzzy Hash: 78cc634aeaaf85c0f881fc6f18e7f57fc345808ab7a40886f5f8710322485b6b
Instruction Fuzzy Hash: A2E01231601318DBC7153B74B40846D7BA5EF89255700847DF85586310DE36C895D791

Function 0786DF98 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b21ec6348a66e2e03f727d2abada555463be856a7900e0a1b50f27e6c3a887b
Instruction ID: 16a0ea5a3cc5d3a672afd95353bb56e2967bbeca6298b5d205b5cc44d10383c3
Opcode Fuzzy Hash: 6b21ec6348a66e2e03f727d2abada555463be856a7900e0a1b50f27e6c3a887b
Instruction Fuzzy Hash: 6BD02E3034022027F6483674E81523E328BDBC4EA1B008038E503CB388CEA12C1107C4

Function 0796D394 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7e826a42842d80b6f1f9c65ef9f062abf05cb6d18f2bdf5d574cacabbfadfca
Instruction ID: 12200df2324016256036de74d7b61a4ad9982f3aa2da96021388257eefb6f344
Opcode Fuzzy Hash: e7e826a42842d80b6f1f9c65ef9f062abf05cb6d18f2bdf5d574cacabbfadfca
Instruction Fuzzy Hash: 61D0C7E271D2908FCB618B288C988203B60EE2720870902DAE566CF272E245C815C380

Function 0796D338 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e95d28ded14bb10aaabc5bf1c038657deddc654f5ee87b53fccc4d66a12e7986
Instruction ID: dfb656a8af580589fc9de9f285e43d6b79546389d13d7d1b194c7575dd8d2fad
Opcode Fuzzy Hash: e95d28ded14bb10aaabc5bf1c038657deddc654f5ee87b53fccc4d66a12e7986
Instruction Fuzzy Hash: ADE0ECB0E04209CFCB84DFB8D54596DBBF4FB08204F1045AAD518E7310E7319A408FC1

Function 0796F491 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9714a00e2e1ab8087e337ac451b581217f7394a7f9d3278ea63b2e6bcc2645b6
Instruction ID: 69b6eb4ba9b611ba62c5c3ecf549cc8b88725489d4b9409416e95b25b1132c05
Opcode Fuzzy Hash: 9714a00e2e1ab8087e337ac451b581217f7394a7f9d3278ea63b2e6bcc2645b6
Instruction Fuzzy Hash: 68E0EC300096C4DEC7029B74A4485887F70EF16215B2445DED489CB563CB36846AD722

Function 0786CF88 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb2908c904bf7796e7835e5ee8aeffe5977cc05708ea582936d842eb4a6f7f19
Instruction ID: 371ad65bf9348c3380c906ae8bb815194af0ca5f3b0322779dd3538b2fb23857
Opcode Fuzzy Hash: eb2908c904bf7796e7835e5ee8aeffe5977cc05708ea582936d842eb4a6f7f19
Instruction Fuzzy Hash: 6BD092B6419340EFCB065A70A9109847F71EF5330575A409BD1898AA62C23BDAA6D750

Function 0786DBE9 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d5a61f46bbbc621815174a607f1eeab1ecda99ab824ef4e5207a12c1aa4b812
Instruction ID: f086a0f944ad8ef53b3eb1f25cee04aa1f57ef1522cab5d72debde2b87804b5a
Opcode Fuzzy Hash: 4d5a61f46bbbc621815174a607f1eeab1ecda99ab824ef4e5207a12c1aa4b812
Instruction Fuzzy Hash: D6D067B5710006EFC748DB19D4A49A5F7A1EF98358B198499940A9B706DB32A903CF90

Function 078641E5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6fe92cafeda7f260b5a9e0b35c1fa74dc94c3bf8672ff480267ab5b0e29f5e4
Instruction ID: 86f221ee6fcf0a37813f6ebeaa3d62510124677eb5e9bf84c444c7e9fd9fbe3d
Opcode Fuzzy Hash: b6fe92cafeda7f260b5a9e0b35c1fa74dc94c3bf8672ff480267ab5b0e29f5e4
Instruction Fuzzy Hash: 39D0A7742002459FC301DB24D8958267B71FBCA320720C188E812873C5CB319D03CB51

Function 0786C8D0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cac1ebd30cc301f3b0e5b35bb90f06a6c37321b66d60c8cd805c326c8fce58b
Instruction ID: 09ad36a03e3aca49ae6379f857bf71fe1cd5e969249fb496835e327c9ca609ea
Opcode Fuzzy Hash: 8cac1ebd30cc301f3b0e5b35bb90f06a6c37321b66d60c8cd805c326c8fce58b
Instruction Fuzzy Hash: 93C08C963CB2E10EF72322B0E4280F03F324B1757430C08C3E0CCCB89289043C6453A1

Function 0786C288 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b6fa78ceda5686613fb524c8c8197172fefca56093c2cd7b6de9d2a4165d378
Instruction ID: 0720d7528586fe544374811436d0c90b68d996514849aa60c0684a04c0908cc2
Opcode Fuzzy Hash: 5b6fa78ceda5686613fb524c8c8197172fefca56093c2cd7b6de9d2a4165d378
Instruction Fuzzy Hash: A5C02B3170032C4BC3043279700905977CDAACB06A3000075E91DC3700CDBADC4187D4

Function 0791A580 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4a88c0a58802ff4f3816a4feff2e9be01c70eebd681be75e8a58051d9f5d190
Instruction ID: 396e1a78b0b5acbea0177c9b0c371bf1945eb080e29a08d46cd8623403d48f1c
Opcode Fuzzy Hash: e4a88c0a58802ff4f3816a4feff2e9be01c70eebd681be75e8a58051d9f5d190
Instruction Fuzzy Hash: 78C09B3131473517D708229DB415ABD77CE8789665F000067E52EC77515DD59C4102EA

Function 0791C8C8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1761fb0a3c847d09c2315638f7c23128816a2f35e6d1366bf1ce4fa496c97b41
Instruction ID: f72853291369a660c40f462d8df12f8c1c5152df246e2f404b8937688bc406c3
Opcode Fuzzy Hash: 1761fb0a3c847d09c2315638f7c23128816a2f35e6d1366bf1ce4fa496c97b41
Instruction Fuzzy Hash: 5EB09B6135413913D60871DD6420ABD728E47C5574F400167951D877415CC59C5202DF

Function 07863FFC Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb13e3dca22b1cbb5937b15a0da958b5fdbd9862bf8b90e8f638c355c4fb97da
Instruction ID: 6340bb38ba97bf6cfa1d8b6381ba673d8e00961c3e1881dca06d5aa9509d47e3
Opcode Fuzzy Hash: fb13e3dca22b1cbb5937b15a0da958b5fdbd9862bf8b90e8f638c355c4fb97da
Instruction Fuzzy Hash: 02D01278300105DBC304DB24D8A5839B762FBC9364724C51CE826C73C4CB319C03CB50

Function 0786F6F9 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1b2211af4f1a8b38b61c3a2ebc164e4d0de1a2d4130e7109290289a59474f63
Instruction ID: 1dfa5bf4dd3fc18ae92a67aa8ed8710b66466aa3173cfa50c697ba383831ea7b
Opcode Fuzzy Hash: b1b2211af4f1a8b38b61c3a2ebc164e4d0de1a2d4130e7109290289a59474f63
Instruction Fuzzy Hash: 84D0C934600105DFC304DF64E55985CBBB1EB892147208159D417A7394CB32DD02CB10

Function 078641C2 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17720a713750089abe26af49583f340258030d9b6eb5305887e29e5b41f73aac
Instruction ID: 5eb61f3ef7c112fa7df69d748cb186dc3a165a692985f67ae4737f11a4996ba2
Opcode Fuzzy Hash: 17720a713750089abe26af49583f340258030d9b6eb5305887e29e5b41f73aac
Instruction Fuzzy Hash: 08C012383001049BC204DB75E8A9428B762EBC9324324D52EE81387399CB32DC03CA80

Function 0786DC53 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5dc24e352d45b723050016a026f4a7a38345587854e5dc44d81ec9ec287c368
Instruction ID: 4b04f142e6d477d73afd5c7b0c25568be58a11e9d745d232318bf3572a4d4b6c
Opcode Fuzzy Hash: f5dc24e352d45b723050016a026f4a7a38345587854e5dc44d81ec9ec287c368
Instruction Fuzzy Hash: B8C01230A00101AFC744DB25D458828BBA2EB8D208714C029841BC7305DB329803CF40

Function 078640CF Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 077e4e10e58c6e7e7b26b12f8e0e92427a15cbf9277b3254bf9eda2207fe889a
Instruction ID: b3bb462828e02f3cc996520b3861c83f9351c8892a2cd8ba4fe4ae1dc8078e1b
Opcode Fuzzy Hash: 077e4e10e58c6e7e7b26b12f8e0e92427a15cbf9277b3254bf9eda2207fe889a
Instruction Fuzzy Hash: E0C04C383001059BC245DB34D599439B762EBD9368B24D559E8168739DCB36DC03CBC1

Function 07915464 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40c120806d26e4fbd8a921da137dedbd5d2d4c820e0c35a1993ab92f4b7158e2
Instruction ID: dd1d496b994a3690b9d6c1e6ccc175af82752c48a18a1684f418c08b34b3c4bd
Opcode Fuzzy Hash: 40c120806d26e4fbd8a921da137dedbd5d2d4c820e0c35a1993ab92f4b7158e2
Instruction Fuzzy Hash: F4A004555D5115C3F54573350FD5435540DDFC371C7C4DC515111F0015DD7DD5155015

Function 0786C8E0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4439712975.0000000007860000.00000040.00000800.00020000.00000000.sdmp, Offset: 07860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7860000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 356c48f5b163c1ba7ff6f8c37a9236722989d844cd808a99914b798dcd9b17ea
Instruction ID: 4de545fc7484baefd66c08c05ce660195482f5c9c1b134f826491be0c6b35eb6
Opcode Fuzzy Hash: 356c48f5b163c1ba7ff6f8c37a9236722989d844cd808a99914b798dcd9b17ea
Instruction Fuzzy Hash: 4DA0026655531C02A50431DA6412565738E4785A19F404869A60D0B6811E457C6010EA

Non-executed Functions

Function 6E153670 Relevance: 84.3, APIs: 44, Strings: 4, Instructions: 316encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,00000000,00000400,00000002,00000000,?,?,?,00000000,00000000,00000000), ref: 6E1536D7
LocalFree.KERNEL32(00000000), ref: 6E1536FA
LocalFree.KERNEL32(00000000), ref: 6E153710
LocalFree.KERNEL32(00000000), ref: 6E153726
LocalFree.KERNEL32(00000000), ref: 6E153736
LocalFree.KERNEL32(00000000), ref: 6E153746
CertFreeCertificateContext.CRYPT32(00000000), ref: 6E153756
CertCloseStore.CRYPT32(00000000,00000000), ref: 6E153768
CryptMsgClose.CRYPT32(00000000), ref: 6E153778
CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,?), ref: 6E153793
LocalFree.KERNEL32(00000000), ref: 6E1537B6
LocalFree.KERNEL32(00000000), ref: 6E1537CC
LocalFree.KERNEL32(00000000), ref: 6E1537E2
LocalFree.KERNEL32(00000000), ref: 6E1537F2
LocalFree.KERNEL32(00000000), ref: 6E153802
CertFreeCertificateContext.CRYPT32(00000000), ref: 6E153812
CertCloseStore.CRYPT32(00000000,00000000), ref: 6E153824
CryptMsgClose.CRYPT32(00000000), ref: 6E153834
LocalAlloc.KERNEL32(00000040,?), ref: 6E153847
LocalFree.KERNEL32(00000000), ref: 6E15386A
LocalFree.KERNEL32(00000000), ref: 6E153880
LocalFree.KERNEL32(00000000), ref: 6E153896
LocalFree.KERNEL32(00000000), ref: 6E1538A6
LocalFree.KERNEL32(00000000), ref: 6E1538B6
CertFreeCertificateContext.CRYPT32(00000000), ref: 6E1538C6
CertCloseStore.CRYPT32(00000000,00000000), ref: 6E1538D8
CryptMsgClose.CRYPT32(00000000), ref: 6E1538E8
CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,?), ref: 6E153905
LocalFree.KERNEL32(00000000), ref: 6E153928
LocalFree.KERNEL32(00000000), ref: 6E15393E
LocalFree.KERNEL32(00000000), ref: 6E153954
LocalFree.KERNEL32(00000000), ref: 6E153964
LocalFree.KERNEL32(00000000), ref: 6E153974
CertFreeCertificateContext.CRYPT32(00000000), ref: 6E153984
CertCloseStore.CRYPT32(00000000,00000000), ref: 6E153996
CryptMsgClose.CRYPT32(00000000), ref: 6E1539A6
LocalFree.KERNEL32(00000000), ref: 6E153A59
LocalFree.KERNEL32(00000000), ref: 6E153A6F
LocalFree.KERNEL32(00000000), ref: 6E153A85
LocalFree.KERNEL32(00000000), ref: 6E153A95
LocalFree.KERNEL32(00000000), ref: 6E153AA5
CertFreeCertificateContext.CRYPT32(00000000), ref: 6E153AB5
CertCloseStore.CRYPT32(00000000,00000000), ref: 6E153AC7
CryptMsgClose.CRYPT32(00000000), ref: 6E153AD7

Strings

E, xrefs: 6E1539E4
~, xrefs: 6E1539C8
Z, xrefs: 6E1539B3
h, xrefs: 6E153A00

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Free$Local$CertClose$Crypt$CertificateContextStore$Param$AllocObjectQuery
String ID: E$Z$h$~
API String ID: 4286058620-1241516678
Opcode ID: 1d531f59d80e621a4c110783d72d70f1373a8433e7cda3a8e00d34d619be7293
Instruction ID: c13c93a3f934f5d3c720a2fdf80f2824c0098ddeccf8657987a75609d8432fea
Opcode Fuzzy Hash: 1d531f59d80e621a4c110783d72d70f1373a8433e7cda3a8e00d34d619be7293
Instruction Fuzzy Hash: 17E129B1D10219EFDF51CBE4C84CBEDBBBAAB15305F108598E125A7284C3799AC5EF21

Function 6E15B100 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 87memorytimefileCOMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(00000104,?), ref: 6E15B118
GetSystemTime.KERNEL32(?), ref: 6E15B125
GetDateFormatA.KERNEL32(00000400,00000000,00000000,dd'd'MM'm'yyyy'y',?,00000014), ref: 6E15B142
GetTimeFormatA.KERNEL32(00000400,00000000,00000000,HH'h'mm'm'ss's',?,00000014), ref: 6E15B15F
CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 6E15B1FC
GetProcessHeap.KERNEL32(00000000,00000018), ref: 6E15B20B
HeapAlloc.KERNEL32(00000000), ref: 6E15B212
InitializeCriticalSection.KERNEL32(00000000), ref: 6E15B223

Strings

RuntimeLog, xrefs: 6E15B18F
HH'h'mm'm'ss's', xrefs: 6E15B151
dd'd'MM'm'yyyy'y', xrefs: 6E15B134
.txt, xrefs: 6E15B1CF

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: FormatHeapTime$AllocCreateCriticalDateFileInitializePathProcessSectionSystemTemp
String ID: .txt$HH'h'mm'm'ss's'$RuntimeLog$dd'd'MM'm'yyyy'y'
API String ID: 3586126689-1436097571
Opcode ID: 8418f965659f4fa5481a5b14d2c6a239140eb7a98ab6854e0ede00106f4f991b
Instruction ID: bd9a4e0f11f6f9419e03e27dfb9bdb18e4ee9b6f47c651197daab83f08388940
Opcode Fuzzy Hash: 8418f965659f4fa5481a5b14d2c6a239140eb7a98ab6854e0ede00106f4f991b
Instruction Fuzzy Hash: 443178F2A4061CBBDF20DBE08D8DFEE777CA714706F0044A1B709E6180E77066999B64

Function 6E153470 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124encryptionmemorystringCOMMON

Download Yara Rule

APIs

lstrcmpA.KERNEL32(00000000,1.2.840.113549.1.9.6), ref: 6E1534C4
CryptDecodeObject.CRYPT32(00010001,000001F4,?,00000000,00000000,00000000,?), ref: 6E153519
CertFreeCertificateContext.CRYPT32(00000000), ref: 6E153532
LocalAlloc.KERNEL32(00000040,?), ref: 6E153546
CertFreeCertificateContext.CRYPT32(00000000), ref: 6E153563
CryptDecodeObject.CRYPT32(00010001,000001F4,?,00000000,00000000,?,?), ref: 6E1535BC
CertFreeCertificateContext.CRYPT32(00000000,?,?), ref: 6E1535D5
CertFreeCertificateContext.CRYPT32(00000000), ref: 6E1535F8

Strings

1.2.840.113549.1.9.6, xrefs: 6E1534B1

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: CertCertificateContextFree$CryptDecodeObject$AllocLocallstrcmp
String ID: 1.2.840.113549.1.9.6
API String ID: 335881361-2921522063
Opcode ID: 177bb3afc0fef92d9e8307050b8e6ae08c9391245ce6482d7df429ed0ed6788c
Instruction ID: 58eacf5a2525022f192bfe19a4213d6007e912b3a16158f8489e027c3ce41a9c
Opcode Fuzzy Hash: 177bb3afc0fef92d9e8307050b8e6ae08c9391245ce6482d7df429ed0ed6788c
Instruction Fuzzy Hash: D2514DB4A10209EFDB04CF94C589FAEBBB9FB49314F10C0A9E9159B394C771AE85DB50

Function 6E153499 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55encryptionmemorystringCOMMON

Download Yara Rule

APIs

lstrcmpA.KERNEL32(00000000,1.2.840.113549.1.9.6), ref: 6E1534C4
CryptDecodeObject.CRYPT32(00010001,000001F4,?,00000000,00000000,00000000,?), ref: 6E153519
CertFreeCertificateContext.CRYPT32(00000000), ref: 6E153532
LocalAlloc.KERNEL32(00000040,?), ref: 6E153546
CertFreeCertificateContext.CRYPT32(00000000), ref: 6E153563
CertFreeCertificateContext.CRYPT32(00000000), ref: 6E1535F8

Strings

1.2.840.113549.1.9.6, xrefs: 6E1534B1

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: CertCertificateContextFree$AllocCryptDecodeLocalObjectlstrcmp
String ID: 1.2.840.113549.1.9.6
API String ID: 2299954700-2921522063
Opcode ID: 75aa769f085ae45cda8d1210bc581d6b45b209c3a1787a20e732ba9493cc0e9c
Instruction ID: 150ec8ec554c6f6b93f40924755ceaf50500ecc506bdf5ba3885835b138f48ee
Opcode Fuzzy Hash: 75aa769f085ae45cda8d1210bc581d6b45b209c3a1787a20e732ba9493cc0e9c
Instruction Fuzzy Hash: 54213A74A10209EFDB44CF94C589FAEB7B5FB88314F208069E905AB395C631EE81DB90

Function 078C356C Relevance: 6.9, Strings: 5, Instructions: 621COMMON

Download Yara Rule

Strings

Haq, xrefs: 078C51D5
Haq, xrefs: 078C50C4
Haq, xrefs: 078C5031
Haq, xrefs: 078C5293
Haq, xrefs: 078C514B

Memory Dump Source

Source File: 00000000.00000002.4440010343.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Haq$Haq$Haq$Haq$Haq
API String ID: 0-1792267638
Opcode ID: 39bbb7a6c17c3d6a471b1ff8cf24ce5bf1423b54fba5f1a8a2c5e6341ad32494
Instruction ID: a3672962bc2e7e9055d299f862392b1e39e88087bd69f409c7e90376177380d7
Opcode Fuzzy Hash: 39bbb7a6c17c3d6a471b1ff8cf24ce5bf1423b54fba5f1a8a2c5e6341ad32494
Instruction Fuzzy Hash: CC326D70A002588FEB54DFA9C8547AEBBB2AF94300F1485AED409EB295DE34DD85CF91

Function 07912408 Relevance: 5.3, Strings: 4, Instructions: 266COMMON

Download Yara Rule

Strings

, xrefs: 079124A4
Haq, xrefs: 0791257E
(aq, xrefs: 07912552
(&]q, xrefs: 079126D9

Memory Dump Source

Source File: 00000000.00000002.4440246141.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7910000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $(&]q$(aq$Haq
API String ID: 0-1574058083
Opcode ID: f6c9465b4cec9a6e79bada1f4f0c409deb5b82f6cf2ec6713057025e66b59d1f
Instruction ID: b10ae1d2ef097dd0befdd3494d7d8d127a49245e7d80bbe3ab38cedede626deb
Opcode Fuzzy Hash: f6c9465b4cec9a6e79bada1f4f0c409deb5b82f6cf2ec6713057025e66b59d1f
Instruction Fuzzy Hash: 65918FB1F002199FDB18EF69C8545AFBAFAFF88704F10842AE405EB254DF759911CBA1

Function 0634A340 Relevance: 2.8, Strings: 2, Instructions: 334COMMON

Download Yara Rule

Strings

Haq, xrefs: 0634A4DD
Haq, xrefs: 0634A53D

Memory Dump Source

Source File: 00000000.00000002.4438931245.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Haq$Haq
API String ID: 0-4016896955
Opcode ID: 297a585c57a9a06f32da70ae020d655869d353502fdcde3517c12061be2875d8
Instruction ID: 5db4a004d6155a5c5f1275d0c816335c290990adedb2502cb1e83b11c995f906
Opcode Fuzzy Hash: 297a585c57a9a06f32da70ae020d655869d353502fdcde3517c12061be2875d8
Instruction Fuzzy Hash: C8D14F70A402189FDB54DFA9D894AAEBBF6BF88700F148069E449EB355DB34ED05CF90

Function 6E1525C0 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(00000114), ref: 6E1525E4

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: 55c11eea027a54564c287d165e3dd5e9ea85a34c264f0a862589f0d6a2c66c34
Instruction ID: afb5f0e1ff181faa868532dcb691939ab273b062c02241c39644d2c286f925fb
Opcode Fuzzy Hash: 55c11eea027a54564c287d165e3dd5e9ea85a34c264f0a862589f0d6a2c66c34
Instruction Fuzzy Hash: C221CDB2D1621CDBDF648B81C9093CDB7B4AB15719F2041EBC93423244C3B54BE8EE92

Function 078C4A63 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440010343.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0a13bbdd9712b95060f54c1dc19afacb171a0a3573b3b94d383f30554c3acba
Instruction ID: 4ae0ef89432347e8a91f058310a4bb8ee1decb3f70994e4a7afbf16f4935eac5
Opcode Fuzzy Hash: f0a13bbdd9712b95060f54c1dc19afacb171a0a3573b3b94d383f30554c3acba
Instruction Fuzzy Hash: E8C158B0E002598FDF14DFA9C890799BBB2BF98310F14C5AAD409EB255EB34E985CF51

Function 0796F259 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4440326768.0000000007960000.00000040.00000800.00020000.00000000.sdmp, Offset: 07960000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7960000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c89fba596afd32938d1b0d792c1f93c14681c065c91fd0f026be8c2cc56e9754
Instruction ID: 12e482bf95521d35d38c201243469a459f0e8f78deae4fae850da02b2ee3c799
Opcode Fuzzy Hash: c89fba596afd32938d1b0d792c1f93c14681c065c91fd0f026be8c2cc56e9754
Instruction Fuzzy Hash: E621382B78C5364C9033A8BC7C15AD8A791C562DF3B448337DA29CF6DBE722855B86C1

Function 6E151FB0 Relevance: 36.3, APIs: 24, Instructions: 283memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00001000), ref: 6E151FF6
HeapAlloc.KERNEL32(00000000), ref: 6E151FFD
ReadProcessMemory.KERNEL32(000000FF,?,00000000,00001000,?), ref: 6E152027
GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E15203F
HeapFree.KERNEL32(00000000), ref: 6E152046
GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E152081
HeapFree.KERNEL32(00000000), ref: 6E152088

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$Process$Free$AllocMemoryRead
String ID:
API String ID: 3401992658-0
Opcode ID: 005e38402d37530dcdaa7a77c0436ae9e9d452067d88bc2e38519a68a3e07b23
Instruction ID: 9e7c1318f70f1e793601acca4e6822a6e3209b5f9309d4b98715f82073637e2c
Opcode Fuzzy Hash: 005e38402d37530dcdaa7a77c0436ae9e9d452067d88bc2e38519a68a3e07b23
Instruction Fuzzy Hash: 18C1E4B1A18219EFDF84CFE9C984BAEBBB4BF09305F108419E515EB340D774A991DB60

Function 6E153EE0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 196memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000178), ref: 6E153F5B
HeapAlloc.KERNEL32(00000000), ref: 6E153F62
RaiseException.KERNEL32(00000111,00000000,00000001,?), ref: 6E153FB6
GetProcessHeap.KERNEL32(00000000,00000000,00000000,0000000E,00000000,00000000,00000178), ref: 6E153FE5
HeapFree.KERNEL32(00000000), ref: 6E153FEC
GetProcessHeap.KERNEL32(00000000,00000178), ref: 6E153FF8
HeapAlloc.KERNEL32(00000000), ref: 6E153FFF
RaiseException.KERNEL32(00000111,00000000,00000001,?), ref: 6E154053
GetProcessHeap.KERNEL32(00000000,00000000,00000000,0000000E,00000000,00000000,00000178,00000000,0000000E,00000000,00000000,00000178), ref: 6E154166
HeapFree.KERNEL32(00000000), ref: 6E15416D

Strings

luetooth, xrefs: 6E15408C
Memory allocation failed for IP_ADAPTER_ADDRESSES struct, xrefs: 6E153F76, 6E154013

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$Process$AllocExceptionFreeRaise
String ID: Memory allocation failed for IP_ADAPTER_ADDRESSES struct$luetooth
API String ID: 2657628542-2887912024
Opcode ID: 68ac06ed96803ad2f6d6a0801a18beadf21fb44f37fa6776fe0966cbfcbab6e1
Instruction ID: a60dd900be33da83804b2888d6062bd7d2ade844c49234aeb4963b1fe3908e5e
Opcode Fuzzy Hash: 68ac06ed96803ad2f6d6a0801a18beadf21fb44f37fa6776fe0966cbfcbab6e1
Instruction Fuzzy Hash: 4E71FCB1E50218EFEF50DFD0CC49BEEB7B8AB08704F104459E615AB280D7B59995DFA0

Function 6E152820 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 100librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll), ref: 6E152851
GetProcAddress.KERNEL32(00000000,DbgUiRemoteBreakin), ref: 6E152876
GetProcAddress.KERNEL32(00000000,DbgBreakPoint), ref: 6E15288A
FreeLibrary.KERNEL32(00000000), ref: 6E15289D
VirtualProtect.KERNEL32(00000000,00001000,00000040,?), ref: 6E1528B9
FreeLibrary.KERNEL32(00000000), ref: 6E1528C7
VirtualProtect.KERNEL32(00000000,00001000,?,?), ref: 6E15292B
FreeLibrary.KERNEL32(00000000), ref: 6E152939

Strings

DbgUiRemoteBreakin, xrefs: 6E15286D
DbgBreakPoint, xrefs: 6E152881
ntdll.dll, xrefs: 6E15284C

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Library$Free$AddressProcProtectVirtual$Load
String ID: DbgBreakPoint$DbgUiRemoteBreakin$ntdll.dll
API String ID: 1593070991-76633807
Opcode ID: 8349673dfbfdfec339f21f006709d70adfefd7fd58be0a89a13e70aabd727fc2
Instruction ID: 03ae5deb413e628160076b7cc52c72b6f2c258250d09afdf9abe49432cd826b5
Opcode Fuzzy Hash: 8349673dfbfdfec339f21f006709d70adfefd7fd58be0a89a13e70aabd727fc2
Instruction Fuzzy Hash: EE41FF71914219EFDF00DFE4C948BBEBBB8BB0A301F104568E521A7340D7795A91EBA0

Function 6E154521 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6E1545D3
K32GetModuleBaseNameA.KERNEL32(?,00000000,?,00000400), ref: 6E1545F4

Strings

ninjatrader.exe, xrefs: 6E154535
&, xrefs: 6E1545B0
&, xrefs: 6E1545A2
&, xrefs: 6E15459B
&, xrefs: 6E1545A9
V, xrefs: 6E154586
T, xrefs: 6E154578
d, xrefs: 6E154594

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: BaseCurrentModuleNameProcess
String ID: &$&$&$&$T$V$d$ninjatrader.exe
API String ID: 712551867-1716121823
Opcode ID: 0b72fd4984757a805787c7f96943e2ee2fc6e8f889414be21f391b81b6696427
Instruction ID: 341e62fcb8a8c984a9779d9c034a315f6a8747c70cd2a79810fc8dcf0f78b565
Opcode Fuzzy Hash: 0b72fd4984757a805787c7f96943e2ee2fc6e8f889414be21f391b81b6696427
Instruction Fuzzy Hash: D651D3B0A0429C9FCB11CB98C954BE9BBB55F4A308F0480D9E6499B382C7755FC4DF6A

Function 6E154510 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 108COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6E1545D3
K32GetModuleBaseNameA.KERNEL32(?,00000000,?,00000400), ref: 6E1545F4

Strings

ninjatrader.exe, xrefs: 6E154535
&, xrefs: 6E1545B0
&, xrefs: 6E1545A2
&, xrefs: 6E15459B
&, xrefs: 6E1545A9
V, xrefs: 6E154586
T, xrefs: 6E154578
d, xrefs: 6E154594

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: BaseCurrentModuleNameProcess
String ID: &$&$&$&$T$V$d$ninjatrader.exe
API String ID: 712551867-1716121823
Opcode ID: dfb97c0bad84db9568eebc587835b95157e9efeff9e317285076bef3028367e7
Instruction ID: bbbe4a8e81a1636d0435da9a3efdbe40703b8e505641b68b7804fb3b2f1569e7
Opcode Fuzzy Hash: dfb97c0bad84db9568eebc587835b95157e9efeff9e317285076bef3028367e7
Instruction Fuzzy Hash: 8041B1F0A0425C9BCB10CB98C944BEEBBB95F45308F0480E8E60957342D7759BD5DFA9

Function 6E152CB0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 33libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(mscoree.dll), ref: 6E152CBE
GetProcAddress.KERNEL32(00000000,GetCORVersion), ref: 6E152CDF
GetProcAddress.KERNEL32(00000000,GetRequestedRuntimeInfo), ref: 6E152CF5
GetProcAddress.KERNEL32(00000000,GetFileVersion), ref: 6E152D0B

Strings

GetCORVersion, xrefs: 6E152CD4
GetRequestedRuntimeInfo, xrefs: 6E152CEA
GetFileVersion, xrefs: 6E152D00
mscoree.dll, xrefs: 6E152CB9

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: GetCORVersion$GetFileVersion$GetRequestedRuntimeInfo$mscoree.dll
API String ID: 2238633743-1350728216
Opcode ID: 886e37cbaf638bc9ff29971865b24a00935a16e7f0097d2ecf06804270a5eb15
Instruction ID: 1a1b040cdbf2c3b4b0cfa76853cae525138c659faec758678cd3c0645d870d58
Opcode Fuzzy Hash: 886e37cbaf638bc9ff29971865b24a00935a16e7f0097d2ecf06804270a5eb15
Instruction Fuzzy Hash: 37F017B2905B09AFDF809BE6880C93A3BB8F347B41B10D929F911C6312E2B05851AB90

Function 6E1557D0 Relevance: 13.6, APIs: 9, Instructions: 107memoryCOMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(?,?), ref: 6E1557E7
GetProcessHeap.KERNEL32(00000000,00000000,?,?), ref: 6E155802
HeapAlloc.KERNEL32(00000000), ref: 6E155809
GetFileVersionInfoW.VERSION(?,00000000,00000000,?), ref: 6E155820
VerQueryValueA.VERSION(?,6E1634D4,?,?,?,00000000,00000000,?), ref: 6E15583E
GetProcessHeap.KERNEL32(00000000,?,?,6E1634D4,?,?,?,00000000,00000000,?), ref: 6E1558E2
HeapFree.KERNEL32(00000000), ref: 6E1558E9

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$FileInfoProcessVersion$AllocFreeQuerySizeValue
String ID:
API String ID: 182793968-0
Opcode ID: 1d5fe04a135aff071827a3c75c4e1f71c9a180f4264e3fbdab4110b45791cd49
Instruction ID: af7e336e4c7449412ff75eaea9737a9457a806c16bbdecb43fb73a0e923ce8eb
Opcode Fuzzy Hash: 1d5fe04a135aff071827a3c75c4e1f71c9a180f4264e3fbdab4110b45791cd49
Instruction Fuzzy Hash: EF414CB1A04108DFEB14DFD9C494BAEFBB9EF49310F108529EA1ADB380D634A946DB50

Function 6E15ADA0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 140windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,?,AgileDotNet,00010000), ref: 6E15AE9F

Strings

The secured image was created using a trial version of , xrefs: 6E15AE50, 6E15AF2B
AgileDotNet, xrefs: 6E15AE64, 6E15AE91, 6E15AF3F, 6E15AF6C
and can not run on this machine., xrefs: 6E15AE78, 6E15AF53

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Message
String ID: and can not run on this machine.$AgileDotNet$The secured image was created using a trial version of
API String ID: 2030045667-654727452
Opcode ID: 625040bb5dd7b40ed1215b7ff65ab1b9eee77df23d78429efde8a2e6ca8a1f21
Instruction ID: 29d278322602344d5146d9a97fccacc52738bef3f383a5c441f8cdd16333560d
Opcode Fuzzy Hash: 625040bb5dd7b40ed1215b7ff65ab1b9eee77df23d78429efde8a2e6ca8a1f21
Instruction Fuzzy Hash: C641C7F2E4025866DB41CBE08C45FEE7BAC9B11305F044866F558D6280EBB596E8ABF1

Function 6E15CE90 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 216COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32(00000111,00000000,00000001,?), ref: 6E15CFE9

Strings

Table stream was not found., xrefs: 6E15CFAA
-, xrefs: 6E15D01F
, xrefs: 6E15D04E
@, xrefs: 6E15D0C5
@, xrefs: 6E15D13E

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionRaise
String ID: $-$@$@$Table stream was not found.
API String ID: 3997070919-3695719007
Opcode ID: 76f42a05da2c19d79fd22a7a17fd6342d0f0699b459c0f18f3ad3997deed05d3
Instruction ID: b85f58b84c5d84c53443903b09c50c4c24b7e37401cd870355a7e7c7296e068f
Opcode Fuzzy Hash: 76f42a05da2c19d79fd22a7a17fd6342d0f0699b459c0f18f3ad3997deed05d3
Instruction Fuzzy Hash: FAB1D1B0E04219DFCB14CFA8C985BEEB7B5AB89309F1041EAD419AB351D731AE95DF40

Function 6E15F2E0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 216memorystringCOMMON

Download Yara Rule

APIs

GetCommandLineW.KERNEL32 ref: 6E15F2FB
lstrlenW.KERNEL32(?), ref: 6E15F308
GetProcessHeap.KERNEL32(00000000,?), ref: 6E15F31B
HeapAlloc.KERNEL32(00000000), ref: 6E15F322
lstrcpyW.KERNEL32(00000000,?), ref: 6E15F348

Strings

, xrefs: 6E15F54B

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$AllocCommandLineProcesslstrcpylstrlen
String ID:
API String ID: 3105795567-3916222277
Opcode ID: 1e0912f376457b9580cc3602289b8feaca81f19273cb29c6506c46f8928cb03c
Instruction ID: 3ed2f3150c6c5bcdefe86b00fd13914b234f3ee5ef6fdb0e08427c93b69e58b0
Opcode Fuzzy Hash: 1e0912f376457b9580cc3602289b8feaca81f19273cb29c6506c46f8928cb03c
Instruction Fuzzy Hash: 1D91D9B4E11109EFDB98CF99C494ABEB7B1FF49305B20849AE871DB350D37499A0EB10

Function 6E15B340 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54filethreadCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(MiniDump.dmp,C0000000,00000000,00000000,00000002,00000080,00000000), ref: 6E15B360
GetCurrentThreadId.KERNEL32 ref: 6E15B375
GetCurrentProcessId.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 6E15B3B7
GetCurrentProcess.KERNEL32(00000000), ref: 6E15B3BE
CloseHandle.KERNEL32(000000FF,00000000), ref: 6E15B3D1

Strings

MiniDump.dmp, xrefs: 6E15B35B

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Current$Process$CloseCreateFileHandleThread
String ID: MiniDump.dmp
API String ID: 2270032372-271895303
Opcode ID: 736889ec2052c80938a6e0dc9e9db2ff5c28b1e7491668a155345b8f2b9e7488
Instruction ID: 1f94075c5665c9e7365bb6745c175428dad4ef5362da40956a3b48622438f06c
Opcode Fuzzy Hash: 736889ec2052c80938a6e0dc9e9db2ff5c28b1e7491668a155345b8f2b9e7488
Instruction Fuzzy Hash: EE113AB0D00209FBDF50DFE4C849F9EBBB8AB49305F208119E624A7280D3705A44DB90

Function 6E1553A0 Relevance: 9.1, APIs: 6, Instructions: 97COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,6E156CE5,?,?,00000104), ref: 6E1553B3
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 6E1553C1
K32EnumProcessModules.KERNEL32(00000000,?,00001000,?), ref: 6E1553F7
K32GetModuleFileNameExW.KERNEL32(00000000,?,?,00000104,00000000,?,00001000,?), ref: 6E155455
CloseHandle.KERNEL32(?,00000000,00000001), ref: 6E1554E9

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Process$CloseCurrentEnumFileHandleModuleModulesNameOpen
String ID:
API String ID: 4110801219-0
Opcode ID: b2da99e5053b0314f16b30c0df8bd129be2c9eda9453b7f24b1736a750521bdc
Instruction ID: 503039a12efa51e14fd704bc793e303e7f9de63d40adb6f76b54d0b784a3d3a0
Opcode Fuzzy Hash: b2da99e5053b0314f16b30c0df8bd129be2c9eda9453b7f24b1736a750521bdc
Instruction Fuzzy Hash: D4415EB4A60258ABDB21DF94CC80ADDB3B9AB09341F0044E5E55DE3240E7B09EE8DF50

Function 6E15B570 Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 6E15B593
VirtualProtect.KERNEL32(?,?,00000004,?,?,?,0000001C), ref: 6E15B5AA
LeaveCriticalSection.KERNEL32(?,?,?,0000001C), ref: 6E15B5B9
VirtualProtect.KERNEL32(?,?,?,00000000,?,?,?,0000001C), ref: 6E15B5E6

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Virtual$Protect$CriticalLeaveQuerySection
String ID:
API String ID: 2006288-0
Opcode ID: 5898a56c6d91b7e59734ac81f072d040b602d5c52bcb7c53cfb3f18d47138c77
Instruction ID: bd7cc951a947c01f4d70aeda1b1709efe77c67ef37fd2496459575de8070dc5b
Opcode Fuzzy Hash: 5898a56c6d91b7e59734ac81f072d040b602d5c52bcb7c53cfb3f18d47138c77
Instruction Fuzzy Hash: A2119AB5A14208EFDF44CFD8D984EEEBBF8EB49301F208199E605E7240D675AE40DB60

Function 6E15B480 Relevance: 6.0, APIs: 4, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 6E15B496
VirtualProtect.KERNEL32(?,?,00000004,?), ref: 6E15B4AD
EnterCriticalSection.KERNEL32(?), ref: 6E15B4BA
VirtualProtect.KERNEL32(?,?,?,00000000), ref: 6E15B4E6

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Virtual$Protect$CriticalEnterQuerySection
String ID:
API String ID: 2670832257-0
Opcode ID: fab6824d93c0db11b7424275402a12e672b81ab2e783f991beb8c52a63b77ae4
Instruction ID: 967775f4b1d1ce7940e2eb58f49c31f8b4e784446b61d25848b7d734eb7dbdbc
Opcode Fuzzy Hash: fab6824d93c0db11b7424275402a12e672b81ab2e783f991beb8c52a63b77ae4
Instruction Fuzzy Hash: D81166B591020CEFDB44DF98D985EEEBBF8EB4D311F108169EA05E7240D675AA40DBA0

Function 6E153D00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,This application requires .NET Framework 2.0 in order to run properly. Please verify that .NET framework 2.0 is installed on the,AgileDotNet,00010000), ref: 6E153D26

Strings

This application requires .NET Framework 2.0 in order to run properly. Please verify that .NET framework 2.0 is installed on the, xrefs: 6E153D1F
AgileDotNet, xrefs: 6E153D1A

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Message
String ID: AgileDotNet$This application requires .NET Framework 2.0 in order to run properly. Please verify that .NET framework 2.0 is installed on the
API String ID: 2030045667-543017848
Opcode ID: 99c2218fe5bac7af69ebedfc614f055dec6133d13c898b7f02c426f5082efdb8
Instruction ID: 4a70b30794c6c450f90294090d477d4ec0a9499f1b583f80deffdbccd80a641d
Opcode Fuzzy Hash: 99c2218fe5bac7af69ebedfc614f055dec6133d13c898b7f02c426f5082efdb8
Instruction Fuzzy Hash: 02D05B9134431431D15166D66C4DFF6776C8795A57F804051FA189C2859A8158E660E2

Function 6E155220 Relevance: 5.1, APIs: 4, Instructions: 58memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?), ref: 6E155272
HeapFree.KERNEL32(00000000), ref: 6E155279
GetProcessHeap.KERNEL32(00000000,?), ref: 6E155293
HeapFree.KERNEL32(00000000), ref: 6E15529A

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: e34415dc76cde1c4d4f0e1d30a20c741054c7e0f442a44bdf51fc07d003c4119
Instruction ID: 9c06012e13bd3cf8b3e2efa1d0374b484c4fbe2313def7384d382d0af9158522
Opcode Fuzzy Hash: e34415dc76cde1c4d4f0e1d30a20c741054c7e0f442a44bdf51fc07d003c4119
Instruction Fuzzy Hash: AA11D7B5E04208EFDB40CFD8C884BAEBBB5FB49305F104499E515A7390C770AE94EB90

Function 6E1552E0 Relevance: 5.1, APIs: 4, Instructions: 58memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?), ref: 6E155332
HeapFree.KERNEL32(00000000), ref: 6E155339
GetProcessHeap.KERNEL32(00000000,?), ref: 6E155353
HeapFree.KERNEL32(00000000), ref: 6E15535A

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: e34415dc76cde1c4d4f0e1d30a20c741054c7e0f442a44bdf51fc07d003c4119
Instruction ID: 705fe27ea1a2d445f741a0894c9463334a56914ed6908adb3a4ec8987cdab61c
Opcode Fuzzy Hash: e34415dc76cde1c4d4f0e1d30a20c741054c7e0f442a44bdf51fc07d003c4119
Instruction Fuzzy Hash: 1411B4B5A04208EFDB40CFD8C889BAEBBB4FB49305F104499E525A7390C770AE90EB50

Function 6E155160 Relevance: 5.1, APIs: 4, Instructions: 58memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?), ref: 6E1551B2
HeapFree.KERNEL32(00000000), ref: 6E1551B9
GetProcessHeap.KERNEL32(00000000,?), ref: 6E1551D3
HeapFree.KERNEL32(00000000), ref: 6E1551DA

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: e34415dc76cde1c4d4f0e1d30a20c741054c7e0f442a44bdf51fc07d003c4119
Instruction ID: 8f99111c0f3aa0b8007887b273bf8b5ac25e076b31c4b7361b33190a19a0ba0b
Opcode Fuzzy Hash: e34415dc76cde1c4d4f0e1d30a20c741054c7e0f442a44bdf51fc07d003c4119
Instruction Fuzzy Hash: 0811C6B5A04208EFDB04CFD8C884BAEBBB5FF49305F104499E515A7390C771AE90EB50

Function 6E15F280 Relevance: 5.0, APIs: 4, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000000,?), ref: 6E15F299
HeapReAlloc.KERNEL32(00000000), ref: 6E15F2A0
GetProcessHeap.KERNEL32(00000000,?), ref: 6E15F2B0
HeapAlloc.KERNEL32(00000000), ref: 6E15F2B7

Memory Dump Source

Source File: 00000000.00000002.4440726036.000000006E151000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E150000, based on PE: true

Associated: 00000000.00000002.4440706277.000000006E150000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440794793.000000006E165000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440813903.000000006E166000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440833127.000000006E167000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e150000_SecuriteInfo.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: 5b789aac4c2155e015df5a3129aa85ea9fa08b08fb6d0ec656b33a0bc16c27ee
Instruction ID: a23121569390ae506d77a448c9c920f0d8ad6fd4de29c073885c12bb6ed13de5
Opcode Fuzzy Hash: 5b789aac4c2155e015df5a3129aa85ea9fa08b08fb6d0ec656b33a0bc16c27ee
Instruction Fuzzy Hash: E3E039B6214108FBDF409BD9C84DFBE3B6CEB4A252F008024FA2986280C67098409BA1

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\21130707-67bd-4fd2-91d2-b9f759127e7b\GunaUIDotNetRT.dll

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

UDP Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exePID: 5460, Parent PID: 1028

General

Chronological Activities

Windows Analysis Report
SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe

Function 6E15A090 Relevance: 44.1, APIs: 11, Strings: 14, Instructions: 301
memorylibraryloaderCOMMON

Function 6E157AB0 Relevance: 9.4, APIs: 6, Instructions: 377
COMMON

Function 07960040 Relevance: 6.3, Strings: 2, Instructions: 3805
COMMON

Function 6E156E10 Relevance: 21.6, APIs: 1, Strings: 11, Instructions: 566
COMMON

Function 6E154890 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 265
memorysynchronizationCOMMON

Function 6E1523F0 Relevance: 16.6, APIs: 11, Instructions: 113
memoryCOMMON

Function 6E1555C0 Relevance: 15.1, APIs: 10, Instructions: 148
memoryCOMMON

Function 6E1529B0 Relevance: 7.5, APIs: 5, Instructions: 40
threadCOMMON

Function 6E15B770 Relevance: 6.1, APIs: 4, Instructions: 88
fileCOMMON

Function 6E15AAC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170
COMMON

Function 6E15921E Relevance: 4.6, APIs: 3, Instructions: 57
memoryCOMMON

Function 6E159210 Relevance: 4.6, APIs: 3, Instructions: 55
memoryCOMMON