Edit tour

Windows Analysis Report
sj-updater-app.exe

Overview

General Information

Sample name:	sj-updater-app.exe
Analysis ID:	1448097
MD5:	457dd6e4dc5e7866f2b10b065379f3e3
SHA1:	7a2b3bd51b34f6e8361a41dc428917234edf76d9
SHA256:	a3281a97f2bdbeba81f22630ba5dd9543e28debcdda17188357ecdf4c7c7ff8a
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Found potential string decryption / allocating functions

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Classification

Process Tree

System is w10x64

sj-updater-app.exe (PID: 3716 cmdline: "C:\Users\user\Desktop\sj-updater-app.exe" MD5: 457DD6E4DC5E7866F2B10B065379F3E3)

conhost.exe (PID: 1864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: sj-updater-app.exe

Static PE information: certificate valid

Source: sj-updater-app.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\cmakebuild\Release\bin\sj-updater\sj-updater-app.pdb source: sj-updater-app.exe

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF63CC07210 WSARecv,#111,

0_2_00007FF63CC07210

Source: sj-updater-app.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: sj-updater-app.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: sj-updater-app.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: sj-updater-app.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: sj-updater-app.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: sj-updater-app.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: sj-updater-app.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: sj-updater-app.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: sj-updater-app.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: sj-updater-app.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: sj-updater-app.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: sj-updater-app.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: sj-updater-app.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: sj-updater-app.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: sj-updater-app.exe	String found in binary or memory: https://2.4.5sj-pulse-desktop
Source: sj-updater-app.exe	String found in binary or memory: https://pulse.surveyjunkie.com/downloads
Source: sj-updater-app.exe	String found in binary or memory: https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeat
Source: sj-updater-app.exe	String found in binary or memory: https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeatingress.coralogix.us/logs/v1/bulkinsig

Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC51620	0_2_00007FF63CC51620
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC355E0	0_2_00007FF63CC355E0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC45EF0	0_2_00007FF63CC45EF0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC47EA0	0_2_00007FF63CC47EA0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC40650	0_2_00007FF63CC40650
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC09660	0_2_00007FF63CC09660
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC48030	0_2_00007FF63CC48030
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC12FC0	0_2_00007FF63CC12FC0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC557E0	0_2_00007FF63CC557E0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC32FA0	0_2_00007FF63CC32FA0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CCF7740	0_2_00007FF63CCF7740
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC02F50	0_2_00007FF63CC02F50
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CBFCF60	0_2_00007FF63CBFCF60
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC3F760	0_2_00007FF63CC3F760
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC58F60	0_2_00007FF63CC58F60
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC27100	0_2_00007FF63CC27100
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CBEE0C0	0_2_00007FF63CBEE0C0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC0A0C0	0_2_00007FF63CC0A0C0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CBF0080	0_2_00007FF63CBF0080
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC408B0	0_2_00007FF63CC408B0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CBF2840	0_2_00007FF63CBF2840
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CBEA060	0_2_00007FF63CBEA060
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC07210	0_2_00007FF63CC07210
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC32230	0_2_00007FF63CC32230
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC25A20	0_2_00007FF63CC25A20
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC479A0	0_2_00007FF63CC479A0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CD06970	0_2_00007FF63CD06970
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC2DB10	0_2_00007FF63CC2DB10
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC2D330	0_2_00007FF63CC2D330
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC40AD0	0_2_00007FF63CC40AD0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC2B290	0_2_00007FF63CC2B290
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC29A90	0_2_00007FF63CC29A90
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CBE12B0	0_2_00007FF63CBE12B0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CBF5B80	0_2_00007FF63CBF5B80
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CBEFBB0	0_2_00007FF63CBEFBB0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CBE6BB0	0_2_00007FF63CBE6BB0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC4E340	0_2_00007FF63CC4E340
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC01370	0_2_00007FF63CC01370
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC47CF0	0_2_00007FF63CC47CF0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC3E4A0	0_2_00007FF63CC3E4A0
Source: C:\Users\user\Desktop\sj-updater-app.exe	Code function: 0_2_00007FF63CC52440	0_2_00007FF63CC52440

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: String function: 00007FF63CBE3690 appears 67 times

Source: sj-updater-app.exe	Binary or memory string: OriginalFilename vs sj-updater-app.exe
Source: sj-updater-app.exe, 00000000.00000000.1972281910.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesj-updater.exe6 vs sj-updater-app.exe
Source: sj-updater-app.exe	Binary or memory string: OriginalFilenamesj-updater.exe6 vs sj-updater-app.exe

Source: classification engine

Classification label: clean2.winEXE@2/0@0/0

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF63CD446DC GetDiskFreeSpaceExW,GetLastError,__std_fs_open_handle,CloseHandle,free,malloc,free,free,GetFinalPathNameByHandleW,malloc,free,free,CloseHandle,abort,CloseHandle,GetDiskFreeSpaceExW,GetLastError,free,GetLastError,CloseHandle,free,free,

0_2_00007FF63CD446DC

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF63CC28A90 StartServiceCtrlDispatcherA,GetLastError,_invalid_parameter_noinfo_noreturn,

0_2_00007FF63CC28A90

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF63CC28A90 StartServiceCtrlDispatcherA,GetLastError,_invalid_parameter_noinfo_noreturn,

0_2_00007FF63CC28A90

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1864:120:WilError_03

Source: sj-updater-app.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\sj-updater-app.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: sj-updater-app.exe	String found in binary or memory: MMHS-Exempted-Address
Source: sj-updater-app.exe	String found in binary or memory: Originator-Return-Address
Source: sj-updater-app.exe	String found in binary or memory: List-Help
Source: sj-updater-app.exe	String found in binary or memory: Accept-Additions
Source: sj-updater-app.exe	String found in binary or memory: /maximum-install-time-ms
Source: sj-updater-app.exe	String found in binary or memory: /maximum-install-time-ms
Source: sj-updater-app.exe	String found in binary or memory: bad numeric conversion: positive overflow/hosting-url/initial-check-delay-ms/version-check-interval-ms/maximum-install-time-ms/error-expiration-period-ms/maximum-retry-attempts/verify-signature/version-info-file-url/feature-flags-file-url/feature-flags-config-dir/feature-flags-update-post-delay-ms/observabilityFailed to load updater configuraion: {}C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\UpdaterConfig.cpp__cdecl sj::UpdaterConfig::UpdaterConfig(const class std::vector<struct sj::cfg::ConfigFile,class std::allocator<struct sj::cfg::ConfigFile> > &)Activating default configurationhttps://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeatingress.coralogix.us/logs/v1/bulkinsights-collector.newrelic.com/v1/accounts/1592627/eventsev_log-api.newrelic.com/log/v1log_metric-api.newrelic.com/metric/v1mt_trace-api.newrelic.com/trace/v1tr_api.mixpanel.com93c82f2a7e19b351d199aada15357e62https://pulse.surveyjunkie.com/downloads{}/version-info-{}.json{}/desktop-feature-flags.jsonSJPulse/config'JSON pointer must be empty or begin with '/' - was: 'escape character '~' must be followed with '0' or '1'Overflow detected for '{}'. {} become {}Rounding detected for '{}'. {} become {}Attempting to assign negative number '{}' to a variable expecting positive number '{}'Number expected for '{}', but {} given.unresolved reference token '9 at byte parse errorparse_error/~1~~0nullobjectarraystringbooleanbinarydiscardednumbercannot use operator[] with a string argument with cannot use operator[] with a numeric argument with 961c151d2e87f2686a955a9be24d316f1362bf21 3.11.2) is out of rangearray index '-' (' must not begin with '0'array index '' is not a number exceeds size_typearray index out_of_rangetype_errorother_errortype must be string, but is type must be boolean, but is type must be number, but is
Source: sj-updater-app.exe	String found in binary or memory: Accept-Additions
Source: sj-updater-app.exe	String found in binary or memory: List-Help
Source: sj-updater-app.exe	String found in binary or memory: MMHS-Exempted-Address
Source: sj-updater-app.exe	String found in binary or memory: Originator-Return-Address
Source: sj-updater-app.exe	String found in binary or memory: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v4.ipp
Source: sj-updater-app.exe	String found in binary or memory: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v6.ipp
Source: sj-updater-app.exe	String found in binary or memory: http/1.1C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v4.ippC:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v6.ippC:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\network\details\SslUtilities.cppvoid __cdecl sj::details::configureSslContextOptions(struct ssl_ctx_st *const ) noexceptCould not set minimum protocol version for SSL contextCould not set SNI server name '{}', desc: {}void __cdecl sj::details::configureCertificateValidation(class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp,class boost::asio::any_io_executor> &> &,class std::variant<class std::basic_string_view<char,struct std::char_traits<char> >,class boost::asio::ip::address>,class std::basic_string_view<char,struct std::char_traits<char> >,bool &,class boost::system::error_code &)Could not set ALPN list, desc: {}

Source: unknown	Process created: C:\Users\user\Desktop\sj-updater-app.exe "C:\Users\user\Desktop\sj-updater-app.exe"
Source: C:\Users\user\Desktop\sj-updater-app.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: boost_iostreams-vc143-mt-x64-1_83.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: libssl-3-x64.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: libcrypto-3-x64.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: spdlog.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: fmt.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: brotlienc.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: brotlidec.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: sentry.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: msvcp140_atomic_wait.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\sj-updater-app.exe	Section loaded: vcruntime140_1.dll	Jump to behavior

Source: sj-updater-app.exe

Static PE information: certificate valid

Source: sj-updater-app.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: sj-updater-app.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: sj-updater-app.exe

Static file information: File size 2156920 > 1048576

Source: sj-updater-app.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x17a200

Source: sj-updater-app.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: sj-updater-app.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: sj-updater-app.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: sj-updater-app.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: sj-updater-app.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: sj-updater-app.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: sj-updater-app.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: sj-updater-app.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\cmakebuild\Release\bin\sj-updater\sj-updater-app.pdb source: sj-updater-app.exe

Source: sj-updater-app.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: sj-updater-app.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: sj-updater-app.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: sj-updater-app.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: sj-updater-app.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF63CC28A90 StartServiceCtrlDispatcherA,GetLastError,_invalid_parameter_noinfo_noreturn,

0_2_00007FF63CC28A90

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF63CC27100 GetProcessHeap,HeapAlloc,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,CloseHandle,GetProcessHeap,HeapAlloc,CloseHandle,GetTokenInformation,CloseHandle,AllocateAndInitializeSid,CloseHandle,AllocateAndInitializeSid,FreeSid,EqualSid,EqualSid,FreeSid,FreeSid,CloseHandle,FreeSid,FreeSid,CloseHandle,

0_2_00007FF63CC27100

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF63CD458EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_00007FF63CD458EC

Source: C:\Users\user\Desktop\sj-updater-app.exe

0_2_00007FF63CC27100

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: GetLocaleInfoEx,FormatMessageA,

0_2_00007FF63CD43C4C

Source: C:\Users\user\Desktop\sj-updater-app.exe

Code function: 0_2_00007FF63CD45DFC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF63CD45DFC

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	3 Windows Service	3 Windows Service	1 Process Injection	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Service Execution	1 DLL Side-Loading	1 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 DLL Side-Loading	Security Account Manager	13 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
sj-updater-app.exe	0%	ReversingLabs
sj-updater-app.exe	0%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeat	0%	Avira URL Cloud	safe
https://2.4.5sj-pulse-desktop	0%	Avira URL Cloud	safe
https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeatingress.coralogix.us/logs/v1/bulkinsig	0%	Avira URL Cloud	safe
https://pulse.surveyjunkie.com/downloads	0%	Avira URL Cloud	safe
https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeat	0%	Virustotal		Browse
https://pulse.surveyjunkie.com/downloads	0%	Virustotal		Browse
https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeatingress.coralogix.us/logs/v1/bulkinsig	0%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
https://2.4.5sj-pulse-desktop	sj-updater-app.exe	false	Avira URL Cloud: safe	unknown
https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeat	sj-updater-app.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeatingress.coralogix.us/logs/v1/bulkinsig	sj-updater-app.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pulse.surveyjunkie.com/downloads	sj-updater-app.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1448097
Start date and time:	2024-05-27 19:40:31 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	sj-updater-app.exe
Detection:	CLEAN
Classification:	clean2.winEXE@2/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 224
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target sj-updater-app.exe, PID 3716 because there are no executed function
Not all processes where analyzed, report is missing behavior information

File type:	PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):	6.4431538128735575
TrID:	Win64 Executable Console (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	sj-updater-app.exe
File size:	2'156'920 bytes
MD5:	457dd6e4dc5e7866f2b10b065379f3e3
SHA1:	7a2b3bd51b34f6e8361a41dc428917234edf76d9
SHA256:	a3281a97f2bdbeba81f22630ba5dd9543e28debcdda17188357ecdf4c7c7ff8a
SHA512:	c47b24fdf59f21bddd870b853883b759879082de8ef34e33f596271aeb738a04333bb9e10a3d410ecba9a5d0ea761cc6fbf849f42a6e868d8728a9fbc080fd6b
SSDEEP:	49152:vqb2/b89m6CtyrQUeKHyeIDXSjw6iuTkP9XqYRYXDJHL+bkanXCe:xtukdBX5
TLSH:	1AA56B2AA17801F9C1F9D2BCCA079A0BE7713C4A872497DB01D492562F77BE85A7F311
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........nlQ.............w.......w.......................................w.......w..................u..................................

File Icon


Icon Hash:	3361d8cee6c47117

Static PE Info

General

Entrypoint:	0x140165450
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6645EC1D [Thu May 16 11:21:01 2024 UTC]
TLS Callbacks:	0x40165044, 0x1, 0x40165a70, 0x1
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	3480307717bc1f63a8a2166d772abab1

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	12/12/2023 01:00:00 30/06/2026 01:59:59
Subject Chain	CN="DISQO, Inc.", O="DISQO, Inc.", L=Glendale, S=California, C=US, SERIALNUMBER=6850471, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
Version:	3
Thumbprint MD5:	9770BF7BD57D482BF98AAFDE48DAA71D
Thumbprint SHA-1:	1F1716DE492ABB315EE61EDBE7DC7A8DD9949FCB
Thumbprint SHA-256:	0C31F784621C4477A1312EA315023B841670D1D9BE4A52BA9AFE73DB0029ED14
Serial:	036FCEF1A90FDA45B3B90FDAFA68B3A6

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F30CCBA8EA8h
dec eax
add esp, 28h
jmp 00007F30CCBA8377h
int3
int3
dec eax
mov eax, esp
dec eax
mov dword ptr [eax+18h], ebx
dec eax
mov dword ptr [eax+20h], esi
dec eax
mov dword ptr [eax+10h], edx
dec eax
mov dword ptr [eax+08h], ecx
push edi
inc ecx
push esi
inc ecx
push edi
dec eax
sub esp, 30h
dec ebp
mov edi, ecx
dec ebp
mov esi, eax
dec eax
mov esi, edx
dec eax
mov edi, ecx
xor ebx, ebx
dec eax
mov dword ptr [eax-20h], ebx
mov byte ptr [eax-28h], bl
dec ecx
cmp ebx, esi
je 00007F30CCBA8523h
dec eax
mov ecx, edi
dec ecx
mov eax, edi
dec eax
mov edx, dword ptr [00017FF1h]
call edx
dec eax
add edi, esi
dec eax
mov dword ptr [esp+50h], edi
dec eax
inc ebx
dec eax
mov dword ptr [esp+28h], ebx
jmp 00007F30CCBA84DCh
mov byte ptr [esp+20h], 00000001h
dec eax
mov ebx, dword ptr [esp+60h]
dec eax
mov esi, dword ptr [esp+68h]
dec eax
add esp, 30h
inc ecx
pop edi
inc ecx
pop esi
pop edi
ret
dec eax
mov eax, esp
dec esp
mov dword ptr [eax+20h], ecx
dec esp
mov dword ptr [eax+18h], eax
dec eax
mov dword ptr [eax+10h], edx
push ebx
push esi
push edi
inc ecx
push esi
dec eax
sub esp, 38h
dec ebp
mov esi, ecx
dec ecx
mov ebx, eax
dec eax
mov esi, edx
mov byte ptr [eax-38h], 00000000h
dec eax
mov edi, edx
dec ecx
imul edi, eax
dec eax
add edi, ecx
dec eax
mov dword ptr [eax+08h], edi
dec eax
mov eax, ebx
dec eax
dec ebx
dec eax
mov dword ptr [esp+70h], ebx
dec eax
test eax, eax
je 00007F30CCBA851Bh

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x1cc190	0x58	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1cc1e8	0x2bc	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x20d000	0x47e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x1fc000	0x10fd4	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x20c000	0x2978
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x212000	0x1c14	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x196260	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x196300	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x196120	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x17c000	0x1488	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x17a0ae	0x17a200	d6fd822a2b043007c1925e64c54a1947	False	0.3910550103305785	data	6.266377553091015	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x17c000	0x57144	0x57200	455e724f786a990c2711476aad0f46ea	False	0.36740607065997133	data	5.649743654870318	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1d4000	0x27f28	0x23200	7365931882848f6761bd954b11edfc37	False	0.05800989768683274	data	4.774395582119203	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x1fc000	0x10fd4	0x11000	d6369e387f5303316fe8925b184e47f1	False	0.5015940946691176	data	6.185500891038529	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x20d000	0x47e0	0x4800	6b0dfffa6550b5b414375f2d31c24123	False	0.22119140625	data	3.5607877279033175	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x212000	0x1c14	0x1e00	d8541aa71c824377a4d4845a2e976f30	False	0.36692708333333335	data	5.308603692560612	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x20d418	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384	English	United States	0.19768540387340577
RT_GROUP_ICON	0x211640	0x14	data	English	United States	1.1
RT_VERSION	0x20d150	0x2c8	data	English	United States	0.48174157303370785
RT_MANIFEST	0x211658	0x188	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5892857142857143

Imports

DLL	Import
boost_iostreams-vc143-mt-x64-1_83.dll	?process@gzip_footer@detail@iostreams@boost@@QEAAXD@Z, ?reset@gzip_footer@detail@iostreams@boost@@QEAAXXZ, ?default_compression@zlib@iostreams@boost@@3HB, ?deflated@zlib@iostreams@boost@@3HB, ??1gzip_header@detail@iostreams@boost@@QEAA@XZ, ?reset@gzip_header@detail@iostreams@boost@@QEAAXXZ, ?process@gzip_header@detail@iostreams@boost@@QEAAXD@Z, ??0gzip_header@detail@iostreams@boost@@QEAA@XZ, ?do_init@zlib_base@detail@iostreams@boost@@AEAAXAEBUzlib_params@34@_NP6APEAXPEAXII@ZP6AX22@Z2@Z, ?default_strategy@zlib@iostreams@boost@@3HB, ?okay@zlib@iostreams@boost@@3HB, ?reset@zlib_base@detail@iostreams@boost@@IEAAX_N0@Z, ?stream_end@zlib@iostreams@boost@@3HB, ?xinflate@zlib_base@detail@iostreams@boost@@IEAAHH@Z, ?after@zlib_base@detail@iostreams@boost@@IEAAXAEAPEBDAEAPEAD_N@Z, ?sync_flush@zlib@iostreams@boost@@3HB, ?xdeflate@zlib_base@detail@iostreams@boost@@IEAAHH@Z, ??0gzip_header@detail@iostreams@boost@@QEAA@AEBV0123@@Z, ?best_speed@zlib@iostreams@boost@@3HB, ?check@zlib_error@iostreams@boost@@SAXH@Z, ?before@zlib_base@detail@iostreams@boost@@IEAAXAEAPEBDPEBDAEAPEADPEAD@Z, ??1zlib_base@detail@iostreams@boost@@IEAA@XZ, ??0zlib_base@detail@iostreams@boost@@IEAA@XZ, ?best_compression@zlib@iostreams@boost@@3HB, ?finish@zlib@iostreams@boost@@3HB, ?no_flush@zlib@iostreams@boost@@3HB
libssl-3-x64.dll	SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_set_verify, SSL_CTX_get_verify_callback, SSL_CTX_get_cert_store, SSL_CTX_free, SSL_CTX_new, SSL_CTX_set_options, SSL_get_ex_data_X509_STORE_CTX_idx, SSL_get_shutdown, SSL_CTX_ctrl, TLS_client_method, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data, SSL_set_alpn_protos, SSL_get0_alpn_selected, SSL_free, SSL_shutdown, SSL_set_ex_data, SSL_get_ex_data, SSL_set_bio, SSL_get_verify_mode, SSL_set_verify, SSL_new, SSL_accept, SSL_connect, SSL_read, SSL_write, SSL_ctrl, SSL_CTX_get_default_passwd_cb_userdata, SSL_get_verify_callback, SSL_CTX_set_security_level, SSL_get_error
libcrypto-3-x64.dll	ERR_clear_error, BIO_new_bio_pair, ERR_get_error, BIO_ctrl, BIO_write, BIO_read, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get0_chain, X509_free, BIO_new_mem_buf, X509_STORE_add_cert, OPENSSL_sk_value, X509_STORE_CTX_get_error_depth, OPENSSL_sk_num, X509_STORE_CTX_get_ex_data, PEM_read_bio_X509, BIO_ctrl_pending, BIO_new, BIO_s_mem, ASN1_STRING_length, ASN1_STRING_get0_data, OBJ_obj2txt, EVP_sha1, X509_digest, X509_cmp_current_time, X509_getm_notBefore, X509_getm_notAfter, X509_NAME_entry_count, X509_NAME_get_entry, X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, PEM_write_bio_X509, ERR_error_string, X509_check_host, X509_check_ip_asc, X509_up_ref, X509_get_subject_name, EVP_get_digestbyname, i2d_X509_bio, X509_new, BIO_free, ERR_lib_error_string, ERR_reason_error_string, EVP_MD_CTX_new, EVP_MD_CTX_free, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, d2i_X509
spdlog.dll	?sink_it_@logger@spdlog@@MEAAXAEBUlog_msg@details@2@@Z, ??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z, ?enabled@backtracer@details@spdlog@@QEBA_NXZ, ?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z, ?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z, ?err_handler_@logger@spdlog@@IEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ, ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z, ?from_str@level@spdlog@@YA?AW4level_enum@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ??1periodic_worker@details@spdlog@@QEAA@XZ, ?flush_all@registry@details@spdlog@@QEAAXXZ, ?instance@registry@details@spdlog@@SAAEAV123@XZ, ??0logger@spdlog@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ??1logger@spdlog@@UEAA@XZ, ?sinks@logger@spdlog@@QEAAAEAV?$vector@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@V?$allocator@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@@2@@std@@XZ, ?set_level@spdlog@@YAXW4level_enum@level@1@@Z, ?default_logger@spdlog@@YA?AV?$shared_ptr@Vlogger@spdlog@@@std@@XZ, ?set_default_logger@spdlog@@YAXV?$shared_ptr@Vlogger@spdlog@@@std@@@Z, ?set_level@sink@sinks@spdlog@@QEAAXW4level_enum@level@3@@Z, ??0?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@QEAA@XZ, ??1?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@UEAA@XZ, ??1file_helper@details@spdlog@@QEAA@XZ, ??0?$wincolor_stdout_sink@Uconsole_mutex@details@spdlog@@@sinks@spdlog@@QEAA@W4color_mode@2@@Z, ??0?$stdout_sink@Uconsole_mutex@details@spdlog@@@sinks@spdlog@@QEAA@XZ, ??1?$base_sink@Vmutex@std@@@sinks@spdlog@@UEAA@XZ, ??0?$basic_file_sink@Vmutex@std@@@sinks@spdlog@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NAEBUfile_event_handlers@2@@Z, ?log@?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@UEAAXAEBUlog_msg@details@3@@Z, ?flush@?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@UEAAXXZ, ?set_pattern@?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ?set_formatter@?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@UEAAXV?$unique_ptr@Vformatter@spdlog@@U?$default_delete@Vformatter@spdlog@@@std@@@std@@@Z, ?set_pattern_@?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@MEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ?set_formatter_@?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@MEAAXV?$unique_ptr@Vformatter@spdlog@@U?$default_delete@Vformatter@spdlog@@@std@@@std@@@Z, ?clone@logger@spdlog@@UEAA?AV?$shared_ptr@Vlogger@spdlog@@@std@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z, ?flush_@logger@spdlog@@MEAAXXZ
fmt.dll	?is_printable@detail@v10@fmt@@YA_NI@Z, ?throw_format_error@detail@v10@fmt@@YAXPEBD@Z, ??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z, ?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z, ??$get@Vlocale@std@@@locale_ref@detail@v10@fmt@@QEBA?AVlocale@std@@XZ
brotlienc.dll	BrotliEncoderHasMoreOutput, BrotliEncoderCompressStream, BrotliEncoderDestroyInstance, BrotliEncoderCreateInstance, BrotliEncoderSetParameter
brotlidec.dll	BrotliDecoderDecompressStream, BrotliDecoderDestroyInstance, BrotliDecoderGetErrorCode, BrotliDecoderCreateInstance
sentry.dll	sentry_options_set_handler_path, sentry_options_set_database_path, sentry_options_set_environment, sentry_options_set_release, sentry_options_set_dsn, sentry_options_free, sentry_options_new, sentry_value_new_message_event, sentry_set_tag, sentry_init, sentry_close, sentry_capture_event, sentry_options_add_attachment
KERNEL32.dll	AreFileApisANSI, SetFileInformationByHandle, GetFinalPathNameByHandleW, GetFileAttributesExW, FindNextFileW, FindFirstFileExW, FindFirstFileW, FindClose, CreateFileW, CreateDirectoryW, GetLocaleInfoEx, MoveFileExW, GetFileInformationByHandleEx, ReleaseSRWLockExclusive, ReleaseSRWLockShared, GetDiskFreeSpaceExW, AcquireSRWLockExclusive, GetCurrentThreadId, QueryPerformanceCounter, IsDebuggerPresent, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, SleepConditionVariableSRW, WakeAllConditionVariable, InitOnceComplete, InitOnceBeginInitialize, CreateProcessW, GetSystemTimeAsFileTime, GetConsoleWindow, MultiByteToWideChar, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, GetCurrentProcessId, GetEnvironmentVariableW, GetTempPathW, CreateMutexW, ReleaseMutex, GetCurrentProcess, GetProcessHeap, HeapFree, HeapAlloc, Sleep, CreateEventW, SleepEx, ResetEvent, InitializeCriticalSectionAndSpinCount, GetLastError, WideCharToMultiByte, FormatMessageW, FormatMessageA, LocalFree, TerminateThread, QueueUserAPC, WaitForMultipleObjects, WaitForSingleObject, SetEvent, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, CloseHandle, InitializeSListHead, AcquireSRWLockShared
SHELL32.dll	SHGetKnownFolderPath
ole32.dll	CoInitializeEx, CoInitializeSecurity, CoSetProxyBlanket, CoCreateInstance, CoTaskMemFree, CoUninitialize
OLEAUT32.dll	SysFreeString, VariantInit, VariantClear, SysAllocString, VariantChangeType
ADVAPI32.dll	DuplicateTokenEx, RegGetValueW, RegDeleteKeyValueW, RegSetValueExW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegCreateKeyExW, RegCloseKey, CreateProcessAsUserW, StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerExA, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid, OpenProcessToken
MSVCP140.dll	?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ, ??7ios_base@std@@QEBA_NXZ, ??Bios_base@std@@QEBA_NXZ, ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z, ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z, ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z, ?always_noconv@codecvt_base@std@@QEBA_NXZ, ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z, ?_Random_device@std@@YAIXZ, ?setf@ios_base@std@@QEAAHHH@Z, _Thrd_id, _Thrd_join, ?id@?$collate@D@std@@2V0locale@2@A, ?id@?$ctype@D@std@@2V0locale@2@A, ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ, ?_Incref@facet@locale@std@@UEAAXXZ, ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z, ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z, ?tolower@?$ctype@D@std@@QEBADD@Z, ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z, ??1facet@locale@std@@MEAA@XZ, ??0facet@locale@std@@IEAA@_K@Z, ?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ, ??1_Locinfo@std@@QEAA@XZ, ??0_Locinfo@std@@QEAA@PEBD@Z, _Strxfrm, _Strcoll, _Cnd_do_broadcast_at_thread_exit, _Cnd_timedwait, _Mtx_current_owns, ?_Xinvalid_argument@std@@YAXPEBD@Z, ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ, ?id@?$ctype@_W@std@@2V0locale@2@A, ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ, ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ, ?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ, ?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ, ?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ, ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z, ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z, ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z, ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z, ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?widen@?$ctype@_W@std@@QEBA_WD@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z, ?_Xbad_function_call@std@@YAXXZ, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z, ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ, ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z, ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z, ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z, ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z, ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, _Cnd_unregister_at_thread_exit, _Cnd_register_at_thread_exit, _Cnd_broadcast, _Cnd_wait, _Cnd_destroy_in_situ, _Cnd_init_in_situ, ?__ExceptionPtrToBool@@YA_NPEBX@Z, _Query_perf_frequency, ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A, ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ, ?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z, ?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z, ?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z, ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z, ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z, ??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z, ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z, ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ, ?classic@locale@std@@SAAEBV12@XZ, ??Bid@locale@std@@QEAA_KXZ, ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ, ?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z, ?__ExceptionPtrRethrow@@YAXPEBX@Z, ?__ExceptionPtrCurrentException@@YAXPEAX@Z, ?__ExceptionPtrAssign@@YAXPEAXPEBX@Z, ?__ExceptionPtrCopy@@YAXPEAXPEBX@Z, ?__ExceptionPtrDestroy@@YAXPEAX@Z, ?__ExceptionPtrCreate@@YAXPEAX@Z, ??1_Lockit@std@@QEAA@XZ, ??0_Lockit@std@@QEAA@H@Z, ?_Winerror_map@std@@YAHH@Z, ?_Syserror_map@std@@YAPEBDH@Z, ?_Throw_Cpp_error@std@@YAXH@Z, _Mtx_unlock, _Mtx_lock, ?_Xout_of_range@std@@YAXPEBD@Z, ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ, ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ, ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z, ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z, ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z, ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z, ?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ, ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z, ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A, ?eof@ios_base@std@@QEBA_NXZ, ?exceptions@ios_base@std@@QEBAHXZ, ?exceptions@ios_base@std@@QEAAXH@Z, ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z, ?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ, ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z, ?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ, ?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z, ?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z, ?_ReportUnobservedException@details@Concurrency@@YAXXZ, ?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ, ?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z, ?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ, ?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ, ?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ, ??0task_continuation_context@Concurrency@@AEAA@XZ, ?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z, ?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ, ?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ, ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ, ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ, ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z, ?width@ios_base@std@@QEAA_J_J@Z, _Query_perf_counter, _Xtime_get_ticks, ?_Xlength_error@std@@YAXPEBD@Z, ?_Xbad_alloc@std@@YAXXZ, ?uncaught_exceptions@std@@YAHXZ, ?width@ios_base@std@@QEBA_JXZ, ?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ, ?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ, ?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ, ?pubimbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z, ?pubsync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?sgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEAD_J@Z, ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PEAV32@@Z, ?fail@ios_base@std@@QEBA_NXZ, ?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z, ?swap@?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z, _Thrd_sleep, _Mtx_init_in_situ, _Mtx_destroy_in_situ, ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ, ?good@ios_base@std@@QEBA_NXZ, ?wclog@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A, ?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A, ?flags@ios_base@std@@QEBAHXZ
MSVCP140_ATOMIC_WAIT.dll	__std_atomic_wait_get_remaining_timeout, __std_atomic_wait_get_deadline, __std_atomic_notify_one_direct, __std_atomic_wait_direct
WS2_32.dll	getservbyname, WSACleanup, __WSAFDIsSet, accept, bind, closesocket, connect, ioctlsocket, getsockname, htonl, listen, select, setsockopt, WSAGetLastError, WSARecv, WSASend, WSASocketW, htons, gethostbyname, WSASetLastError, WSAStringToAddressW, getsockopt, getpeername, ntohl, shutdown, WSAAddressToStringW, WSAStartup
WINTRUST.dll	WinVerifyTrust
WTSAPI32.dll	WTSFreeMemory, WTSEnumerateSessionsW, WTSQueryUserToken
POWRPROF.dll	GetPwrCapabilities
VERSION.dll	GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
RstrtMgr.DLL	RmRegisterResources, RmGetList, RmShutdown, RmStartSession, RmEndSession
CRYPT32.dll	CertOpenStore, CertEnumCertificatesInStore, CertFindCertificateInStore, CertFreeCertificateContext, CertAddCertificateContextToStore, CertDeleteCertificateFromStore, CertVerifyRevocation, CryptQueryObject, CertCloseStore
USERENV.dll	CreateEnvironmentBlock, DestroyEnvironmentBlock
VCRUNTIME140.dll	memchr, memset, strchr, memcpy, strstr, __std_type_info_compare, _CxxThrowException, __std_exception_destroy, __std_exception_copy, __std_terminate, _purecall, memcmp, __C_specific_handler_noexcept, __C_specific_handler, __RTDynamicCast, __current_exception, __current_exception_context, memmove
VCRUNTIME140_1.dll	__CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0.dll	_get_initial_narrow_environment, _initterm, _set_app_type, _seh_filter_exe, _initterm_e, terminate, exit, _exit, __p___argc, __p___argv, _c_exit, _beginthreadex, abort, strerror, _errno, signal, _invalid_parameter_noinfo_noreturn, _crt_atexit, _cexit, _initialize_onexit_table, _register_onexit_function, _register_thread_local_exe_atexit_callback, _initialize_narrow_environment, _configure_narrow_argv
api-ms-win-crt-stdio-l1-1-0.dll	fseek, ftell, __stdio_common_vfprintf, _close, _lseek, _read, _setmode, _write, _sopen_dispatch, _fileno, fgets, ferror, __acrt_iob_func, clearerr, fopen, __p__commode, __stdio_common_vsprintf, _get_stream_buffer_pointers, fclose, fflush, fgetc, fgetpos, fputc, fread, fsetpos, _fseeki64, _set_fmode, fwrite, setvbuf, ungetc, feof
api-ms-win-crt-string-l1-1-0.dll	strcpy_s, strncpy, strcmp, isspace, isdigit, tolower, strnlen
api-ms-win-crt-heap-l1-1-0.dll	realloc, free, malloc, _set_new_mode, _callnewh
api-ms-win-crt-convert-l1-1-0.dll	strtol, strtoll, strtod, atoi, strtoull
api-ms-win-crt-math-l1-1-0.dll	ceil, floor, _dclass, _dsign, ceilf, __setusermatherr
api-ms-win-crt-time-l1-1-0.dll	_get_dstbias, _get_timezone, _time64, strftime, _gmtime64, _localtime64_s, _localtime64, asctime, _tzset
api-ms-win-crt-locale-l1-1-0.dll	___lc_codepage_func, _configthreadlocale, localeconv
api-ms-win-crt-filesystem-l1-1-0.dll	_lock_file, _unlock_file

Exports

Name	Ordinal	Address
OPENSSL_Applink	1	0x140147c90

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 27, 2024 19:41:38.767080069 CEST	53	51883	1.1.1.1	192.168.2.5

Target ID:	0
Start time:	13:41:15
Start date:	27/05/2024
Path:	C:\Users\user\Desktop\sj-updater-app.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\sj-updater-app.exe"
Imagebase:	0x7ff63cbe0000
File size:	2'156'920 bytes
MD5 hash:	457DD6E4DC5E7866F2B10B065379F3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	13:41:16
Start date:	27/05/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Function 00007FF63CC3E4A0 Relevance: 56.7, APIs: 30, Strings: 2, Instructions: 682COMMON

Download Yara Rule

APIs

?default_logger@spdlog@@YA?AV?$shared_ptr@Vlogger@spdlog@@@std@@XZ.SPDLOG ref: 00007FF63CC3E4EC

Part of subcall function 00007FF63CBF3F00: memcpy.VCRUNTIME140 ref: 00007FF63CBF4017
Part of subcall function 00007FF63CBF3F00: memcpy.VCRUNTIME140 ref: 00007FF63CBF4026

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

??0logger@spdlog@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.SPDLOG ref: 00007FF63CC3E57D

Part of subcall function 00007FF63CD44DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CD44DF0
Part of subcall function 00007FF63CD44DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CD44DF6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC3E5F3
?sinks@logger@spdlog@@QEAAAEAV?$vector@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@V?$allocator@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@@2@@std@@XZ.SPDLOG ref: 00007FF63CC3E620
??0?$wincolor_stdout_sink@Uconsole_mutex@details@spdlog@@@sinks@spdlog@@QEAA@W4color_mode@2@@Z.SPDLOG ref: 00007FF63CC3E73C
?from_str@level@spdlog@@YA?AW4level_enum@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.SPDLOG ref: 00007FF63CC3E7A8
?set_level@sink@sinks@spdlog@@QEAAXW4level_enum@level@3@@Z.SPDLOG ref: 00007FF63CC3E7B3
?sinks@logger@spdlog@@QEAAAEAV?$vector@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@V?$allocator@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@@2@@std@@XZ.SPDLOG ref: 00007FF63CC3E7CF
__std_fs_code_page.MSVCPRT ref: 00007FF63CC3E8B2
__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CC3E910
__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CC3E961

Part of subcall function 00007FF63CC522A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC52353

??0?$basic_file_sink@Vmutex@std@@@sinks@spdlog@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NAEBUfile_event_handlers@2@@Z.SPDLOG ref: 00007FF63CC3EA30

Part of subcall function 00007FF63CC35E10: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC35FE1
Part of subcall function 00007FF63CC35E10: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC35FE8

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC3EA98
?from_str@level@spdlog@@YA?AW4level_enum@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.SPDLOG ref: 00007FF63CC3EAC1
?set_level@sink@sinks@spdlog@@QEAAXW4level_enum@level@3@@Z.SPDLOG ref: 00007FF63CC3EACC
?sinks@logger@spdlog@@QEAAAEAV?$vector@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@V?$allocator@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@@2@@std@@XZ.SPDLOG ref: 00007FF63CC3EAE8
??0?$base_sink@Unull_mutex@details@spdlog@@@sinks@spdlog@@QEAA@XZ.SPDLOG ref: 00007FF63CC3EBF1
?from_str@level@spdlog@@YA?AW4level_enum@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.SPDLOG ref: 00007FF63CC3EC24
?set_level@sink@sinks@spdlog@@QEAAXW4level_enum@level@3@@Z.SPDLOG ref: 00007FF63CC3EC2F
?sinks@logger@spdlog@@QEAAAEAV?$vector@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@V?$allocator@V?$shared_ptr@Vsink@sinks@spdlog@@@std@@@2@@std@@XZ.SPDLOG ref: 00007FF63CC3EC4E
?set_default_logger@spdlog@@YAXV?$shared_ptr@Vlogger@spdlog@@@std@@@Z.SPDLOG ref: 00007FF63CC3ECFB
?from_str@level@spdlog@@YA?AW4level_enum@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.SPDLOG ref: 00007FF63CC3ED08
?set_level@spdlog@@YAXW4level_enum@level@1@@Z.SPDLOG ref: 00007FF63CC3ED10
?instance@registry@details@spdlog@@SAAEAV123@XZ.SPDLOG(?), ref: 00007FF63CC3ED38
_Mtx_lock.MSVCP140 ref: 00007FF63CC3ED50
??1periodic_worker@details@spdlog@@QEAA@XZ.SPDLOG ref: 00007FF63CC3EE07
_Mtx_unlock.MSVCP140 ref: 00007FF63CC3EE1E

Strings

create_directories, xrefs: 00007FF63CC3EEEA
logger, xrefs: 00007FF63CC3E4FA

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$allocator@V?$shared_ptr@$D@std@@U?$char_traits@V?$basic_string@$D@2@@std@@@$?from_str@level@spdlog@@?sinks@logger@spdlog@@V?$vector@Vsink@sinks@spdlog@@@std@@Vsink@sinks@spdlog@@@std@@@2@@std@@W4level_enum@12@_invalid_parameter_noinfo_noreturn$?set_level@sink@sinks@spdlog@@Concurrency::cancel_current_taskW4level_enum@level@3@@$__std_fs_convert_narrow_to_widememcpy$??0?$base_sink@??0?$basic_file_sink@??0?$wincolor_stdout_sink@??0logger@spdlog@@??1periodic_worker@details@spdlog@@?default_logger@spdlog@@?instance@registry@details@spdlog@@?set_default_logger@spdlog@@?set_level@spdlog@@D@2@@std@@_Mtx_lockMtx_unlockUconsole_mutex@details@spdlog@@@sinks@spdlog@@Ufile_event_handlers@2@@Unull_mutex@details@spdlog@@@sinks@spdlog@@V123@Vlogger@spdlog@@@std@@Vlogger@spdlog@@@std@@@Vmutex@std@@@sinks@spdlog@@W4color_mode@2@@W4level_enum@level@1@@__std_fs_code_pagemalloc
String ID: logger$create_directories
API String ID: 386665090-4086821617
Opcode ID: e917cc88ac570ef852a5bfe3ebbc6ef86452fa1d3c63330e9527c3a353911a30
Instruction ID: 1ee8065710467ab4a1e553d2a34bb6d74e539fea04fcf2b3584d042f1f77a387
Opcode Fuzzy Hash: e917cc88ac570ef852a5bfe3ebbc6ef86452fa1d3c63330e9527c3a353911a30
Instruction Fuzzy Hash: CC627F32A08B8582EB65DF25E8542AD73E0FB89B94F548235FA4D83795DF3CE484D740

Function 00007FF63CBF0080 Relevance: 56.7, APIs: 15, Strings: 17, Instructions: 664COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF38EE
Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF398B

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF0251
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF02D1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF0351
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF03D1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF0451
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF05A3
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF0683
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF075D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF0837
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF08BA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF093D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF09C9

Strings

/feature-flags-update-post-delay-ms, xrefs: 00007FF63CBF08DD
type must be boolean, but is , xrefs: 00007FF63CBF0B64
', xrefs: 00007FF63CBF0AA0
/hosting-url, xrefs: 00007FF63CBF019B
/error-expiration-period-ms, xrefs: 00007FF63CBF03F4
/maximum-install-time-ms, xrefs: 00007FF63CBF0374
/feature-flags-config-dir, xrefs: 00007FF63CBF085A
/maximum-retry-attempts, xrefs: 00007FF63CBF0474
/feature-flags-file-url, xrefs: 00007FF63CBF0780
/observability, xrefs: 00007FF63CBF0970
/version-info-file-url, xrefs: 00007FF63CBF06A6
/version-check-interval-ms, xrefs: 00007FF63CBF02F4
/initial-check-delay-ms, xrefs: 00007FF63CBF0274
Rounding detected for '{}'. {} become {}, xrefs: 00007FF63CBF0AF1
/verify-signature, xrefs: 00007FF63CBF05C6
Number expected for '{}', but {} given., xrefs: 00007FF63CBF0A94
(, xrefs: 00007FF63CBF0AFD

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memchr$memcpy
String ID: '$($/error-expiration-period-ms$/feature-flags-config-dir$/feature-flags-file-url$/feature-flags-update-post-delay-ms$/hosting-url$/initial-check-delay-ms$/maximum-install-time-ms$/maximum-retry-attempts$/observability$/verify-signature$/version-check-interval-ms$/version-info-file-url$Number expected for '{}', but {} given.$Rounding detected for '{}'. {} become {}$type must be boolean, but is
API String ID: 3418510692-2346887175
Opcode ID: 6820cd627a912c0f4b4324c1be625413acb68b2f7023fd6cc121dd9339dd454c
Instruction ID: bf4cc86d66c3172f747626a74caf9c1d79ac35b7978c42937d451f301f7119ff
Opcode Fuzzy Hash: 6820cd627a912c0f4b4324c1be625413acb68b2f7023fd6cc121dd9339dd454c
Instruction Fuzzy Hash: C2529762A28BC691DA10DB34E4403FA63A1FFD6750F506332F69D82B99EF6CE584D701

Function 00007FF63CC4E340 Relevance: 54.6, APIs: 24, Strings: 7, Instructions: 308COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000010,00000000,00000000,?,?,00007FF63CC4E80E,?,?,?,?,?,?,?,?,00000000,00007FF63CC3FF87), ref: 00007FF63CC4E390
??7ios_base@std@@QEBA_NXZ.MSVCP140(00000010,00000000), ref: 00007FF63CC4E3F4
EVP_get_digestbyname.LIBCRYPTO-3-X64 ref: 00007FF63CC4E40F
EVP_MD_CTX_new.LIBCRYPTO-3-X64 ref: 00007FF63CC4E420
EVP_DigestInit_ex.LIBCRYPTO-3-X64 ref: 00007FF63CC4E441
memset.VCRUNTIME140 ref: 00007FF63CC4E45D
??Bios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CC4E496
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z.MSVCP140 ref: 00007FF63CC4E4B1
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CC4E4BB
EVP_DigestUpdate.LIBCRYPTO-3-X64 ref: 00007FF63CC4E4CE
??Bios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CC4E4EA
EVP_DigestFinal_ex.LIBCRYPTO-3-X64 ref: 00007FF63CC4E505
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CC4E536
memset.VCRUNTIME140 ref: 00007FF63CC4E54B
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z.MSVCP140 ref: 00007FF63CC4E570
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z.MSVCP140 ref: 00007FF63CC4E582
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140 ref: 00007FF63CC4E59B
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z.MSVCP140 ref: 00007FF63CC4E5CE
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC4E633
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC4E640
EVP_MD_CTX_free.LIBCRYPTO-3-X64 ref: 00007FF63CC4E64A
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC4E67E
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC4E688
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FF63CC3FF87), ref: 00007FF63CC4E843

Strings

sha256, xrefs: 00007FF63CC4E7EC
EVP_DigestFinal_ex failed, xrefs: 00007FF63CC4E792
EVP_DigestUpdate failed, xrefs: 00007FF63CC4E6B7
Failed to allocate digest context, xrefs: 00007FF63CC4E74A
Cannot open the file: , xrefs: 00007FF63CC4E6EC
EVP_DigestInit_ex failed, xrefs: 00007FF63CC4E76E
Failed to initialize MD5 digest, xrefs: 00007FF63CC4E722

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$Digestmemset$??1?$basic_ios@??6?$basic_ostream@Bios_base@std@@V01@$??1?$basic_istream@??1?$basic_ostream@??7ios_base@std@@?fill@?$basic_ios@?gcount@?$basic_istream@?read@?$basic_istream@?setstate@?$basic_ios@?setw@std@@Final_exInit_exJ@1@_P_get_digestbynameSmanip@_U?$_UpdateV12@V21@@Vios_base@1@X_freeX_new_invalid_parameter_noinfo_noreturn
String ID: Cannot open the file: $EVP_DigestFinal_ex failed$EVP_DigestInit_ex failed$EVP_DigestUpdate failed$Failed to allocate digest context$Failed to initialize MD5 digest$sha256
API String ID: 3811384351-1692599866
Opcode ID: 935a979109f4ea9513896037920eecc856efadb7ee3d22066bda23c620032e19
Instruction ID: 0bd472c5a6a7feb57a3e8ab4a7e1cf5fff2d88cfa0fa193c5af88f29d1c940c7
Opcode Fuzzy Hash: 935a979109f4ea9513896037920eecc856efadb7ee3d22066bda23c620032e19
Instruction Fuzzy Hash: 5FE18F32B18A8685EB11DF25D8902F973B1FF94788F418235FA4D97B65EF28D285D700

Function 00007FF63CC27100 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 265memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF63CC2712D
HeapAlloc.KERNEL32 ref: 00007FF63CC2713C
GetCurrentProcess.KERNEL32 ref: 00007FF63CC27154
OpenProcessToken.ADVAPI32 ref: 00007FF63CC27165
GetTokenInformation.ADVAPI32 ref: 00007FF63CC2718A
GetLastError.KERNEL32 ref: 00007FF63CC27198
CloseHandle.KERNEL32 ref: 00007FF63CC271AB
GetProcessHeap.KERNEL32 ref: 00007FF63CC271C7
HeapAlloc.KERNEL32 ref: 00007FF63CC271D5
CloseHandle.KERNEL32 ref: 00007FF63CC271F7
GetTokenInformation.ADVAPI32 ref: 00007FF63CC2721C
CloseHandle.KERNEL32 ref: 00007FF63CC2722E
AllocateAndInitializeSid.ADVAPI32 ref: 00007FF63CC27289
CloseHandle.KERNEL32 ref: 00007FF63CC2729B
AllocateAndInitializeSid.ADVAPI32 ref: 00007FF63CC272F9
FreeSid.ADVAPI32 ref: 00007FF63CC2730B
EqualSid.ADVAPI32 ref: 00007FF63CC2738A
EqualSid.ADVAPI32 ref: 00007FF63CC2739E
FreeSid.ADVAPI32 ref: 00007FF63CC273CC
FreeSid.ADVAPI32 ref: 00007FF63CC27407
CloseHandle.KERNEL32 ref: 00007FF63CC27442
FreeSid.ADVAPI32 ref: 00007FF63CC2749F
FreeSid.ADVAPI32 ref: 00007FF63CC274DA
CloseHandle.KERNEL32 ref: 00007FF63CC27515

Strings

FreeSid failed, xrefs: 00007FF63CC27333, 00007FF63CC273D7, 00007FF63CC27412, 00007FF63CC274AA, 00007FF63CC274E5
void __cdecl sj::SidDeleter::operator ()(void *) const, xrefs: 00007FF63CC27328, 00007FF63CC273B6, 00007FF63CC27490
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\SessionInfo.cpp, xrefs: 00007FF63CC2731A, 00007FF63CC273BD, 00007FF63CC27489

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CloseHandle$Free$HeapProcess$Token$AllocAllocateEqualInformationInitialize$CurrentErrorLastOpen
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\SessionInfo.cpp$FreeSid failed$void __cdecl sj::SidDeleter::operator ()(void *) const
API String ID: 277782348-2249881049
Opcode ID: ef0d97455b29247521b1218e0787ee629f4323d1eeac17034a09a5f1f32c91fc
Instruction ID: 2e1c00611734ca3973efb18dd3bb6045bdc8e4a51d05db43983363baf029d729
Opcode Fuzzy Hash: ef0d97455b29247521b1218e0787ee629f4323d1eeac17034a09a5f1f32c91fc
Instruction Fuzzy Hash: 7CC16A72B08A428AEB149F21E8502AA73F5FB45B88F445935FE0D87B58DF3CE519E740

Function 00007FF63CC0A0C0 Relevance: 35.6, APIs: 5, Strings: 15, Instructions: 616COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBFC300: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBFC3AC

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC0A1CA

Part of subcall function 00007FF63CBF6A70: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBF6AB8

Part of subcall function 00007FF63CC05350: _Xtime_get_ticks.MSVCP140 ref: 00007FF63CC053E6
Part of subcall function 00007FF63CC05350: _localtime64_s.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF63CC0542F
Part of subcall function 00007FF63CC05350: ?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CC0549F

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC0A7E5

Part of subcall function 00007FF63CC53A90: _Xtime_get_ticks.MSVCP140(?,?,?,?,00007FF63CC2EF58), ref: 00007FF63CC53A94

Part of subcall function 00007FF63CBF69C0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBF6A08

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC0AAE5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC0AB77
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC0ACB3

Strings

The latest available version for '{}' is installed., xrefs: 00007FF63CC0A47D
#, xrefs: 00007FF63CC0A874
Published version for '{}' is '{}'., xrefs: 00007FF63CC0A57F
installTimeExpired, xrefs: 00007FF63CC0A781
updateComponent, xrefs: 00007FF63CC0A15A
Installation time expired for '{}'., xrefs: 00007FF63CC0A868
No information is available for '{}' in the manifest file., xrefs: 00007FF63CC0A25E
<-- , xrefs: 00007FF63CC0A102, 00007FF63CC0A72F
bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const, xrefs: 00007FF63CC0A24F, 00007FF63CC0A2D2, 00007FF63CC0ABFB
Installation failed for '{}'., xrefs: 00007FF63CC0AC0A
Error: maximum installation attempts exceeded for '{}'., xrefs: 00007FF63CC0A644
--> , xrefs: 00007FF63CC0A126, 00007FF63CC0A753
Checking '{}' for updates., xrefs: 00007FF63CC0A2E1
=, xrefs: 00007FF63CC0A661
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF63CC0A240, 00007FF63CC0A2C3, 00007FF63CC0ABEC

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@Vlogger@1@$Xtime_get_ticks$?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@_localtime64_smemcpy
String ID: #$--> $<-- $=$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$Checking '{}' for updates.$Error: maximum installation attempts exceeded for '{}'.$Installation failed for '{}'.$Installation time expired for '{}'.$No information is available for '{}' in the manifest file.$Published version for '{}' is '{}'.$The latest available version for '{}' is installed.$bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const$installTimeExpired$updateComponent
API String ID: 3855784272-224350887
Opcode ID: 6463b1eee45a25dbe6c122f93290858f34a1d614983af4426b5503125291657b
Instruction ID: 9f76edb99a965a7148ea7ee75eb005bec83a2e3da9763c01c073fa470b27e78b
Opcode Fuzzy Hash: 6463b1eee45a25dbe6c122f93290858f34a1d614983af4426b5503125291657b
Instruction Fuzzy Hash: 40627172A18BC681EA21DB25E4413EAB3A1FB85790F405235FA9D87B9ADF3CD185D700

Function 00007FF63CC25A20 Relevance: 33.8, APIs: 16, Strings: 3, Instructions: 500COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC42AA0: memset.VCRUNTIME140 ref: 00007FF63CC42AD6
Part of subcall function 00007FF63CC42AA0: GetModuleFileNameW.KERNEL32 ref: 00007FF63CC42AE8

Part of subcall function 00007FF63CC478F0: ?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CC4797F

?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CC25B3F
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CC25BA1
memmove.VCRUNTIME140 ref: 00007FF63CC25C9A
memcpy.VCRUNTIME140 ref: 00007FF63CC25CA8
memcpy.VCRUNTIME140 ref: 00007FF63CC25CBE
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC25DE0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC25E31
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CC25EC9

Strings

> {} STARTED (v{}) <, xrefs: 00007FF63CC25B1C
{:-^, xrefs: 00007FF63CC25C45
> {} ENDED <, xrefs: 00007FF63CC25B7F

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@$_invalid_parameter_noinfo_noreturnmemcpy$FileModuleNamememmovememset
String ID: > {} ENDED <$> {} STARTED (v{}) <${:-^
API String ID: 4252923549-1588015413
Opcode ID: da270ef3e38c0c8fc719f25bd376e2b606aa4cb0d47c977aa19750f2d9e8bfff
Instruction ID: 72c2559493f9cf56317f07bf8109ddc8061fd831ca3dca543df538b82e62e318
Opcode Fuzzy Hash: da270ef3e38c0c8fc719f25bd376e2b606aa4cb0d47c977aa19750f2d9e8bfff
Instruction Fuzzy Hash: 03328F72A08BC586EB10CB68E8403AD73B1FB85798F505222FB9D47B99EF78D584D340

Function 00007FF63CD446DC Relevance: 33.1, APIs: 22, Instructions: 147COMMON

Download Yara Rule

APIs

GetDiskFreeSpaceExW.KERNEL32 ref: 00007FF63CD446FC
GetLastError.KERNEL32 ref: 00007FF63CD4470F
__std_fs_open_handle.LIBCPMT ref: 00007FF63CD44743
CloseHandle.KERNEL32 ref: 00007FF63CD44758
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF63CD44768

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CloseDiskErrorFreeHandleLastSpace__std_fs_open_handlefree
String ID:
API String ID: 3330332384-0
Opcode ID: 1351f16ad2fcb65f07fbf25a2095af7a4269cf0fae8388c714365c8e8cb82b61
Instruction ID: f738fbf5c4279e4d7f7c72848cf31bb4eacc93bf560a4940c40dbeef0cc88814
Opcode Fuzzy Hash: 1351f16ad2fcb65f07fbf25a2095af7a4269cf0fae8388c714365c8e8cb82b61
Instruction Fuzzy Hash: 4A510821F08A4282F7149F65A84453972E4FF89BA4F454335FA2AD67D0EF3CE48AE740

Function 00007FF63CC01370 Relevance: 32.0, APIs: 1, Strings: 17, Instructions: 514COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE7240: __std_fs_code_page.MSVCPRT ref: 00007FF63CBE7263
Part of subcall function 00007FF63CBE7240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CBE72B1
Part of subcall function 00007FF63CBE7240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CBE72E9

Part of subcall function 00007FF63CBF69C0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBF6A08

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC01B14

Part of subcall function 00007FF63CBF6B30: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBF6B78

Strings

create_directories, xrefs: 00007FF63CC01A05
exists, xrefs: 00007FF63CC01A1B
Failed to move file to '{}', xrefs: 00007FF63CC0180D
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils/ScopedGuard.h, xrefs: 00007FF63CC01963
applyFeatures, xrefs: 00007FF63CC01AB0
Failed to restart component '{}', executable '{}'., xrefs: 00007FF63CC01903
void __cdecl sj::Updater::Impl::applyFeature(const class sj::FeatureFlags &,const class sj::Component &) const, xrefs: 00007FF63CC01674, 00007FF63CC01782, 00007FF63CC01802, 00007FF63CC01878
Restarting component '{}'., xrefs: 00007FF63CC01883
2, xrefs: 00007FF63CC0190F
_tmp, xrefs: 00007FF63CC0143F
Feature flags is up to date for '{}'., xrefs: 00007FF63CC0178D
Failed to generate configuration file for '{}'., xrefs: 00007FF63CC01643
__cdecl sj::ScopeGuard<class `private: void __cdecl sj::Updater::Impl::applyFeature(class sj::FeatureFlags const &,class sj::Component const &)const '::`2'::<lambda_1> >::~ScopeGuard(void), xrefs: 00007FF63CC0196E
<-- , xrefs: 00007FF63CC01A61
--> , xrefs: 00007FF63CC01A82
E, xrefs: 00007FF63CC01660
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF63CC01668, 00007FF63CC01777, 00007FF63CC017F7, 00007FF63CC0186D

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@Vlogger@1@__std_fs_convert_narrow_to_wide$__std_fs_code_page_invalid_parameter_noinfo_noreturn
String ID: --> $2$<-- $C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils/ScopedGuard.h$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$E$Failed to generate configuration file for '{}'.$Failed to move file to '{}'$Failed to restart component '{}', executable '{}'.$Feature flags is up to date for '{}'.$Restarting component '{}'.$__cdecl sj::ScopeGuard<class `private: void __cdecl sj::Updater::Impl::applyFeature(class sj::FeatureFlags const &,class sj::Component const &)const '::`2'::<lambda_1> >::~ScopeGuard(void)$_tmp$applyFeatures$create_directories$exists$void __cdecl sj::Updater::Impl::applyFeature(const class sj::FeatureFlags &,const class sj::Component &) const
API String ID: 900940935-173281539
Opcode ID: bcb441c4e4db83e60f66189e161383ad9d9e6068439df0ad4fed038f577aaf52
Instruction ID: 3a2177e966d20a20ca04ec98c0ff411fdfa7c2a72650d3dfd74bb0588b1e661e
Opcode Fuzzy Hash: bcb441c4e4db83e60f66189e161383ad9d9e6068439df0ad4fed038f577aaf52
Instruction Fuzzy Hash: 2332AB72A08B9286EB109F64E8402E9B3F0FB85788F405232FA8D97B99DF7DD545D740

Function 00007FF63CC52440 Relevance: 28.7, APIs: 19, Instructions: 171COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00000000,?,000001E4,000001A4,00000000,00007FF63CC5639D), ref: 00007FF63CC52484
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,00000000,?,000001E4,000001A4,00000000,00007FF63CC5639D), ref: 00007FF63CC5249D
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF63CC524BC
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CC524F0
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF63CC52517
?exceptions@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF63CC5254D
?exceptions@ios_base@std@@QEAAXH@Z.MSVCP140 ref: 00007FF63CC52569
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CC525B9
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CC525C9
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z.MSVCP140 ref: 00007FF63CC525DB
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ.MSVCP140 ref: 00007FF63CC525EB
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC52646
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ.MSVCP140 ref: 00007FF63CC5265B
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z.MSVCP140 ref: 00007FF63CC5267D
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z.MSVCP140 ref: 00007FF63CC5269C
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ.MSVCP140 ref: 00007FF63CC526AF
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC526F5
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC52703
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC52722

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$?tellg@?$basic_istream@Mbstatet@@@2@V?$fpos@$??1?$basic_ios@??1?$basic_istream@?exceptions@ios_base@std@@?seekg@?$basic_istream@V12@_$??0?$basic_ios@??0?$basic_istream@??0?$basic_streambuf@?clear@?$basic_ios@?read@?$basic_istream@?setstate@?$basic_ios@D@std@@@1@_Init@?$basic_streambuf@V12@V?$basic_streambuf@memset
String ID:
API String ID: 3836666189-0
Opcode ID: c74664e8d3b1e4113f156a780fcf3a98b546a8f8052d727979b332d191d17de1
Instruction ID: eea8c6894291143d89bd9b5f178457be94ae28f67446b97f0270bfbc45b99a2e
Opcode Fuzzy Hash: c74664e8d3b1e4113f156a780fcf3a98b546a8f8052d727979b332d191d17de1
Instruction Fuzzy Hash: 57813032718A8686DB10DF15E4902AAB7B0FBD8B55F448532EA4D83B68DF7CD549DB00

Function 00007FF63CC2DB10 Relevance: 28.5, APIs: 9, Strings: 7, Instructions: 452COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC40AD0: memset.VCRUNTIME140 ref: 00007FF63CC40B1F
Part of subcall function 00007FF63CC40AD0: GetTempPathW.KERNEL32 ref: 00007FF63CC40B2D
Part of subcall function 00007FF63CC40AD0: __std_fs_code_page.MSVCPRT ref: 00007FF63CC40B40
Part of subcall function 00007FF63CC40AD0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CC40B80
Part of subcall function 00007FF63CC40AD0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CC40BC6

Part of subcall function 00007FF63CBF12D0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FF63CC458A3), ref: 00007FF63CBF13EC

Part of subcall function 00007FF63CBE5C70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE5CCB

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CC522A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC52353

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE3769

Part of subcall function 00007FF63CBE3690: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE373D
Part of subcall function 00007FF63CBE3690: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBE3787

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

Part of subcall function 00007FF63CC2A6B0: ceilf.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?), ref: 00007FF63CC2A820

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2E005
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2E076
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2E0C7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2E118
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2E167
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2E1B6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2E1FB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2E24C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2E2CC

Strings

$(system.tempDir), xrefs: 00007FF63CC2DDCA
$(system.dataDir), xrefs: 00007FF63CC2DE43
$(app.name), xrefs: 00007FF63CC2DD76
$(system.platformName), xrefs: 00007FF63CC2DF20
$(system.configDir), xrefs: 00007FF63CC2DEBB
$(app.dir), xrefs: 00007FF63CC2DD20
$(app.path), xrefs: 00007FF63CC2DCBD

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_convert_narrow_to_widememcpy$Concurrency::cancel_current_taskPathTemp__std_fs_code_pageceilfmallocmemset
String ID: $(app.dir)$$(app.name)$$(app.path)$$(system.configDir)$$(system.dataDir)$$(system.platformName)$$(system.tempDir)
API String ID: 1213556465-1740758285
Opcode ID: 6a65d3c7b0d526d5031848e96b4f3583fa6ac6c97e5ec632205e7e49bbbde904
Instruction ID: d88e65006d1b976a3a2314e884b52f889f13b4c03a640033856bc887f4f69b89
Opcode Fuzzy Hash: 6a65d3c7b0d526d5031848e96b4f3583fa6ac6c97e5ec632205e7e49bbbde904
Instruction Fuzzy Hash: CF32C732E14BC684EB21DF34D8513FD23A0FB99798F105335FA5D56A9AEF68A284D340

Function 00007FF63CC29A90 Relevance: 28.4, APIs: 9, Strings: 7, Instructions: 385COMMON

Download Yara Rule

APIs

__std_fs_code_page.MSVCPRT ref: 00007FF63CC29B46
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CC29B93
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CC29BD5
__std_fs_code_page.MSVCPRT ref: 00007FF63CC29BFB
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CC29C45

Strings

exists, xrefs: 00007FF63CC2A06A
sj-pulse-proxy-server-app.exe, xrefs: 00007FF63CC29D6C
updater, xrefs: 00007FF63CC29EAE
sj-updater, xrefs: 00007FF63CC29F46
!, xrefs: 00007FF63CC29B69
SJPulse, xrefs: 00007FF63CC29AD6
app, xrefs: 00007FF63CC29E4A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
String ID: !$SJPulse$app$exists$sj-pulse-proxy-server-app.exe$sj-updater$updater
API String ID: 3645842244-938894102
Opcode ID: d30fe2736adb684b7cd5f87d9b70b41eafde6e57e5beff790af43676be416d3c
Instruction ID: e76cee7cd60c8b68a53519bed2205df59f000ede54204275a31abbbb3ea04548
Opcode Fuzzy Hash: d30fe2736adb684b7cd5f87d9b70b41eafde6e57e5beff790af43676be416d3c
Instruction Fuzzy Hash: C9F1B132B18B6696EB10DB74E4502ED63B1FB85744F402132FA4E97B99DF38E944E740

Function 00007FF63CBFCF60 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 307COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

Part of subcall function 00007FF63CBFC930: #115.WS2_32 ref: 00007FF63CBFC971

Part of subcall function 00007FF63CD44DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CD44DF0
Part of subcall function 00007FF63CD44DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CD44DF6

memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF63CBFD1D5

Part of subcall function 00007FF63CBFE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE79F
Part of subcall function 00007FF63CBFE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE7CC
Part of subcall function 00007FF63CBFE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE851
Part of subcall function 00007FF63CBFE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE860
Part of subcall function 00007FF63CBFE760: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE86B

std::bad_exception::bad_exception.LIBCMT ref: 00007FF63CBFD3FC
_CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF63CBFD40D
std::bad_exception::bad_exception.LIBCMT ref: 00007FF63CBFD41F
_CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF63CBFD430
std::bad_exception::bad_exception.LIBCMT ref: 00007FF63CBFD442
_CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF63CBFD453
std::bad_exception::bad_exception.LIBCMT ref: 00007FF63CBFD465
_CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF63CBFD476
std::bad_exception::bad_exception.LIBCMT ref: 00007FF63CBFD488
_CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF63CBFD499

Strings

Process starter is not set., xrefs: 00007FF63CBFD436
App restarter is not set., xrefs: 00007FF63CBFD3F0
Version reader is not set., xrefs: 00007FF63CBFD47C
Downloader is not set., xrefs: 00007FF63CBFD459
Storage is not set., xrefs: 00007FF63CBFD413

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrowstd::bad_exception::bad_exception$Concurrency::cancel_current_taskCreateErrorEventLast$#115CloseHandlemallocmemset
String ID: App restarter is not set.$Downloader is not set.$Process starter is not set.$Storage is not set.$Version reader is not set.
API String ID: 3529670067-3964332209
Opcode ID: b6ff032e85055d60310e3702f7e0f22366511f8a38a8f91330ff231d1637b617
Instruction ID: 92f69935d635d303483d56e549bf19e65dbf40c3abdda04d7bdbe8d34b684b72
Opcode Fuzzy Hash: b6ff032e85055d60310e3702f7e0f22366511f8a38a8f91330ff231d1637b617
Instruction Fuzzy Hash: BEF13732A09F8586E714CF64E8403AA73A4FB59744F549239EB9E83751EF38E1A4D301

Function 00007FF63CC3F760 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 279COMMON

Download Yara Rule

APIs

__std_fs_code_page.MSVCPRT ref: 00007FF63CC3F82F
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CC3F889
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CC3F8D6
memcmp.VCRUNTIME140 ref: 00007FF63CC3F933

Part of subcall function 00007FF63CBEF340: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBEF383
Part of subcall function 00007FF63CBEF340: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF63CBEF3D4

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\LogUtils.cpp, xrefs: 00007FF63CC3F7C3
Provided empty logs directory for wiping, xrefs: 00007FF63CC3F7DB
pulse_, xrefs: 00007FF63CC3F955
[0-9]{8}_[0-9]{6}, xrefs: 00007FF63CC3F7F5
void __cdecl sj::LogUtils::wipeObsoleteLogFiles(const class std::filesystem::path &,unsigned __int64,unsigned __int64) noexcept, xrefs: 00007FF63CC3F7CF
.log, xrefs: 00007FF63CC3F940, 00007FF63CC3F9D7
s, xrefs: 00007FF63CC3F7B3
app, xrefs: 00007FF63CC3F92C

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_wide_to_narrow$?default_logger_raw@spdlog@@?log@logger@spdlog@@D@v10@fmt@@@Usource_loc@2@V?$basic_string_view@Vlogger@1@W4level_enum@level@2@__std_fs_code_pagememcmp
String ID: .log$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\LogUtils.cpp$Provided empty logs directory for wiping$[0-9]{8}_[0-9]{6}$app$pulse_$s$void __cdecl sj::LogUtils::wipeObsoleteLogFiles(const class std::filesystem::path &,unsigned __int64,unsigned __int64) noexcept
API String ID: 3581062000-3610563262
Opcode ID: 18f63fbd2f534cd803a3108546189656a8c8e363e6bd757daf669c6161d4db81
Instruction ID: ac372d463edccf39cc522076ca713d9cfedb07e84eb4436f9be21e881f8f5f28
Opcode Fuzzy Hash: 18f63fbd2f534cd803a3108546189656a8c8e363e6bd757daf669c6161d4db81
Instruction Fuzzy Hash: A0C19172A18BC581EA60DB14F8403AAA3E1FB85794F505636FADD83B99DF7CD085D700

Function 00007FF63CC557E0 Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 466COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF63CC55837
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC5596B
__std_exception_destroy.VCRUNTIME140 ref: 00007FF63CC55999
__std_exception_destroy.VCRUNTIME140 ref: 00007FF63CC559A6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC559DE
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC55A2F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC55BE5
__std_exception_destroy.VCRUNTIME140 ref: 00007FF63CC55C11
__std_exception_destroy.VCRUNTIME140 ref: 00007FF63CC55C1E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC55C57
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC55CAA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC55D86
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC55DA4
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC55DC1

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CC157F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF63CC53FA9), ref: 00007FF63CC158F7
Part of subcall function 00007FF63CC157F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF63CC53FA9), ref: 00007FF63CC15948

Part of subcall function 00007FF63CC1F730: memmove.VCRUNTIME140 ref: 00007FF63CC1F81F

Strings

value, xrefs: 00007FF63CC558B6, 00007FF63CC55B37

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$ExceptionThrow$memcpymemmovememset
String ID: value
API String ID: 646253820-494360628
Opcode ID: 82d69c2aad8b3a43ab13cb70aa37ec00e887db45c7d8c478709070b2cde54e0e
Instruction ID: 21dd3b4aca5166be7a51b2b369a3e31fa2ca55539472608fa029f8b0b47a0787
Opcode Fuzzy Hash: 82d69c2aad8b3a43ab13cb70aa37ec00e887db45c7d8c478709070b2cde54e0e
Instruction Fuzzy Hash: B612A072B18B8585EB10DB79D4403AD27B1EB867A4F505232FA9D93B9ADF3CE485D300

Function 00007FF63CBEA060 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 252COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC42AA0: memset.VCRUNTIME140 ref: 00007FF63CC42AD6
Part of subcall function 00007FF63CC42AA0: GetModuleFileNameW.KERNEL32 ref: 00007FF63CC42AE8

Part of subcall function 00007FF63CC3FCD0: _Xtime_get_ticks.MSVCP140(?,?,?,?,?,?,?,?,?,?,00000010,?,000000A8,00000000,?,00007FF63CBEA0B7), ref: 00007FF63CC3FDD3
Part of subcall function 00007FF63CC3FCD0: _Xtime_get_ticks.MSVCP140(?,?,?,?,?,?,?,?,?,?,00000010,?,000000A8,00000000,?,00007FF63CBEA0B7), ref: 00007FF63CC3FDDB

Part of subcall function 00007FF63CBE7780: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBE77C8

Part of subcall function 00007FF63CBE7900: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBE7948

Part of subcall function 00007FF63CBE79C0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBE7A08

Part of subcall function 00007FF63CBE7840: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBE7888

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEA47C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEA4E9

Strings

maxRetryAttempts, xrefs: 00007FF63CBEA360
environment, xrefs: 00007FF63CBEA42D
[, xrefs: 00007FF63CBEA3E5
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater-app\src\UpdaterApp.cpp, xrefs: 00007FF63CBEA0E2
{:<27}: {}, xrefs: 00007FF63CBEA0F8
system.configDir, xrefs: 00007FF63CBEA184
initialCheckDelay, xrefs: 00007FF63CBEA1E8
versionInfoFileUrl, xrefs: 00007FF63CBEA2A8
featureFlagsFileUrl, xrefs: 00007FF63CBEA304
system.tempDir, xrefs: 00007FF63CBEA12B
checkInterval, xrefs: 00007FF63CBEA24C
void __cdecl sj::logConfiguration(const class sj::UpdaterConfig &), xrefs: 00007FF63CBEA0ED
hostingUrl, xrefs: 00007FF63CBEA3B8

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@Vlogger@1@$Xtime_get_ticks_invalid_parameter_noinfo_noreturn$FileModuleNamememset
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater-app\src\UpdaterApp.cpp$[$checkInterval$environment$featureFlagsFileUrl$hostingUrl$initialCheckDelay$maxRetryAttempts$system.configDir$system.tempDir$versionInfoFileUrl$void __cdecl sj::logConfiguration(const class sj::UpdaterConfig &)${:<27}: {}
API String ID: 1551170109-4073846125
Opcode ID: 542aff67e605f0000a65b46275d481e610215c92e7210e07a4641db7a812d987
Instruction ID: f37bf5db8c08b22ac7ec435c7b7b7201c7c195687a5109916b5b2465093ae120
Opcode Fuzzy Hash: 542aff67e605f0000a65b46275d481e610215c92e7210e07a4641db7a812d987
Instruction Fuzzy Hash: 2CE16932A18B9586E711CF78E8453DE77B4FB85348F401226FA8D5AAA8DF3CD149DB40

Function 00007FF63CBE12B0 Relevance: 25.2, Strings: 20, Instructions: 180COMMON

Download Yara Rule

Strings

sj-pulse-watchdog.json, xrefs: 00007FF63CBE1535
sj-pulse-proxy-server-app.json, xrefs: 00007FF63CBE12C2
SJ Pulse Installer, xrefs: 00007FF63CBE1615
sj-updater-app.exe, xrefs: 00007FF63CBE1473
sj-updater-app.json, xrefs: 00007FF63CBE1460
SJ Pulse Proxy Server, xrefs: 00007FF63CBE12E8
SJ Pulse Updater, xrefs: 00007FF63CBE1486
sj-updater, xrefs: 00007FF63CBE14F4
sj-pulse-ui.exe, xrefs: 00007FF63CBE13A8
SJ Pulse UI, xrefs: 00007FF63CBE13BB
watchdog, xrefs: 00007FF63CBE156E
SJ Pulse Watchdog, xrefs: 00007FF63CBE155B
sj-pulse-proxy-server-app.exe, xrefs: 00007FF63CBE12D5
sj-app, xrefs: 00007FF63CBE134D
installer, xrefs: 00007FF63CBE1628
sj-pulse-watchdog.exe, xrefs: 00007FF63CBE1548
updater, xrefs: 00007FF63CBE1499
sj-pulse-ui.json, xrefs: 00007FF63CBE138E
sj-watchdog, xrefs: 00007FF63CBE15C6
app, xrefs: 00007FF63CBE12FB

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: SJ Pulse Installer$SJ Pulse Proxy Server$SJ Pulse UI$SJ Pulse Updater$SJ Pulse Watchdog$app$installer$sj-app$sj-pulse-proxy-server-app.exe$sj-pulse-proxy-server-app.json$sj-pulse-ui.exe$sj-pulse-ui.json$sj-pulse-watchdog.exe$sj-pulse-watchdog.json$sj-updater$sj-updater-app.exe$sj-updater-app.json$sj-watchdog$updater$watchdog
API String ID: 1775671525-4165182966
Opcode ID: e003f83b08545eef71909e8c9e931d2ada732a56d980efa208579c29519ab046
Instruction ID: abc23c483fd6b24280f9d6ff5da5979536d9981fd617145b512252c895a4ec8a
Opcode Fuzzy Hash: e003f83b08545eef71909e8c9e931d2ada732a56d980efa208579c29519ab046
Instruction Fuzzy Hash: 43D1C421E18BA688F301CB64E9453A973F4BF58348F516375F99CA272AEF7861D4E700

Function 00007FF63CC45EF0 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 288COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF38EE
Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF398B

memmove.VCRUNTIME140 ref: 00007FF63CC45FC0

Part of subcall function 00007FF63CBEA990: memcpy.VCRUNTIME140 ref: 00007FF63CBEAA57

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC46018
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC4608D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC46102
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC46172
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC46216

Strings

/check-interval-ms, xrefs: 00007FF63CC46039
/heartbeat, xrefs: 00007FF63CC461C0
/memory-usage, xrefs: 00007FF63CC4629A
type must be string, but is , xrefs: 00007FF63CC46142
/cpu-usage, xrefs: 00007FF63CC46269
/endpoint, xrefs: 00007FF63CC45F33
/disk-usage, xrefs: 00007FF63CC462CB
/report-interval-ms, xrefs: 00007FF63CC460AE

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memchrmemcpy$ExceptionThrowmemmove
String ID: /check-interval-ms$/cpu-usage$/disk-usage$/endpoint$/heartbeat$/memory-usage$/report-interval-ms$type must be string, but is
API String ID: 2465477935-2281374113
Opcode ID: b79557f0b703da95bbe1c74c2b54e584700a620caeb7aba90e9bfdce54924a4b
Instruction ID: a1fe50ebd3b40517f9672d6b9ddb6dfb830556b10d1959e22720fbdfa87b0a75
Opcode Fuzzy Hash: b79557f0b703da95bbe1c74c2b54e584700a620caeb7aba90e9bfdce54924a4b
Instruction Fuzzy Hash: 11C1A162F08B8695EA00DB34E4402ED63B1EB86794F509331FA5D97B9AEF3CE585D300

Function 00007FF63CC32FA0 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 273COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

Part of subcall function 00007FF63CD44DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CD44DF0
Part of subcall function 00007FF63CD44DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CD44DF6

memset.VCRUNTIME140 ref: 00007FF63CC3305F

Part of subcall function 00007FF63CC32230: _Mtx_init_in_situ.MSVCP140 ref: 00007FF63CC322AF
Part of subcall function 00007FF63CC32230: memset.VCRUNTIME140 ref: 00007FF63CC322FB

Part of subcall function 00007FF63CBF4150: memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF63CC00F8D), ref: 00007FF63CBF4280

Strings

NewRelic service is up, xrefs: 00007FF63CC3312A
}, xrefs: 00007FF63CC33317
Observable object is null., xrefs: 00007FF63CC3316E
}, xrefs: 00007FF63CC332F1
class std::unique_ptr<class sj::nr::NewRelicService,struct std::default_delete<class sj::nr::NewRelicService> > __cdecl sj::nr::createNewRelicService(const struct sj::cfg::NewRelic &,class sj::Storage &) noexcept, xrefs: 00007FF63CC3311E
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp, xrefs: 00007FF63CC33112, 00007FF63CC33301
pulse.{}.{}.usage, xrefs: 00007FF63CC33240
void __cdecl sj::nr::NewRelicService::Impl::sendMessage<struct sj::nr::NewRelicMetricMessage>(const struct sj::nr::NewRelicMetricMessage &) noexcept, xrefs: 00007FF63CC3330C

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Concurrency::cancel_current_taskmemset$Mtx_init_in_situmallocmemmove
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp$NewRelic service is up$Observable object is null.$class std::unique_ptr<class sj::nr::NewRelicService,struct std::default_delete<class sj::nr::NewRelicService> > __cdecl sj::nr::createNewRelicService(const struct sj::cfg::NewRelic &,class sj::Storage &) noexcept$pulse.{}.{}.usage$void __cdecl sj::nr::NewRelicService::Impl::sendMessage<struct sj::nr::NewRelicMetricMessage>(const struct sj::nr::NewRelicMetricMessage &) noexcept$}$}
API String ID: 585329793-64319763
Opcode ID: 812a5fde80192a99edced3ad77ec24346b056e8262223350d7022c4bc0b2a333
Instruction ID: b6af34bfccbc1dccec0dc57c30bd5bf06eebb2924ca74013778533cf144c497a
Opcode Fuzzy Hash: 812a5fde80192a99edced3ad77ec24346b056e8262223350d7022c4bc0b2a333
Instruction Fuzzy Hash: 9BC17D32A18B8185EB10CB64E8403AE73B0FB88794F545235FA9D57B99EF3CE195D740

Function 00007FF63CCF7740 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 206COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC50AB0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC50BE1

__std_fs_code_page.MSVCPRT ref: 00007FF63CCF7840
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CCF788C
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CCF78CA
sentry_options_set_database_path.SENTRY ref: 00007FF63CCF78F3
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF792B
__std_fs_code_page.MSVCPRT ref: 00007FF63CCF796A
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CCF79B6
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CCF79F4
sentry_options_add_attachment.SENTRY ref: 00007FF63CCF7A1D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF7A55

Part of subcall function 00007FF63CBF6540: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBF6588

Strings

crashpad database, xrefs: 00007FF63CCF7778
bool __cdecl sj::CrashHandler::Impl::createDbDir(void) noexcept const, xrefs: 00007FF63CCF77CB
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashHandler.cpp, xrefs: 00007FF63CCF77C0
Directory does not have write permission: {}, xrefs: 00007FF63CCF77D6

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_wide_to_narrow$_invalid_parameter_noinfo_noreturn$__std_fs_code_page$?default_logger_raw@spdlog@@Vlogger@1@sentry_options_add_attachmentsentry_options_set_database_path
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashHandler.cpp$Directory does not have write permission: {}$bool __cdecl sj::CrashHandler::Impl::createDbDir(void) noexcept const$crashpad database
API String ID: 3120675416-3987814639
Opcode ID: 08f02f7bc02ec343055c8dfbfec11627a6d074e0a2f76c31e8088ad2b3d45774
Instruction ID: ca0ed98988ee9a040e71b7571a828a1384eea1f874bfb4060ed2487577dcaf6e
Opcode Fuzzy Hash: 08f02f7bc02ec343055c8dfbfec11627a6d074e0a2f76c31e8088ad2b3d45774
Instruction Fuzzy Hash: E9916932B18A829AFB10DF75D4443AC23F1AB48788F405236FE5D96B99EF389595E340

Function 00007FF63CC355E0 Relevance: 24.5, APIs: 16, Instructions: 454COMMON

Download Yara Rule

APIs

_Mtx_init_in_situ.MSVCP140 ref: 00007FF63CC35639
_beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC35733
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC35782
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF63CC35792
memmove.VCRUNTIME140(?,?,?,00000000), ref: 00007FF63CC35869
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000), ref: 00007FF63CC35882
memmove.VCRUNTIME140(?,?,?,00000000), ref: 00007FF63CC358AC
memmove.VCRUNTIME140(?,?,?,00000000), ref: 00007FF63CC358CA
memmove.VCRUNTIME140(?,?,?,00000000), ref: 00007FF63CC358F4
memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000), ref: 00007FF63CC359D0

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memmove$Cpp_error@std@@Mtx_init_in_situThrow__beginthreadex_invalid_parameter_noinfo_noreturnterminate
String ID:
API String ID: 3505301042-0
Opcode ID: ab8ec26f031b61b12ef95caa3bbff78b7fbe671c8bf1130ddbf5fc69e68ce9ff
Instruction ID: e7274042738961ee3489dd58586481d5a26bbc9af280f350026519ccde586de9
Opcode Fuzzy Hash: ab8ec26f031b61b12ef95caa3bbff78b7fbe671c8bf1130ddbf5fc69e68ce9ff
Instruction Fuzzy Hash: F6F1DE32B09B9585EA21DF16F8402B963A0EB45BD4F488535EF8D87796EE3CE496D300

Function 00007FF63CC51620 Relevance: 24.2, APIs: 16, Instructions: 240COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF63CC5169E

Part of subcall function 00007FF63CC4F4E0: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CC4F52B
Part of subcall function 00007FF63CC4F4E0: ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF63CC4F54A
Part of subcall function 00007FF63CC4F4E0: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CC4F57C
Part of subcall function 00007FF63CC4F4E0: ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF63CC4F597
Part of subcall function 00007FF63CC4F4E0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CC4F5E5

memset.VCRUNTIME140 ref: 00007FF63CC516D1
??7ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CC5170A
??7ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CC51727
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC51744
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140(?), ref: 00007FF63CC51781
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF63CC51803
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF63CC5182E
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF63CC51864
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF63CC5188C
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF63CC518B0
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF63CC518E5
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC51951
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC5195B
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC519A2
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC519AF

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$?sgetc@?$basic_streambuf@$V?$basic_streambuf@$??1?$basic_ios@??1?$basic_istream@??7ios_base@std@@?rdbuf@?$basic_ios@?sbumpc@?$basic_streambuf@D@std@@@2@memset$??0?$basic_ios@??0?$basic_istream@??0?$basic_streambuf@?setstate@?$basic_ios@D@std@@@1@_Init@?$basic_streambuf@
String ID:
API String ID: 110866330-0
Opcode ID: 602da3e0376ddfab36aa621eb3ad3c432f0022a9404acd9938ed96bacf221cb9
Instruction ID: 036615f7216ccce00ca78ddcef1a5f7767e52c353d295b20721645bd4b765e54
Opcode Fuzzy Hash: 602da3e0376ddfab36aa621eb3ad3c432f0022a9404acd9938ed96bacf221cb9
Instruction Fuzzy Hash: 24B19D32A086C189EB218B2695543BAABF0FF85759F044231FE8E83BA5DF3DD545E710

Function 00007FF63CC32230 Relevance: 23.1, APIs: 2, Strings: 11, Instructions: 325COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC45800: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC458D5

_Mtx_init_in_situ.MSVCP140 ref: 00007FF63CC322AF

Part of subcall function 00007FF63CBFC930: #115.WS2_32 ref: 00007FF63CBFC971

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

memset.VCRUNTIME140 ref: 00007FF63CC322FB

Part of subcall function 00007FF63CBFE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE79F
Part of subcall function 00007FF63CBFE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE7CC
Part of subcall function 00007FF63CBFE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE851
Part of subcall function 00007FF63CBFE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE860
Part of subcall function 00007FF63CBFE760: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE86B

Part of subcall function 00007FF63CBE7240: __std_fs_code_page.MSVCPRT ref: 00007FF63CBE7263
Part of subcall function 00007FF63CBE7240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CBE72B1
Part of subcall function 00007FF63CBE7240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CBE72E9

Part of subcall function 00007FF63CBE5C70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE5CCB

Strings

trace, xrefs: 00007FF63CC32441
__cdecl sj::nr::NewRelicService::Impl::Impl(const struct sj::cfg::NewRelic &,class sj::Storage &,class sj::nr::INewRelicClientFactory &), xrefs: 00007FF63CC3270C
event, xrefs: 00007FF63CC323B3
NewRelicService, xrefs: 00007FF63CC324CA
disabled, xrefs: 00007FF63CC3266C
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp, xrefs: 00007FF63CC3268A
enabled, xrefs: 00007FF63CC32661
metric, xrefs: 00007FF63CC3240E
NewRelic {} reporting is {}, xrefs: 00007FF63CC32717
SJPulse, xrefs: 00007FF63CC32594
log, xrefs: 00007FF63CC323DB

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CreateErrorEventLast__std_fs_convert_narrow_to_wide_invalid_parameter_noinfo_noreturn$#115CloseHandleMtx_init_in_situ__std_fs_code_pagemallocmemset
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp$NewRelic {} reporting is {}$NewRelicService$SJPulse$__cdecl sj::nr::NewRelicService::Impl::Impl(const struct sj::cfg::NewRelic &,class sj::Storage &,class sj::nr::INewRelicClientFactory &)$disabled$enabled$event$log$metric$trace
API String ID: 4107774585-1555390895
Opcode ID: 23763a61aa03217cc7e5bc339df839449714799a9de26340880f8cf402f65421
Instruction ID: 7be50d8762e57cb80ecf13e009b14995a86023fbda7ca7d775def5aa2af0de5e
Opcode Fuzzy Hash: 23763a61aa03217cc7e5bc339df839449714799a9de26340880f8cf402f65421
Instruction Fuzzy Hash: 66F14832A08B819AEB14DF64E8503E973B4FB45748F905235FA8D83B55EF39E598D340

Function 00007FF63CC2D330 Relevance: 19.9, APIs: 5, Strings: 8, Instructions: 364COMMON

Download Yara Rule

Strings

?, xrefs: 00007FF63CC2D48D
env, xrefs: 00007FF63CC2D3C1
name, xrefs: 00007FF63CC2D75D, 00007FF63CC2D7C5
type must be string, but is , xrefs: 00007FF63CC2D9A5
cannot get value, xrefs: 00007FF63CC2D9E4
env.json, xrefs: 00007FF63CC2D386
SJPulse, xrefs: 00007FF63CC2D437
config, xrefs: 00007FF63CC2D3FC

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_narrow_to_wide$__std_exception_copy__std_fs_code_page_invalid_parameter_noinfo_noreturnmemcpy
String ID: ?$SJPulse$cannot get value$config$env$env.json$name$type must be string, but is
API String ID: 3289095054-3569255062
Opcode ID: 5808a64ef2eab9daea5ae3e877fc6b7c316384b71cd02619511f84d34f280188
Instruction ID: 6adf0a95d41c789235457e1623a4c2e40c39ef1bb199b50bb4e926e280d8dee6
Opcode Fuzzy Hash: 5808a64ef2eab9daea5ae3e877fc6b7c316384b71cd02619511f84d34f280188
Instruction Fuzzy Hash: F4028232A0CAC291EA70DB14E4603EA63A1FB96744F901132F6CE87B99DF7CD545EB41

Function 00007FF63CC12FC0 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 353COMMON

Download Yara Rule

APIs

_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC133B5
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140(?,?,?,?), ref: 00007FF63CC13451
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140(?,?,?,?), ref: 00007FF63CC13482

Strings

Invalid manifest data., xrefs: 00007FF63CC13358
cannot use key() for non-object iterators, xrefs: 00007FF63CC13380
build-date, xrefs: 00007FF63CC132AA

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?eback@?$basic_streambuf@?gptr@?$basic_streambuf@ExceptionThrow
String ID: Invalid manifest data.$build-date$cannot use key() for non-object iterators
API String ID: 3621651863-3298265133
Opcode ID: bf94b36126031f64accc6b0b461f4611051aa4008d56eb39a175f85407e2ac9f
Instruction ID: 60561a2469f9c84eeedf7ef73d2bd9180c797a7134a475d6c0d53f444b7ac414
Opcode Fuzzy Hash: bf94b36126031f64accc6b0b461f4611051aa4008d56eb39a175f85407e2ac9f
Instruction Fuzzy Hash: 4EE1AF72A08B8285EB11DF2A98012B927F1FB9579CF085231FE4D93796DF78E595E300

Function 00007FF63CBEE0C0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 259COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE277
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE2C8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE310
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE357
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE3AB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE3EA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE462

Strings

at byte , xrefs: 00007FF63CBEE18C
parse_error, xrefs: 00007FF63CBEE1F0
parse error, xrefs: 00007FF63CBEE231

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy
String ID: at byte $parse error$parse_error
API String ID: 3063020102-616852484
Opcode ID: e1bb83677298a8d6269429520c1feaaadfc9e5b9a78e7139d53f3e8f64586d68
Instruction ID: 7d582ca69ec05f6a9cbd1be4c3148bb41894d82cdecbcbbe89e084f9655780d1
Opcode Fuzzy Hash: e1bb83677298a8d6269429520c1feaaadfc9e5b9a78e7139d53f3e8f64586d68
Instruction Fuzzy Hash: 21B18162F14A9645FB10DB79E4403AD23A1EB46BA4F505332FA6D92BD9DF7CE0C4E201

Function 00007FF63CBE6BB0 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 374COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC294B0: CreateMutexW.KERNEL32 ref: 00007FF63CC29538
Part of subcall function 00007FF63CC294B0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2957B

memset.VCRUNTIME140 ref: 00007FF63CBE6DC6

Part of subcall function 00007FF63CC295E0: ReleaseMutex.KERNEL32 ref: 00007FF63CC295F2
Part of subcall function 00007FF63CC295E0: CloseHandle.KERNEL32 ref: 00007FF63CC295FC

Strings

sj-updater-app, xrefs: 00007FF63CBE6BF2
SJ Pulse Updater, xrefs: 00007FF63CBE6EF7

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Mutex$CloseCreateHandleRelease_invalid_parameter_noinfo_noreturnmemset
String ID: SJ Pulse Updater$sj-updater-app
API String ID: 2500592025-1774081351
Opcode ID: e05c7b81ebc699e180c7caa0dbe35e7391e46a1ab421358f74cc591ec9b61956
Instruction ID: 8402ac428a68137a19a30cbb695feabe88090204724fa76dfc107ab2be92890e
Opcode Fuzzy Hash: e05c7b81ebc699e180c7caa0dbe35e7391e46a1ab421358f74cc591ec9b61956
Instruction Fuzzy Hash: 12F1C832A087D682EA209B25F4503F963A0FB85BA0F44A731EA9E977D5DF3CD485D701

Function 00007FF63CBEFBB0 Relevance: 15.2, Strings: 12, Instructions: 158COMMON

Download Yara Rule

Strings

insights-collector.newrelic.com, xrefs: 00007FF63CBEFBF8
/v1/accounts/1592627/events, xrefs: 00007FF63CBEFC24
trace-api.newrelic.com, xrefs: 00007FF63CBEFDE0
/metric/v1, xrefs: 00007FF63CBEFD68
tr_, xrefs: 00007FF63CBEFE3A
mt_, xrefs: 00007FF63CBEFD95
/log/v1, xrefs: 00007FF63CBEFCC3
log_, xrefs: 00007FF63CBEFCF0
/trace/v1, xrefs: 00007FF63CBEFE0D
log-api.newrelic.com, xrefs: 00007FF63CBEFC96
metric-api.newrelic.com, xrefs: 00007FF63CBEFD3B
ev_, xrefs: 00007FF63CBEFC4B

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: /log/v1$/metric/v1$/trace/v1$/v1/accounts/1592627/events$ev_$insights-collector.newrelic.com$log-api.newrelic.com$log_$metric-api.newrelic.com$mt_$tr_$trace-api.newrelic.com
API String ID: 1775671525-618816017
Opcode ID: 133b1d9794050b7147fd66e41572d950952107e0d52bc98ce958453fc4424269
Instruction ID: 13ea3d7193b83cced2755c32c8fb4f750b7c87d11f533f7c11fe8dc45b21af7f
Opcode Fuzzy Hash: 133b1d9794050b7147fd66e41572d950952107e0d52bc98ce958453fc4424269
Instruction Fuzzy Hash: ED815F3292479291EB00DF34E8402D933A4FB91B4CF756232E64D8A665EFB9E686D350

Function 00007FF63CC408B0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 134COMMON

Download Yara Rule

APIs

__std_fs_code_page.MSVCPRT ref: 00007FF63CC408E0

Part of subcall function 00007FF63CD43D84: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FF63CBE97E9), ref: 00007FF63CD43D88
Part of subcall function 00007FF63CD43D84: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF63CBE97E9), ref: 00007FF63CD43D97

__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CC4091B

Part of subcall function 00007FF63CD43DAC: MultiByteToWideChar.KERNEL32 ref: 00007FF63CD43DC8
Part of subcall function 00007FF63CD43DAC: GetLastError.KERNEL32 ref: 00007FF63CD43DD6

__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CC4095D
__std_fs_code_page.MSVCPRT ref: 00007FF63CC40979
__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CC409B4
__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CC409F6

Part of subcall function 00007FF63CC40550: CoTaskMemFree.OLE32 ref: 00007FF63CC405D2

Part of subcall function 00007FF63CBE5C70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE5CCB

Strings

storage, xrefs: 00007FF63CC40912, 00007FF63CC40954
SJPulse, xrefs: 00007FF63CC409AB, 00007FF63CC409ED

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_narrow_to_wide$__std_fs_code_page$ApisByteCharErrorFileFreeLastMultiTaskWide___lc_codepage_func_invalid_parameter_noinfo_noreturn
String ID: SJPulse$storage
API String ID: 2936618919-2343843642
Opcode ID: 06fd5b8106a3d149084cf1d3409da65295ec256c758c8b07392851db1740427a
Instruction ID: 1c853db3244d36a9caa25d5c49a029d423208db65da690bd3cd8f282c6e0d76e
Opcode Fuzzy Hash: 06fd5b8106a3d149084cf1d3409da65295ec256c758c8b07392851db1740427a
Instruction Fuzzy Hash: 9B516E22F086529AFB10EBB1E0502ED33B2AB55748F411136FE0DA7B89EF38D559D740

Function 00007FF63CC40AD0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF63CC40B1F
GetTempPathW.KERNEL32 ref: 00007FF63CC40B2D
__std_fs_code_page.MSVCPRT ref: 00007FF63CC40B40

Part of subcall function 00007FF63CD43D84: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FF63CBE97E9), ref: 00007FF63CD43D88
Part of subcall function 00007FF63CD43D84: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF63CBE97E9), ref: 00007FF63CD43D97

__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CC40B80

Part of subcall function 00007FF63CD43DAC: MultiByteToWideChar.KERNEL32 ref: 00007FF63CD43DC8
Part of subcall function 00007FF63CD43DAC: GetLastError.KERNEL32 ref: 00007FF63CD43DD6

__std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CC40BC6

Part of subcall function 00007FF63CBEBAF0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF63CBEC44F), ref: 00007FF63CBEBB2E

Part of subcall function 00007FF63CBE5C70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE5CCB

Strings

v, xrefs: 00007FF63CC40C1F
SJPulse, xrefs: 00007FF63CC40B77, 00007FF63CC40BBD

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_narrow_to_wide$ApisByteCharErrorFileLastMultiPathTempWide___lc_codepage_func__std_fs_code_page_invalid_parameter_noinfo_noreturnmemcpymemset
String ID: SJPulse$v
API String ID: 1916485501-1315662759
Opcode ID: ec4092f75762cadf11d1b50804423080506222c325646bd57f91ff5faec54b9c
Instruction ID: dd9e4f7a282387545c5c7cf67b359a72b137971550e09885cfd5088ff52f4213
Opcode Fuzzy Hash: ec4092f75762cadf11d1b50804423080506222c325646bd57f91ff5faec54b9c
Instruction Fuzzy Hash: FA419032B28A8186EB10DB61E4906AE73A5FB85784F402136FA8E93B59DF3CD544DB00

Function 00007FF63CC28A90 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

StartServiceCtrlDispatcherA.ADVAPI32 ref: 00007FF63CC28AE4
GetLastError.KERNEL32 ref: 00007FF63CC28AEE

Part of subcall function 00007FF63CC27680: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CC276C8

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC28B88

Strings

void __cdecl sj::WindowsService::run(void) const, xrefs: 00007FF63CC28B20
Failed to start service ctrl dispatcher: {0}, xrefs: 00007FF63CC28B35
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\WindowsService.cpp, xrefs: 00007FF63CC28B06

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@CtrlDispatcherErrorLastServiceStartVlogger@1@_invalid_parameter_noinfo_noreturn
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\WindowsService.cpp$Failed to start service ctrl dispatcher: {0}$void __cdecl sj::WindowsService::run(void) const
API String ID: 2901174767-2512971099
Opcode ID: 81e80174668aae78527a3d22d533a357a23e2f2fcf62dd5596daffd3cd5e445f
Instruction ID: 01244b2de4717c665b0f7848366cd2a934b680e3599c0a24f7ba9f1313c8cfbd
Opcode Fuzzy Hash: 81e80174668aae78527a3d22d533a357a23e2f2fcf62dd5596daffd3cd5e445f
Instruction Fuzzy Hash: 63310572B04A4699EB00DFB4E8513ED33B5EB08758F405236EA1D96B98EE38D159E344

Function 00007FF63CC40650 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

APIs

__std_fs_code_page.MSVCPRT ref: 00007FF63CC406CB

Part of subcall function 00007FF63CD43D84: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FF63CBE97E9), ref: 00007FF63CD43D88
Part of subcall function 00007FF63CD43D84: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF63CBE97E9), ref: 00007FF63CD43D97

__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CC40712

Part of subcall function 00007FF63CD43DF4: WideCharToMultiByte.KERNEL32 ref: 00007FF63CD43E4F

__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CC40750

Part of subcall function 00007FF63CD43DF4: WideCharToMultiByte.KERNEL32 ref: 00007FF63CD43E99
Part of subcall function 00007FF63CD43DF4: GetLastError.KERNEL32 ref: 00007FF63CD43EA7
Part of subcall function 00007FF63CD43DF4: WideCharToMultiByte.KERNEL32 ref: 00007FF63CD43EDB
Part of subcall function 00007FF63CD43DF4: GetLastError.KERNEL32 ref: 00007FF63CD43EE9

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC407D2

Strings

Program Files\SJPulse, xrefs: 00007FF63CC406A6

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast__std_fs_convert_wide_to_narrow$ApisFile___lc_codepage_func__std_fs_code_page_invalid_parameter_noinfo_noreturn
String ID: Program Files\SJPulse
API String ID: 2473933964-791770671
Opcode ID: ec1cbfb5e7155b761f2957f70375c2f8ed7b9e446a03c9bc84e2528982641ce3
Instruction ID: 571a8fe64ab29fb3fa41b6d6b3c38788455895a84d77df49a7e039bcf169b5d2
Opcode Fuzzy Hash: ec1cbfb5e7155b761f2957f70375c2f8ed7b9e446a03c9bc84e2528982641ce3
Instruction Fuzzy Hash: 12519E32F18A518AFB00EB75E4512ED63B1EB44788F405236FE4D96B9ADF38D545E340

Function 00007FF63CC09660 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF63CC00B59), ref: 00007FF63CC0969A
LeaveCriticalSection.KERNEL32 ref: 00007FF63CC096AC
?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?), ref: 00007FF63CC0991B

Strings

list too long, xrefs: 00007FF63CC09914

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$EnterLeaveXlength_error@std@@
String ID: list too long
API String ID: 3990814652-1124181908
Opcode ID: 3a53aae53e96b35a42094127b1d1e6d248f443c8fde39c4225935923ae6dc37d
Instruction ID: 1adddee32b0af81c7bc00b9142c98b75472c86d063bddb4eb50125419300db6b
Opcode Fuzzy Hash: 3a53aae53e96b35a42094127b1d1e6d248f443c8fde39c4225935923ae6dc37d
Instruction Fuzzy Hash: 57813573A09B9581DA50CF1AE440669B3B4FB99BC4F588236EF9D87724EF38D490D700

Function 00007FF63CC02F50 Relevance: 6.3, APIs: 4, Instructions: 324COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140 ref: 00007FF63CC030DF

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memmove
String ID:
API String ID: 2162964266-0
Opcode ID: 0ad60d682bba5a9e06aa07f50460c350072084a4257af08732143d6141a39fee
Instruction ID: 81a23c48f1e36d637e9f7ea4c9af32fdac0ad0164f33faf90d78bf4408286aec
Opcode Fuzzy Hash: 0ad60d682bba5a9e06aa07f50460c350072084a4257af08732143d6141a39fee
Instruction Fuzzy Hash: B2C1D3B2F19A6285EB109B65D4402BD73F0FB08B98F484635EE5D97B99DF38D482D300

Function 00007FF63CC2B290 Relevance: 6.2, APIs: 4, Instructions: 233COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC42AA0: memset.VCRUNTIME140 ref: 00007FF63CC42AD6
Part of subcall function 00007FF63CC42AA0: GetModuleFileNameW.KERNEL32 ref: 00007FF63CC42AE8

__std_fs_code_page.MSVCPRT ref: 00007FF63CC2B472
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CC2B4BB
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CC2B4F9
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2B54C

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: __std_fs_convert_wide_to_narrow$FileModuleName__std_fs_code_page_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3045111054-0
Opcode ID: 3d3263bf0a1bdd566309f4b635d96eeace538a89510e601551dfb62fb518ffaf
Instruction ID: 832a030ded6a8ea90c947480760684a6563375bf0ba6f6cf40b9fa415d2e7835
Opcode Fuzzy Hash: 3d3263bf0a1bdd566309f4b635d96eeace538a89510e601551dfb62fb518ffaf
Instruction Fuzzy Hash: 4091EF32F1464285EF20DB65E5602BD63F1FB54B88F542232EF4E96B95DF78A485E300

Function 00007FF63CD45DFC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF63CD45E28
GetCurrentThreadId.KERNEL32 ref: 00007FF63CD45E36
GetCurrentProcessId.KERNEL32 ref: 00007FF63CD45E42
QueryPerformanceCounter.KERNEL32 ref: 00007FF63CD45E52

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 8fed4d3f3244356f4136f1ac9bef5449a1b3de035f590590b182b6f9e230f044
Instruction ID: f9ba69b95fd46619c691a73064cd61d73508b2288bc3003a7ba1d04e17a96360
Opcode Fuzzy Hash: 8fed4d3f3244356f4136f1ac9bef5449a1b3de035f590590b182b6f9e230f044
Instruction Fuzzy Hash: D711E836B14B018AEB009F60E8552A933A4FB59B58F441A35FA6D867A4EF78D158D380

Function 00007FF63CC07210 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 197networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBFADF0: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBFC8B2), ref: 00007FF63CBFAE0D

WSARecv.WS2_32 ref: 00007FF63CC07286
#111.WS2_32 ref: 00007FF63CC0728E

Strings

M', xrefs: 00007FF63CC073EB

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: #111ExceptionRecvThrow
String ID: M'
API String ID: 1484990150-2701432540
Opcode ID: b2eebd1c0802e380f49fa7e4d5ff1498160064a6d7fa5bf25ec96f3ad61369d8
Instruction ID: f5d87d0ea675f801b96ea997abce30ac58a785edb968d78e4b766b80e23f8680
Opcode Fuzzy Hash: b2eebd1c0802e380f49fa7e4d5ff1498160064a6d7fa5bf25ec96f3ad61369d8
Instruction Fuzzy Hash: 0671BFB2F28B2586EB14CB65E85117C22F4FB89788B505239EE4E97794DF3CE581E700

Function 00007FF63CD43C4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,?,?,?,?,?,00000000,00007FF63CBEA605), ref: 00007FF63CD43C72
FormatMessageA.KERNEL32 ref: 00007FF63CD43CA5

Strings

!x-sys-default-locale, xrefs: 00007FF63CD43C65

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: b3c7ed0d1dc5e6ebf051b7fa824190b1d4c5cba51badac68dbfcad8a1f9c8fbb
Instruction ID: d97f77dc403df58ee3bd983f99580ac589b7fa3f3bb1cf7fecc9d7987741bf90
Opcode Fuzzy Hash: b3c7ed0d1dc5e6ebf051b7fa824190b1d4c5cba51badac68dbfcad8a1f9c8fbb
Instruction Fuzzy Hash: 6A018072B0878682E7158B26B44476AB7E1FB88784F948235FB8986B94DF3CD505DB00

Function 00007FF63CBF2840 Relevance: 4.9, APIs: 3, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8714c76d784c7c05c6d162f7b152a32a6608948cb25c1d6d2a3984b42777fb7d
Instruction ID: 0d21f0fa04d7c84bb8a6bcedac79a39d4f01796e8b6e697f140430e8775a89db
Opcode Fuzzy Hash: 8714c76d784c7c05c6d162f7b152a32a6608948cb25c1d6d2a3984b42777fb7d
Instruction Fuzzy Hash: 01F1C526F18A6689FB208FA5D5102BD33E1EB15788F404131EE9E57B89DF38B595E302

Function 00007FF63CBF5B80 Relevance: 4.8, APIs: 3, Instructions: 275COMMON

Download Yara Rule

APIs

?is_printable@detail@v10@fmt@@YA_NI@Z.FMT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF63CBF5D29
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF63CBF5D9D
?is_printable@detail@v10@fmt@@YA_NI@Z.FMT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF63CBF5EF6

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?is_printable@detail@v10@fmt@@$memcpy
String ID:
API String ID: 3095726565-0
Opcode ID: 9136bdea6c655776aebb43345595dff126fa0f60d17349c3735a74b0031899ea
Instruction ID: af015a75ef6bec862c9e6c44381803588e15b8ab84f81ed2a7f40a261661ad50
Opcode Fuzzy Hash: 9136bdea6c655776aebb43345595dff126fa0f60d17349c3735a74b0031899ea
Instruction Fuzzy Hash: 00B1E337F19A608AFB109F2894053A927E1FB49348F055235FE9AA7B84DF3CD819D784

Function 00007FF63CC479A0 Relevance: 2.7, Strings: 2, Instructions: 223COMMON

Download Yara Rule

Strings

UUUUUUUU, xrefs: 00007FF63CC47C4D
33333333, xrefs: 00007FF63CC47C5D

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID:
String ID: 33333333$UUUUUUUU
API String ID: 0-3483174168
Opcode ID: 27f0893e217e5b3ae2ec05280bac29d6909faee5ddd65d5463d85504c7ee1bcb
Instruction ID: 856b62c63e9486f9f8134f1a3289520ea2df8a40d37904b771f258a733698f8f
Opcode Fuzzy Hash: 27f0893e217e5b3ae2ec05280bac29d6909faee5ddd65d5463d85504c7ee1bcb
Instruction Fuzzy Hash: F881F333B1564487EB48CB2AD96126E73E2F799B90F54C539EA0E83B88DE3DD505C700

Function 00007FF63CC58F60 Relevance: 1.5, APIs: 1, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF63CC59142

Part of subcall function 00007FF63CC576B0: _Cnd_init_in_situ.MSVCP140(?,?,FFFFFFFF,00007FF63CC59154), ref: 00007FF63CC576DF
Part of subcall function 00007FF63CC576B0: _Mtx_init_in_situ.MSVCP140(?,?,FFFFFFFF,00007FF63CC59154), ref: 00007FF63CC5770A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Cnd_init_in_situMtx_init_in_situmallocmemset
String ID:
API String ID: 97985721-0
Opcode ID: fcbbd3fc3f1c9cf7c195226d8fc62e310fd86aaf680aab35ff5a2d53029849c9
Instruction ID: 5a45ec141b5752cf05ff249e5f5a0ce3a5b5f3be9eb3647956e65b4695d05a28
Opcode Fuzzy Hash: fcbbd3fc3f1c9cf7c195226d8fc62e310fd86aaf680aab35ff5a2d53029849c9
Instruction Fuzzy Hash: 4B919C32B05B418AEB508F66D8402ADB3F1FB89B58F088536EE4E97754EF38D446D340

Function 00007FF63CD06970 Relevance: .4, Instructions: 414COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow
String ID:
API String ID: 432778473-0
Opcode ID: 76de1d1478927bc2e13a5d8bb29c382a246fa128169649abbf255f33824d9df5
Instruction ID: 464112e4edec56f7d352c998a2b04d606abf920c3bf057aaf52328a71dde6735
Opcode Fuzzy Hash: 76de1d1478927bc2e13a5d8bb29c382a246fa128169649abbf255f33824d9df5
Instruction Fuzzy Hash: 37025736B09F5595EB00DF69E4802AD33B0FB88B88F544226EE4D97B68DF38D596D340

Function 00007FF63CC48030 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cc187e2938dcf951286eca84652d17b2269761e1e564f2e39c3ff6fb2937fb1
Instruction ID: a7f7d463414f1a4f5243dbe9589132c6f8d55ae0bf5ea076771f52a37c9e6f81
Opcode Fuzzy Hash: 8cc187e2938dcf951286eca84652d17b2269761e1e564f2e39c3ff6fb2937fb1
Instruction Fuzzy Hash: 1051C033B11A9487E748CA2AC865AAD77E6F3D9750F45C239EB19C3794DE399902CB00

Function 00007FF63CC47CF0 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcf0e7f388db4cbd039e4dfbfb7130d1790e8e195d59edd4a85268d150678e00
Instruction ID: 198dbc6b4888079e5a408ad9ff50a9cb0243a68762ca1390c0e6bff2af2edcf4
Opcode Fuzzy Hash: bcf0e7f388db4cbd039e4dfbfb7130d1790e8e195d59edd4a85268d150678e00
Instruction Fuzzy Hash: 794183337255848BE78CCE3AC8659AE33E2F7D9344F45C639EA1A87389DE359905CB40

Function 00007FF63CC47EA0 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50549f03aacc7cfb11e83456d0676adf1d5ab45dee3c00e89fed66d0e5a7704e
Instruction ID: 119ebb22e452ed793beef6bb2a826c52460b554c3ca2dc619be7225c011bfcf9
Opcode Fuzzy Hash: 50549f03aacc7cfb11e83456d0676adf1d5ab45dee3c00e89fed66d0e5a7704e
Instruction Fuzzy Hash: 6F4162337155548BE78CCF2AC825AAD73E2F398304F85C639EA0A87389DE399905CB40

Function 00007FF63CC136F0 Relevance: 51.1, APIs: 18, Strings: 11, Instructions: 390COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,?,?,?,?,00000000,?,?,00007FF63CC0AE6D), ref: 00007FF63CC1373A
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140(?,?,?,?,?,00000000,?,?,00007FF63CC0AE6D), ref: 00007FF63CC1374F
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,?,?,?,?,00000000,?,?,00007FF63CC0AE6D), ref: 00007FF63CC1376E
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140(?,?,?,?,?,00000000,?,?,00007FF63CC0AE6D), ref: 00007FF63CC137A2

Part of subcall function 00007FF63CBE33D0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CBE3413
Part of subcall function 00007FF63CBE33D0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CBE3428
Part of subcall function 00007FF63CBE33D0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CBE343D
Part of subcall function 00007FF63CBE33D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE3460
Part of subcall function 00007FF63CBE33D0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CBE347F
Part of subcall function 00007FF63CBE33D0: ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE3493
Part of subcall function 00007FF63CBE33D0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF63CBE34A6
Part of subcall function 00007FF63CBE33D0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CBE34B6
Part of subcall function 00007FF63CBE33D0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CBE35CE
Part of subcall function 00007FF63CBE33D0: ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF63CBE35D5
Part of subcall function 00007FF63CBE33D0: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF63CBE35E1
Part of subcall function 00007FF63CBE33D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE35F3

Part of subcall function 00007FF63CC0EEF0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0EF25
Part of subcall function 00007FF63CC0EEF0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CC0EF44
Part of subcall function 00007FF63CC0EEF0: ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0EF58
Part of subcall function 00007FF63CC0EEF0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF63CC0EF6B
Part of subcall function 00007FF63CC0EEF0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CC0EF7B
Part of subcall function 00007FF63CC0EEF0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CC0EF9B
Part of subcall function 00007FF63CC0EEF0: ?flags@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF63CC0EFCA
Part of subcall function 00007FF63CC0EEF0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0EFF7
Part of subcall function 00007FF63CC0EEF0: ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF63CC0F00A
Part of subcall function 00007FF63CC0EEF0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF63CC0F016
Part of subcall function 00007FF63CC0EEF0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0F03C
Part of subcall function 00007FF63CC0EEF0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF63CC0F049

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z.MSVCP140 ref: 00007FF63CC139CB

Part of subcall function 00007FF63CBE33D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE353D
Part of subcall function 00007FF63CBE33D0: ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF63CBE354C
Part of subcall function 00007FF63CBE33D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE3566
Part of subcall function 00007FF63CBE33D0: ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF63CBE3579
Part of subcall function 00007FF63CBE33D0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF63CBE3585

Part of subcall function 00007FF63CC0EEF0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CC0EFB6
Part of subcall function 00007FF63CC0EEF0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0F073
Part of subcall function 00007FF63CC0EEF0: ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF63CC0F086
Part of subcall function 00007FF63CC0EEF0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF63CC0F092
Part of subcall function 00007FF63CC0EEF0: ?width@ios_base@std@@QEAA_J_J@Z.MSVCP140 ref: 00007FF63CC0F0CA
Part of subcall function 00007FF63CC0EEF0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CC0F0DF
Part of subcall function 00007FF63CC0EEF0: ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF63CC0F0E6
Part of subcall function 00007FF63CC0EEF0: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF63CC0F0F2
Part of subcall function 00007FF63CC0EEF0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0F103

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z.MSVCP140 ref: 00007FF63CC13A04
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z.MSVCP140 ref: 00007FF63CC13A2E

Part of subcall function 00007FF63CC478F0: ?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CC4797F

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC13C1A
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC13C2A
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC13C38
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC13C52
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC13C5A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC13C61
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC13C75
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC13C85
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC13C93
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC13CF1
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC13CFB

Part of subcall function 00007FF63CBE33D0: ?flags@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF63CBE34DC
Part of subcall function 00007FF63CBE33D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE34FF
Part of subcall function 00007FF63CBE33D0: ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF63CBE3512
Part of subcall function 00007FF63CBE33D0: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF63CBE351E
Part of subcall function 00007FF63CBE33D0: ?width@ios_base@std@@QEAA_J_J@Z.MSVCP140 ref: 00007FF63CBE35A8

Strings

version: , xrefs: 00007FF63CC13A3E
max: , xrefs: 00007FF63CC13A14
url: , xrefs: 00007FF63CC13AC5
sha256: , xrefs: 00007FF63CC13942
name: , xrefs: 00007FF63CC138D2
min: , xrefs: 00007FF63CC139EA
stage , xrefs: 00007FF63CC139B4
version: , xrefs: 00007FF63CC1384B
build-date: , xrefs: 00007FF63CC137C3
url: , xrefs: 00007FF63CC1390A
sha256: , xrefs: 00007FF63CC13AFD

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$D@std@@@2@$V?$basic_streambuf@$?rdbuf@?$basic_ios@$?width@ios_base@std@@$?sputc@?$basic_streambuf@$?fill@?$basic_ios@?good@ios_base@std@@$??6?$basic_ostream@$?flags@ios_base@std@@?flush@?$basic_ostream@?pptr@?$basic_streambuf@?setstate@?$basic_ios@?tie@?$basic_ios@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V01@V12@V?$basic_ostream@_invalid_parameter_noinfo_noreturn$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@?eback@?$basic_streambuf@?egptr@?$basic_streambuf@?epptr@?$basic_streambuf@?gptr@?$basic_streambuf@?pbase@?$basic_streambuf@?sputn@?$basic_streambuf@?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@std@@@1@_D@v10@fmt@@@12@@V01@_V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@memset
String ID: max: $ min: $ sha256: $ url: $ version: $ name: $ sha256: $ stage $ url: $ version: $build-date:
API String ID: 787992713-1789690344
Opcode ID: 11c2f6d155028b4d349ce13c0ef6e2376e2f68db1fee7bbef08c495a7c9fdd00
Instruction ID: 3df1c36c70aa67225fdc102ff11b63fbeb74902fe0cfd29c0c6838eb71d9b392
Opcode Fuzzy Hash: 11c2f6d155028b4d349ce13c0ef6e2376e2f68db1fee7bbef08c495a7c9fdd00
Instruction Fuzzy Hash: 3C028072B08A4691EA00DB26E4542BA77F1FB85BC8F445136FA4E877A5DF3CE149E340

Function 00007FF63CBE2000 Relevance: 49.8, APIs: 9, Strings: 24, Instructions: 345COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

Part of subcall function 00007FF63CD44DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CD44DF0
Part of subcall function 00007FF63CD44DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CD44DF6

memmove.VCRUNTIME140 ref: 00007FF63CBE20D6
memmove.VCRUNTIME140 ref: 00007FF63CBE214C
memmove.VCRUNTIME140 ref: 00007FF63CBE21C2
memmove.VCRUNTIME140 ref: 00007FF63CBE2238
memmove.VCRUNTIME140 ref: 00007FF63CBE22C1
memmove.VCRUNTIME140 ref: 00007FF63CBE233C
memmove.VCRUNTIME140 ref: 00007FF63CBE23B2
memmove.VCRUNTIME140 ref: 00007FF63CBE2428
memmove.VCRUNTIME140 ref: 00007FF63CBE249E

Part of subcall function 00007FF63CD13C20: memmove.VCRUNTIME140(00000000,Opera/,OPR/,00007FF63CBE24F9), ref: 00007FF63CD13CC8

Part of subcall function 00007FF63CD13C20: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,Opera/,OPR/,00007FF63CBE24F9), ref: 00007FF63CD13C99
Part of subcall function 00007FF63CD13C20: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CD13CEB

Part of subcall function 00007FF63CD13C20: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FF63CBE24F9), ref: 00007FF63CD13D57

Part of subcall function 00007FF63CD13C20: memchr.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBE24F9), ref: 00007FF63CD13E02

Strings

; Zoom , xrefs: 00007FF63CBE201A
Slack/, xrefs: 00007FF63CBE2084
Trident/7.0; rv:, xrefs: 00007FF63CBE25AF
; MSIE , xrefs: 00007FF63CBE25D5
PaleMoon/, xrefs: 00007FF63CBE24C2
Safari/, xrefs: 00007FF63CBE2747
Chrome WIN , xrefs: 00007FF63CBE26D2
Firefox/, xrefs: 00007FF63CBE2621
Waterfox/, xrefs: 00007FF63CBE244C
AVG/, xrefs: 00007FF63CBE2360
SeaMonkey/, xrefs: 00007FF63CBE2511
OPR/, xrefs: 00007FF63CBE225C
Chromium/, xrefs: 00007FF63CBE2670
Version/, xrefs: 00007FF63CBE277E
Edg/, xrefs: 00007FF63CBE20FA
YaBrowser/, xrefs: 00007FF63CBE21E6
Vivaldi/, xrefs: 00007FF63CBE2170
Opera/, xrefs: 00007FF63CBE226F
Chrome/, xrefs: 00007FF63CBE26BF
Chrome Mobile/, xrefs: 00007FF63CBE26E5
Trident/7.0; Touch; rv:, xrefs: 00007FF63CBE25C2
Avast/, xrefs: 00007FF63CBE23D6
chrome/, xrefs: 00007FF63CBE26F8
Edge/, xrefs: 00007FF63CBE2560

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memmove$Concurrency::cancel_current_task$_invalid_parameter_noinfo_noreturn$mallocmemchr
String ID: ; MSIE $; Zoom $AVG/$Avast/$Chrome Mobile/$Chrome WIN $Chrome/$Chromium/$Edg/$Edge/$Firefox/$OPR/$Opera/$PaleMoon/$Safari/$SeaMonkey/$Slack/$Trident/7.0; Touch; rv:$Trident/7.0; rv:$Version/$Vivaldi/$Waterfox/$YaBrowser/$chrome/
API String ID: 459239740-828318033
Opcode ID: ec8dd49c3cb23b746d209448ef74dd82ecb00fd3e3f60b46937e1f6a92fa1598
Instruction ID: dbc88cb137e24866657edc3ac36468a7fb8eaf91bf8caceb88a71fab92eda31a
Opcode Fuzzy Hash: ec8dd49c3cb23b746d209448ef74dd82ecb00fd3e3f60b46937e1f6a92fa1598
Instruction Fuzzy Hash: E4326575B09B5299EB00DF60F8807A933E9FB04308F514639FA4DA2B65EF7CA155E344

Function 00007FF63CC28CD0 Relevance: 36.2, APIs: 24, Instructions: 212COMMON

Download Yara Rule

APIs

?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28D13
?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28D28
?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28D3D
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28D60
?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28D7F
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28D93
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28DA6
?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28DB6
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28DE1

Part of subcall function 00007FF63CC293A0: ??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF63CC28DF0,?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC293CD
Part of subcall function 00007FF63CC293A0: ??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF63CC28DF0,?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC293E7
Part of subcall function 00007FF63CC293A0: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF63CC28DF0,?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC29419
Part of subcall function 00007FF63CC293A0: ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF63CC28DF0,?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC29443
Part of subcall function 00007FF63CC293A0: std::_Facet_Register.LIBCPMT ref: 00007FF63CC2945C
Part of subcall function 00007FF63CC293A0: ??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF63CC28DF0,?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC2947B

?flags@ios_base@std@@QEBAHXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28E28
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28E4F
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28E62
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28E6E
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28E9D
?widen@?$ctype@_W@std@@QEBA_WD@Z.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28EB3
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28EBF
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28F71
?uncaught_exceptions@std@@YAHXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28F78
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28F84
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC28F95

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@_$W@std@@@std@@$W@std@@@2@$?rdbuf@?$basic_ios@_V?$basic_streambuf@_$?width@ios_base@std@@$?good@ios_base@std@@?sputc@?$basic_streambuf@_Lockit@std@@W@std@@$??0_??1_?fill@?$basic_ios@_?flags@ios_base@std@@?flush@?$basic_ostream@_?getloc@ios_base@std@@?setstate@?$basic_ios@_?tie@?$basic_ios@_?uncaught_exceptions@std@@?widen@?$ctype@_Bid@locale@std@@Facet_Getcat@?$ctype@_Getgloballocale@locale@std@@Locimp@12@Osfx@?$basic_ostream@_RegisterV12@V42@@V?$basic_ostream@_Vfacet@locale@2@Vlocale@2@std::_
String ID:
API String ID: 1033123739-0
Opcode ID: 6b0e4152cc2fd2e4f22db60a8f152c2f58493f218a1e09097067f1199f1bf8b2
Instruction ID: 6805ab3ff07b16cd1abb635f2f065c49dd340c412c86308a2d809723834c74e6
Opcode Fuzzy Hash: 6b0e4152cc2fd2e4f22db60a8f152c2f58493f218a1e09097067f1199f1bf8b2
Instruction Fuzzy Hash: C2812F33B09A5282EE249F19E4A023967E0FF99F86F059535EA4E87751CF3DE405E304

Function 00007FF63CBF5210 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 203COMMON

Download Yara Rule

APIs

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CBF524C
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF63CBF5275
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z.MSVCP140 ref: 00007FF63CBF5293
??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF63CBF52C5
??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF63CBF52DE
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF63CBF5310
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF63CBF5338
std::_Facet_Register.LIBCPMT ref: 00007FF63CBF5353
??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF63CBF5378
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBF539B
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@DD@Z.MSVCP140 ref: 00007FF63CBF53D8
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF63CBF53E8
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CBF53F3
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBF5446
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBF547C
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBF5482
__std_type_info_compare.VCRUNTIME140 ref: 00007FF63CBF54BE
__std_type_info_compare.VCRUNTIME140 ref: 00007FF63CBF54E7

Strings

, xrefs: 00007FF63CBF53C4
failed to format time, xrefs: 00007FF63CBF542E

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$V?$ostreambuf_iterator@$D@std@@@2@D@std@@@std@@@std@@Lockit@std@@V?$basic_streambuf@__std_type_info_compare$??0?$basic_ostream@??0?$basic_streambuf@??0_??1?$basic_streambuf@??1_?imbue@?$basic_ios@?put@?$time_put@?rdbuf@?$basic_ios@Bid@locale@std@@Concurrency::cancel_current_taskD?$basic_ostream@D@std@@@1@_ExceptionFacet_Getcat@?$time_put@Getgloballocale@locale@std@@Locimp@12@RegisterThrowUtm@@V32@V32@@V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@__std_exception_copystd::_
String ID: $failed to format time
API String ID: 3613435534-707504293
Opcode ID: 5872e052457b76f7af2ea9bb7810bf92585d8615843d1f99645e02d90cf4c27c
Instruction ID: f50420ca9a5ba9113ccf94d49483251a97dc495014fbfdc73eef7431fb04a1ac
Opcode Fuzzy Hash: 5872e052457b76f7af2ea9bb7810bf92585d8615843d1f99645e02d90cf4c27c
Instruction Fuzzy Hash: FD91A722B08B9585EB00DF65E8402AD77F0FB45B98F545235FA4E93B68DF78D549D300

Function 00007FF63CC19FF0 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 378COMMON

Download Yara Rule

APIs

__std_exception_destroy.VCRUNTIME140 ref: 00007FF63CC1ADAC
__std_exception_destroy.VCRUNTIME140 ref: 00007FF63CC1ADB9

Strings

only objects can be unflattened, xrefs: 00007FF63CC1B1FA
value, xrefs: 00007FF63CC1ACFA
invalid value to unflatten, xrefs: 00007FF63CC1B1C1
values in object must be primitive, xrefs: 00007FF63CC1B187

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: __std_exception_destroy
String ID: invalid value to unflatten$only objects can be unflattened$value$values in object must be primitive
API String ID: 2453523683-2275083263
Opcode ID: 5bfb4d67e0a611824dd98c5c233383c50d52d4e84830eb195c7c192544ae60e9
Instruction ID: aa8beb26a90d016ecd23865b4c128d8dbc5ac576dcdf5100f7adffa687926bed
Opcode Fuzzy Hash: 5bfb4d67e0a611824dd98c5c233383c50d52d4e84830eb195c7c192544ae60e9
Instruction Fuzzy Hash: 7EF1D273A08A8295EB00DB65D8502ED37B1FB85B88F815132FA4D9779ADF7CE149D700

Function 00007FF63CCF80D0 Relevance: 33.5, APIs: 11, Strings: 8, Instructions: 255COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBF65F0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBF6638

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF82B8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF8309
sentry_options_set_dsn.SENTRY ref: 00007FF63CCF833D
sentry_options_set_environment.SENTRY ref: 00007FF63CCF8351
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CCF83B9
sentry_options_set_release.SENTRY ref: 00007FF63CCF83D4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF840C
sentry_set_tag.SENTRY ref: 00007FF63CCF8461
sentry_init.SENTRY ref: 00007FF63CCF846E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF84AB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF84FA

Strings

sj-pulse-desktop@{}.{}, xrefs: 00007FF63CCF8397
bool __cdecl sj::CrashHandler::Impl::startHandler(void) const, xrefs: 00007FF63CCF810C
Crash report server url: {}, xrefs: 00007FF63CCF8117
production, xrefs: 00007FF63CCF8343
2.4.5, xrefs: 00007FF63CCF8357
component, xrefs: 00007FF63CCF845A
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashHandler.cpp, xrefs: 00007FF63CCF8101
https://, xrefs: 00007FF63CCF8193

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@Vlogger@1@sentry_initsentry_options_set_dsnsentry_options_set_environmentsentry_options_set_releasesentry_set_tag
String ID: 2.4.5$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashHandler.cpp$Crash report server url: {}$bool __cdecl sj::CrashHandler::Impl::startHandler(void) const$component$https://$production$sj-pulse-desktop@{}.{}
API String ID: 1656940413-327567173
Opcode ID: f4d1e718385f3609cd8eadf85b1453691ad4417f352f658fd2118d96c764975d
Instruction ID: 82f05083d44bb11afc078234186c585040bfa58abb0b8fbe3fe6384bbeb75225
Opcode Fuzzy Hash: f4d1e718385f3609cd8eadf85b1453691ad4417f352f658fd2118d96c764975d
Instruction Fuzzy Hash: E2D15F72E18B8589EB00CB64E8403AD73B1FB95798F505321FA9D56BA9DF7CE184D340

Function 00007FF63CCF8650 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 223COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF63CCF8716
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CCF872B
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF63CCF874A
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CCF877E
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF63CCF87B0

Part of subcall function 00007FF63CBE33D0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CBE3413
Part of subcall function 00007FF63CBE33D0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CBE3428
Part of subcall function 00007FF63CBE33D0: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CBE343D
Part of subcall function 00007FF63CBE33D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE3460
Part of subcall function 00007FF63CBE33D0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CBE347F
Part of subcall function 00007FF63CBE33D0: ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE3493
Part of subcall function 00007FF63CBE33D0: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF63CBE34A6
Part of subcall function 00007FF63CBE33D0: ?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CBE34B6
Part of subcall function 00007FF63CBE33D0: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CBE35CE
Part of subcall function 00007FF63CBE33D0: ?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF63CBE35D5
Part of subcall function 00007FF63CBE33D0: ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF63CBE35E1
Part of subcall function 00007FF63CBE33D0: ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE35F3

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF63CCF87DA
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z.MSVCP140 ref: 00007FF63CCF8804
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z.MSVCP140 ref: 00007FF63CCF882B
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CCF8876
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CCF8886
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CCF8894
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CCF88A6
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CCF88CA
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CCF88DA
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CCF88E8
memmove.VCRUNTIME140 ref: 00007FF63CCF8925
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CCF898F
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CCF8999

Strings

ms , xrefs: 00007FF63CCF8834

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??6?$basic_ostream@$?width@ios_base@std@@D@std@@@2@V?$basic_streambuf@$?good@ios_base@std@@?pptr@?$basic_streambuf@?rdbuf@?$basic_ios@V01@V01@_$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@?eback@?$basic_streambuf@?egptr@?$basic_streambuf@?epptr@?$basic_streambuf@?flush@?$basic_ostream@?gptr@?$basic_streambuf@?pbase@?$basic_streambuf@?setstate@?$basic_ios@?tie@?$basic_ios@?uncaught_exceptions@std@@D@std@@@1@_Osfx@?$basic_ostream@V12@V?$basic_ostream@memmovememset
String ID: ms
API String ID: 604577932-2150796188
Opcode ID: ecf142be0f431ff435b797afdcfa980e3b7ade9beb3a7ca0fb04102a1889cd53
Instruction ID: 296d4d8389f27314b3ff6114b2f20c65b35b900ff807e0f3ec6d8f98780b5978
Opcode Fuzzy Hash: ecf142be0f431ff435b797afdcfa980e3b7ade9beb3a7ca0fb04102a1889cd53
Instruction Fuzzy Hash: A1A1C532B18B8685EB10CB15E9402AAB7E0FB89B84F445136FE4D83B68EF7CD549D700

Function 00007FF63CC29140 Relevance: 33.2, APIs: 22, Instructions: 175COMMON

Download Yara Rule

APIs

?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC29175
?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC2918A
?width@ios_base@std@@QEBA_JXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC2919F
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC291C2
?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC291E1
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC291F5
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC29208
?good@ios_base@std@@QEBA_NXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC29218
?flags@ios_base@std@@QEBAHXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC2923E
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC29263
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC29276
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC29282
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC292B0
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC292BF
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC292DF
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC292F2
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC292FE
?width@ios_base@std@@QEAA_J_J@Z.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC29325
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC2934E
?uncaught_exceptions@std@@YAHXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC29355
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC29361
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ.MSVCP140(?,?,?,?,?,0000000100000000,?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC29373

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@_$W@std@@@std@@$W@std@@@2@$?rdbuf@?$basic_ios@_V?$basic_streambuf@_$?width@ios_base@std@@$?fill@?$basic_ios@_?good@ios_base@std@@?sputc@?$basic_streambuf@_$?flags@ios_base@std@@?flush@?$basic_ostream@_?setstate@?$basic_ios@_?sputn@?$basic_streambuf@_?tie@?$basic_ios@_?uncaught_exceptions@std@@Osfx@?$basic_ostream@_V12@V?$basic_ostream@_
String ID:
API String ID: 281413979-0
Opcode ID: e8759c1eb04dc2f0a11a66c07528cfe179e871d1d46fa33d60e9c8dc1c872b7a
Instruction ID: 2f0b41f2b6f0b17a996bc88912a2dd2d449c65bac3abd11ff604c729c387a969
Opcode Fuzzy Hash: e8759c1eb04dc2f0a11a66c07528cfe179e871d1d46fa33d60e9c8dc1c872b7a
Instruction Fuzzy Hash: 00610732B09A4281EE249B15D6A423DB7E1FF89B96F059535EA0EC7750CF3CE459E300

Function 00007FF63CBE33D0 Relevance: 33.2, APIs: 22, Instructions: 175COMMON

Download Yara Rule

APIs

?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CBE3413
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CBE3428
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CBE343D
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE3460
?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CBE347F
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE3493
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF63CBE34A6
?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CBE34B6
?flags@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF63CBE34DC
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE34FF
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF63CBE3512
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF63CBE351E
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE353D
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF63CBE354C
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE3566
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF63CBE3579
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF63CBE3585
?width@ios_base@std@@QEAA_J_J@Z.MSVCP140 ref: 00007FF63CBE35A8
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CBE35CE
?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF63CBE35D5
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF63CBE35E1
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE35F3

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$D@std@@@2@$?rdbuf@?$basic_ios@V?$basic_streambuf@$?width@ios_base@std@@$?fill@?$basic_ios@?good@ios_base@std@@?sputc@?$basic_streambuf@$?flags@ios_base@std@@?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?tie@?$basic_ios@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V12@V?$basic_ostream@
String ID:
API String ID: 3587750849-0
Opcode ID: 86d41b6e66ac56dc3bca40f51ae9683922de4e3717e008307c2ba5f11c721ea3
Instruction ID: b9a63cc0c73dc1433801bc29ec3f417e5b9c1826808ce861545935899f54ad57
Opcode Fuzzy Hash: 86d41b6e66ac56dc3bca40f51ae9683922de4e3717e008307c2ba5f11c721ea3
Instruction Fuzzy Hash: 25613121B08A5182EA14DF29E45423DBBE0FF8AF96B059571EA5F83751CF3CD446E305

Function 00007FF63CC0F950 Relevance: 33.2, APIs: 22, Instructions: 173COMMON

Download Yara Rule

APIs

?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CC0F985
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CC0F99A
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CC0F9AF
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0F9D2
?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CC0F9F1
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0FA05
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF63CC0FA18
?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CC0FA28
?flags@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF63CC0FA4E
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0FA6F
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF63CC0FA82
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF63CC0FA8E
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0FAB3
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF63CC0FAC2
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0FADF
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF63CC0FAF2
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF63CC0FAFE
?width@ios_base@std@@QEAA_J_J@Z.MSVCP140 ref: 00007FF63CC0FB21
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CC0FB47
?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF63CC0FB4E
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF63CC0FB5A
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0FB6B

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$D@std@@@2@$?rdbuf@?$basic_ios@V?$basic_streambuf@$?width@ios_base@std@@$?fill@?$basic_ios@?good@ios_base@std@@?sputc@?$basic_streambuf@$?flags@ios_base@std@@?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?tie@?$basic_ios@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V12@V?$basic_ostream@
String ID:
API String ID: 3587750849-0
Opcode ID: 99836083b792d2877106b2611fb5480b2604ff405cf96738ff6342d57824f285
Instruction ID: 7a98424eecf28922f68af9db53d1c087f78864b40a44c1bedb5d4bce5c429e44
Opcode Fuzzy Hash: 99836083b792d2877106b2611fb5480b2604ff405cf96738ff6342d57824f285
Instruction Fuzzy Hash: 0D611B72B09A5181EA14DB19DA9423DABE0EF89FD6F058532EA1E83760CF3CD095E740

Function 00007FF63CC34030 Relevance: 31.8, APIs: 10, Strings: 8, Instructions: 325COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140 ref: 00007FF63CC34089
memmove.VCRUNTIME140 ref: 00007FF63CC340D6
memmove.VCRUNTIME140 ref: 00007FF63CC34135
memmove.VCRUNTIME140 ref: 00007FF63CC3417D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC34403
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC34444
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC34495
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC344E4
memmove.VCRUNTIME140 ref: 00007FF63CC3452C
memmove.VCRUNTIME140 ref: 00007FF63CC34583

Strings

trace, xrefs: 00007FF63CC3407F, 00007FF63CC34094, 00007FF63CC3412B, 00007FF63CC34140, 00007FF63CC34579, 00007FF63CC3458E
error, xrefs: 00007FF63CC34522, 00007FF63CC34537
%^[%L][%t] %v%$, xrefs: 00007FF63CC340CC, 00007FF63CC340E1
.log, xrefs: 00007FF63CC3437E
logs, xrefs: 00007FF63CC341DA
?, xrefs: 00007FF63CC3428E
[%Y-%m-%d %H:%M:%S.%e][%L][%t] %v, xrefs: 00007FF63CC34173, 00007FF63CC34188
SJPulse, xrefs: 00007FF63CC34201

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn
String ID: %^[%L][%t] %v%$$.log$?$SJPulse$[%Y-%m-%d %H:%M:%S.%e][%L][%t] %v$error$logs$trace
API String ID: 2580228974-1472015732
Opcode ID: 54fb716212b9cc615a6e18b4eb35a4668766322d5b71a6ade54b0a1f9a3cecc1
Instruction ID: 5d2bafbdfdfbcc28cfd71e42c66153d42189492c8b1e1368f4a5f13be52cee9d
Opcode Fuzzy Hash: 54fb716212b9cc615a6e18b4eb35a4668766322d5b71a6ade54b0a1f9a3cecc1
Instruction Fuzzy Hash: 23F1BF32B18A8696EB00DB28E8403ED67B0FB46744F505231FA5D87BAADF7DD544E740

Function 00007FF63CC0EEF0 Relevance: 31.7, APIs: 21, Instructions: 168COMMON

Download Yara Rule

APIs

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0EF25
?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CC0EF44
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0EF58
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF63CC0EF6B
?good@ios_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CC0EF7B
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CC0EF9B
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF63CC0EFB6
?flags@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF63CC0EFCA
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0EFF7
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF63CC0F00A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF63CC0F016
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0F03C
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF63CC0F049
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0F073
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF63CC0F086
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF63CC0F092
?width@ios_base@std@@QEAA_J_J@Z.MSVCP140 ref: 00007FF63CC0F0CA
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CC0F0DF
?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF63CC0F0E6
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF63CC0F0F2
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CC0F103

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$D@std@@@2@$?rdbuf@?$basic_ios@V?$basic_streambuf@$?sputc@?$basic_streambuf@?width@ios_base@std@@$?fill@?$basic_ios@?good@ios_base@std@@$?flags@ios_base@std@@?flush@?$basic_ostream@?setstate@?$basic_ios@?tie@?$basic_ios@?uncaught_exceptions@std@@Osfx@?$basic_ostream@V12@V?$basic_ostream@
String ID:
API String ID: 2785897995-0
Opcode ID: 35a10d01a611c5bd5d0ee717ef8ed966192d9ce4e80a1c431bd113a925cddf11
Instruction ID: 7ba542535aca7fe3714c19b9b3bce0f74fac1bd78054aac6224afcef836322ac
Opcode Fuzzy Hash: 35a10d01a611c5bd5d0ee717ef8ed966192d9ce4e80a1c431bd113a925cddf11
Instruction Fuzzy Hash: A1611D72B08A5182EB249F19E59423CABE0FF89F86B058935EA4EC3750CF3DD446E244

Function 00007FF63CBF3060 Relevance: 30.2, APIs: 13, Strings: 4, Instructions: 429COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBEF471), ref: 00007FF63CBF30B3
memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBEF471), ref: 00007FF63CBF30F9
memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBEF471), ref: 00007FF63CBF310B
memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBEF471), ref: 00007FF63CBF318F
memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBEF471), ref: 00007FF63CBF31A2
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBEF471), ref: 00007FF63CBF31B8
memmove.VCRUNTIME140 ref: 00007FF63CBF326B
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CBF3339
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF3380
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CBF33F4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF343C
memset.VCRUNTIME140 ref: 00007FF63CBF351D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF375E

Strings

{}/version-info-{}.json, xrefs: 00007FF63CBF3315
{}/desktop-feature-flags.json, xrefs: 00007FF63CBF33D0
https://pulse.surveyjunkie.com/downloads, xrefs: 00007FF63CBF3261, 00007FF63CBF3276
SJPulse/config, xrefs: 00007FF63CBF3448

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn$?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@$memcpymemset
String ID: SJPulse/config$https://pulse.surveyjunkie.com/downloads${}/desktop-feature-flags.json${}/version-info-{}.json
API String ID: 3751110976-4015184254
Opcode ID: d4ed5b9d11b68af019ad09edaefeced41fc323d879569b749dd64fd2fdbe8ceb
Instruction ID: db3474f5b61f76cf1416ee7a188008ddce753a98e5c9536e42120b60263584c5
Opcode Fuzzy Hash: d4ed5b9d11b68af019ad09edaefeced41fc323d879569b749dd64fd2fdbe8ceb
Instruction Fuzzy Hash: 8A12A362A18B9586DB20DB24E4403ED73A4FB49798F504236FB8E87B95DF7CE285D700

Function 00007FF63CC02200 Relevance: 30.1, APIs: 5, Strings: 12, Instructions: 355COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBFC300: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBFC3AC

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp,?,bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const,00000000,00000000,?,?), ref: 00007FF63CC022E9

Part of subcall function 00007FF63CBF6840: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBF6888

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC023AA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC024A8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC025E8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC0277C

Strings

E, xrefs: 00007FF63CC0243B
<-- , xrefs: 00007FF63CC02245
bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const, xrefs: 00007FF63CC0220A
-, xrefs: 00007FF63CC02703
Available version: {}., xrefs: 00007FF63CC02338
--> , xrefs: 00007FF63CC02261
bool __cdecl sj::Updater::Impl::checkForUpdate(const class sj::Component &,const struct sj::UpdaterManifest::Attributes &) const, xrefs: 00007FF63CC0232D
Unable to locate executable: '{}'. Installation: '{}'. Installed files:'{}'., xrefs: 00007FF63CC0241E
checkForUpdate, xrefs: 00007FF63CC02289
Installed version: {}., xrefs: 00007FF63CC02576
File '{}' doesn't exists, ec: {}, message: {}, xrefs: 00007FF63CC026F7
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF63CC0220E, 00007FF63CC02322

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@Vlogger@1@$memcpy
String ID: -$--> $<-- $Available version: {}.$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$E$File '{}' doesn't exists, ec: {}, message: {}$Installed version: {}.$Unable to locate executable: '{}'. Installation: '{}'. Installed files:'{}'.$bool __cdecl sj::Updater::Impl::checkForUpdate(const class sj::Component &,const struct sj::UpdaterManifest::Attributes &) const$bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const$checkForUpdate
API String ID: 4161231769-3821903921
Opcode ID: 5cbd524953b1875fc5b1552a01c578c90f76502cf4f6922e8b1b18ce60f6860f
Instruction ID: 7edab858d878761419d1d3d05b204df4e2cdfd0798cb0db3a974bee3b02b1909
Opcode Fuzzy Hash: 5cbd524953b1875fc5b1552a01c578c90f76502cf4f6922e8b1b18ce60f6860f
Instruction Fuzzy Hash: A1F1A0B2A18B9686EB10CF64E4402AD73B1FB84798F404236FA9D57B99DF3CE584D740

Function 00007FF63CC09930 Relevance: 30.0, APIs: 10, Strings: 7, Instructions: 205synchronizationCOMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32 ref: 00007FF63CC0996A
GetLastError.KERNEL32 ref: 00007FF63CC0998A
CreateEventW.KERNEL32 ref: 00007FF63CC09A2E
GetLastError.KERNEL32 ref: 00007FF63CC09A46
_beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC09B01
GetLastError.KERNEL32 ref: 00007FF63CC09B14
CloseHandle.KERNEL32 ref: 00007FF63CC09B32
CloseHandle.KERNEL32 ref: 00007FF63CC09B41
WaitForSingleObject.KERNEL32 ref: 00007FF63CC09BC9
CloseHandle.KERNEL32 ref: 00007FF63CC09BD2

Strings

thread.exit_event, xrefs: 00007FF63CC09C2A
start_thread, xrefs: 00007FF63CC099EC, 00007FF63CC09AAA, 00007FF63CC09B8E
thread.entry_event, xrefs: 00007FF63CC09C15
thread, xrefs: 00007FF63CC09C00
f, xrefs: 00007FF63CC09BA0
C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/detail/impl/win_thread.ipp, xrefs: 00007FF63CC099D6, 00007FF63CC09A94, 00007FF63CC09B78
L, xrefs: 00007FF63CC099FE

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CloseErrorHandleLast$CreateEvent$ObjectSingleWait_beginthreadex
String ID: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/detail/impl/win_thread.ipp$L$f$start_thread$thread$thread.entry_event$thread.exit_event
API String ID: 1716156957-1523787917
Opcode ID: caf1dd84139e5b5f6fdfdb18573c4bd88b1b281908d4ac21310e3bf83bf38af1
Instruction ID: 2230f8d41fed3bfc7baab5e9f8bf9574122566440ba5f64523973a6711967771
Opcode Fuzzy Hash: caf1dd84139e5b5f6fdfdb18573c4bd88b1b281908d4ac21310e3bf83bf38af1
Instruction Fuzzy Hash: B28129B6F08B1296EB10DBA1A8502AE73F5FB48798F50423AEE4D97B54DF78D449D300

Function 00007FF63CBFA070 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 308COMMON

Download Yara Rule

APIs

__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA2A8
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA2D7
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA2FB
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA32A
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA34E
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA37D
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA39E
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA3CB
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA3EC
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA419
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA43A
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA467

Strings

invalid format, xrefs: 00007FF63CBFA0CC

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow__std_exception_copy
String ID: invalid format
API String ID: 1552479455-2457281804
Opcode ID: 1ed3a25da62c24963a70387f67729c91579b3bc1412c13f3acd93afde6216ae9
Instruction ID: 621dfdedfea9d8d0d9962630ef6b2d4657091209d914cb7f2595e5909b5978fb
Opcode Fuzzy Hash: 1ed3a25da62c24963a70387f67729c91579b3bc1412c13f3acd93afde6216ae9
Instruction Fuzzy Hash: 23D18E336087828AD7128F74D8501ED7BF0F782758F954222F68D8265AEF7CD686D711

Function 00007FF63CC0BF10 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 363COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF63CC4D4C5,?,?,?,?,?,?), ref: 00007FF63CC0C016
memcpy.VCRUNTIME140(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF63CC4D4C5,?,?,?,?,?,?), ref: 00007FF63CC0C02B
memcpy.VCRUNTIME140(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF63CC4D4C5,?,?,?,?,?,?), ref: 00007FF63CC0C03B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF63CC4D4C5,?,?,?,?,?,?), ref: 00007FF63CC0C06F
memcpy.VCRUNTIME140(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF63CC4D4C5,?,?,?,?,?,?), ref: 00007FF63CC0C079
memcpy.VCRUNTIME140(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF63CC4D4C5,?,?,?,?,?,?), ref: 00007FF63CC0C089
memcpy.VCRUNTIME140(?,?,?,?,00000000,No file at: ,?,0000000100000000,00007FF63CC4D4C5,?,?,?,?,?,?), ref: 00007FF63CC0C099
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC0C0CB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,No file at: ,?,0000000100000000), ref: 00007FF63CC0C161
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC0C1F5

Strings

sj-restarter.exe, xrefs: 00007FF63CC0C243
../sj-restarter/sj-restarter.exe, xrefs: 00007FF63CC0C359
No file at: , xrefs: 00007FF63CC0BF15
, xrefs: 00007FF63CC0C365

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: $../sj-restarter/sj-restarter.exe$No file at: $sj-restarter.exe
API String ID: 1775671525-437993709
Opcode ID: 7dbbf149357202865e718c6c9adb1ae73d256902cc9beaa6f5251a831621d738
Instruction ID: d465c19f0476e0986bc86cee32e588f0bdb53e307a525fddd1e8b072e11f2d78
Opcode Fuzzy Hash: 7dbbf149357202865e718c6c9adb1ae73d256902cc9beaa6f5251a831621d738
Instruction Fuzzy Hash: 45D1CF72B18A5286EB10DF25E4402AD73B0FB44B84F545235FA5E87B9ADF3CE945E700

Function 00007FF63CBFA1BF Relevance: 24.3, APIs: 16, Instructions: 265COMMON

Download Yara Rule

APIs

__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA209
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA236
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA257
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA284
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA2A8
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA2D7
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA2FB
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA32A
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA34E
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA37D
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA39E
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA43A
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA467

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: __std_exception_copy$ExceptionThrow
String ID:
API String ID: 391329204-0
Opcode ID: 37d4b645b299dcea29c621e6c49a24da9f3452e5f79a15079197bfef2cf3d48e
Instruction ID: d8005f5b22c7e9360890e654d17d10bdee0d5ea9773ed931462609886a93f82a
Opcode Fuzzy Hash: 37d4b645b299dcea29c621e6c49a24da9f3452e5f79a15079197bfef2cf3d48e
Instruction Fuzzy Hash: 51B15C336087828BDB128F74D8501ED7BB0F79175CF944226F6898269AEF7CD686CB11

Function 00007FF63CC52EA0 Relevance: 24.2, APIs: 16, Instructions: 165COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF63CC52EE9
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CC52F02
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF63CC52F21
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CC52F55
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF63CC52F7C
?exceptions@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF63CC52FB5
?exceptions@ios_base@std@@QEAAXH@Z.MSVCP140 ref: 00007FF63CC52FC3
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CC53013
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CC53023
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC5308A
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z.MSVCP140 ref: 00007FF63CC530A0
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ.MSVCP140 ref: 00007FF63CC530B0
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC5310F
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC53147
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC53155

Part of subcall function 00007FF63CC4DCC0: ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC4DCDD
Part of subcall function 00007FF63CC4DCC0: ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140 ref: 00007FF63CC4DD00

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF63CC53174

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??1?$basic_ostream@$??1?$basic_ios@?exceptions@ios_base@std@@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@?clear@?$basic_ios@?eback@?$basic_streambuf@?setg@?$basic_streambuf@?setstate@?$basic_ios@?tellp@?$basic_ostream@?write@?$basic_ostream@D00@D@std@@@1@_Init@?$basic_streambuf@Mbstatet@@@2@V12@V?$basic_streambuf@V?$fpos@memset
String ID:
API String ID: 2731233990-0
Opcode ID: 906e880efb86aacd9cb6fc6286c740b54320bc5c910a44c62e9a8cc359850d6d
Instruction ID: bb2ad3bd30220f27415dab84560553072f25977e9f0e08bfd6846fca0f55a2e1
Opcode Fuzzy Hash: 906e880efb86aacd9cb6fc6286c740b54320bc5c910a44c62e9a8cc359850d6d
Instruction Fuzzy Hash: 4A813132708B8586DB20DF15E8506AAB7B0FBC4B54F458636EA8D83B64DF7CD549DB00

Function 00007FF63CC98D90 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 193COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CCA2660: __std_exception_copy.VCRUNTIME140(?,?,?,00007FF63CC98DA4), ref: 00007FF63CCA2696

_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC98DB0
std::bad_exception::bad_exception.LIBCMT ref: 00007FF63CC98DFE

Part of subcall function 00007FF63CC98D90: _CxxThrowException.VCRUNTIME140 ref: 00007FF63CC98E2D
Part of subcall function 00007FF63CC98D90: _CxxThrowException.VCRUNTIME140 ref: 00007FF63CC98E5D
Part of subcall function 00007FF63CC98D90: EnterCriticalSection.KERNEL32 ref: 00007FF63CC98EA6
Part of subcall function 00007FF63CC98D90: __std_type_info_compare.VCRUNTIME140 ref: 00007FF63CC98EF1
Part of subcall function 00007FF63CC98D90: LeaveCriticalSection.KERNEL32 ref: 00007FF63CC98F0A

Part of subcall function 00007FF63CC9B710: EnterCriticalSection.KERNEL32 ref: 00007FF63CC9B787
Part of subcall function 00007FF63CC9B710: LeaveCriticalSection.KERNEL32 ref: 00007FF63CC9B7A3

EnterCriticalSection.KERNEL32 ref: 00007FF63CC98F63
__std_type_info_compare.VCRUNTIME140 ref: 00007FF63CC98F9B
LeaveCriticalSection.KERNEL32 ref: 00007FF63CC98FBC
LeaveCriticalSection.KERNEL32 ref: 00007FF63CC98FED

Strings

throw_exception, xrefs: 00007FF63CC98DD5
C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/static_string/static_string.hpp, xrefs: 00007FF63CC98DE2

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$Leave$EnterExceptionThrow$__std_type_info_compare$__std_exception_copystd::bad_exception::bad_exception
String ID: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/static_string/static_string.hpp$throw_exception
API String ID: 1962774896-1744561374
Opcode ID: 629f7ac8e86476d43ab14fac3e56f7f32c35bc3d0863dd2c84e2bc1f5781f6ce
Instruction ID: c0fe0dcd1b2158f21af9ae8c94507756a0c73696994c80e598297cbe36644967
Opcode Fuzzy Hash: 629f7ac8e86476d43ab14fac3e56f7f32c35bc3d0863dd2c84e2bc1f5781f6ce
Instruction Fuzzy Hash: FF518126B19A8282EE50DB21D4502B963B1FF98B88F085235FE4E97B56EF3CE545D300

Function 00007FF63CBECDB0 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 135stringCOMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBECE35
strtoull.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF63CBECE4C
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBECE63
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBECEEE
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBECF31
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBECF79
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBECFC1

Strings

exceeds size_type, xrefs: 00007FF63CBECEB1
' must not begin with '0', xrefs: 00007FF63CBECF37
array index , xrefs: 00007FF63CBECEBB
array index ', xrefs: 00007FF63CBECF41, 00007FF63CBECF89
' is not a number, xrefs: 00007FF63CBECF7F
unresolved reference token ', xrefs: 00007FF63CBECEFE

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow$_errno$strtoull
String ID: exceeds size_type$' is not a number$' must not begin with '0'$array index $array index '$unresolved reference token '
API String ID: 1530075028-3403031426
Opcode ID: 6d07d707648b9c003e4a4e17ff4e9c1e032ffb15936c3189bf8b0562162d952f
Instruction ID: 81467b56998abbbe4cceb3afe8aadf3010d61f9d07a983a19ed7ab59351f2752
Opcode Fuzzy Hash: 6d07d707648b9c003e4a4e17ff4e9c1e032ffb15936c3189bf8b0562162d952f
Instruction Fuzzy Hash: 81519132B1869691EB10EF24F4512B973A0FB86B84F801632FA4E83B95DF7CE905D741

Function 00007FF63CD44490 Relevance: 19.7, APIs: 13, Instructions: 154COMMON

Download Yara Rule

APIs

__std_fs_open_handle.LIBCPMT ref: 00007FF63CD444D0

Part of subcall function 00007FF63CD44438: CreateFileW.KERNEL32 ref: 00007FF63CD4446B
Part of subcall function 00007FF63CD44438: GetLastError.KERNEL32 ref: 00007FF63CD4447A

SetFileInformationByHandle.KERNEL32 ref: 00007FF63CD444FA
__std_fs_open_handle.LIBCPMT ref: 00007FF63CD44532
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CC5279C), ref: 00007FF63CD4454C
GetLastError.KERNEL32 ref: 00007FF63CD44580
GetFileInformationByHandleEx.KERNEL32 ref: 00007FF63CD445CC
GetLastError.KERNEL32 ref: 00007FF63CD445DA
CloseHandle.KERNEL32 ref: 00007FF63CD445F0
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CD445FE
SetFileInformationByHandle.KERNEL32 ref: 00007FF63CD4461E
SetFileInformationByHandle.KERNEL32 ref: 00007FF63CD44652
GetLastError.KERNEL32 ref: 00007FF63CD44674
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CC5279C), ref: 00007FF63CD446AC

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Handle$File$ErrorInformationLast$Close__std_fs_open_handleabort$Create
String ID:
API String ID: 503677281-0
Opcode ID: 3139647964f723243ce3bc6f56f3665362c2935df82bc9e5015c43630d6dfa0e
Instruction ID: 956aecb67590574d9b3801349ba7202fd310ac180783db8568ac4a66da2af50a
Opcode Fuzzy Hash: 3139647964f723243ce3bc6f56f3665362c2935df82bc9e5015c43630d6dfa0e
Instruction Fuzzy Hash: 4E518271F0864289FB208BB598141BD3BE0AF557A8F540335FE1AD7B98DF68E485D740

Function 00007FF63CBFB630 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF63CBFB664
??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF63CBFB67D
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF63CBFB6AF
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF63CBFB6D7
std::_Facet_Register.LIBCPMT ref: 00007FF63CBFB6F2
??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF63CBFB717
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z.MSVCP140 ref: 00007FF63CBFB75C
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFB7AD
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFB7DD
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBFB7E3

Strings

failed to format time, xrefs: 00007FF63CBFB796

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Lockit@std@@Mbstatet@@@std@@$??0_??1_?in@?$codecvt@_Bid@locale@std@@Concurrency::cancel_current_taskExceptionFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterThrowV42@@Vfacet@locale@2@__std_exception_copystd::_
String ID: failed to format time
API String ID: 1980819556-3478406193
Opcode ID: bfbfe1a0afb0499c7d4dd29e152e8b2937da9331d58634ac04d6b4df2b2b24ba
Instruction ID: 300c1cfba7ea89139215c38eb7046806c5680720b79acbfd577c134a23caebd5
Opcode Fuzzy Hash: bfbfe1a0afb0499c7d4dd29e152e8b2937da9331d58634ac04d6b4df2b2b24ba
Instruction Fuzzy Hash: 74514A26B08A51A9EB10DF61E8543EC33B0EB58B88F445236FE0D977A9EF38D159D340

Function 00007FF63CC4DA00 Relevance: 18.1, APIs: 12, Instructions: 134COMMON

Download Yara Rule

APIs

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CC4DA53
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF63CC4DA72
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CC4DAA4
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF63CC4DABF
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z.MSVCP140 ref: 00007FF63CC4DAE6
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF63CC4DB02
_get_stream_buffer_pointers.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63CC4DB29
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z.MSVCP140 ref: 00007FF63CC4DB50
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF63CC4DB74
?always_noconv@codecvt_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CC4DB89
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF63CC4DBA0
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CC4DBE1

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$Init@?$basic_streambuf@$??0?$basic_ios@??0?$basic_istream@??0?$basic_streambuf@?always_noconv@codecvt_base@std@@?getloc@?$basic_streambuf@?setstate@?$basic_ios@D@std@@@1@_Fiopen@std@@H001@U_iobuf@@V?$basic_streambuf@Vlocale@2@_get_stream_buffer_pointers
String ID:
API String ID: 2219270862-0
Opcode ID: 26b8ca6df97794c3762c11ea2bd4cb59bd5ef9fe2a3e99b2d6513c1e835a8554
Instruction ID: 3774524cad3671fcd8f5ced93cc909a2b4488b221ecdbd3adf33470ab189e068
Opcode Fuzzy Hash: 26b8ca6df97794c3762c11ea2bd4cb59bd5ef9fe2a3e99b2d6513c1e835a8554
Instruction Fuzzy Hash: B8515932B09B8682EB01DF25E55036A77E0FB89B85F408535EA8D83B64DF3CE069D740

Function 00007FF63CC3FCD0 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMON

Download Yara Rule

APIs

_Xtime_get_ticks.MSVCP140(?,?,?,?,?,?,?,?,?,?,00000010,?,000000A8,00000000,?,00007FF63CBEA0B7), ref: 00007FF63CC3FDD3
_Xtime_get_ticks.MSVCP140(?,?,?,?,?,?,?,?,?,?,00000010,?,000000A8,00000000,?,00007FF63CBEA0B7), ref: 00007FF63CC3FDDB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000010,?,000000A8,00000000,?,00007FF63CBEA0B7), ref: 00007FF63CC3FF55
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC3FFC5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC4002F
_localtime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF63CC4003F
asctime.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF63CC4004D
memmove.VCRUNTIME140 ref: 00007FF63CC40091
memchr.VCRUNTIME140 ref: 00007FF63CC400D4

Strings

last_write_time, xrefs: 00007FF63CC40141

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Xtime_get_ticks$_localtime64asctimememchrmemmove
String ID: last_write_time
API String ID: 1522903263-3138894124
Opcode ID: 3652966d2b94d33beab6572ee22c4e2890047403c5f09a200e79e3bdcb38cbe2
Instruction ID: 5ad823a9df837830d29f7db384f47379b6c36eed8e4ab69c8ae2bea6bdf25d81
Opcode Fuzzy Hash: 3652966d2b94d33beab6572ee22c4e2890047403c5f09a200e79e3bdcb38cbe2
Instruction Fuzzy Hash: 24D1BC72F1464281EA109B65E8003BD23F1FB05B98F548635EE6D86BD6EF7DE482E300

Function 00007FF63CC25530 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 233COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC049E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC04ACD
Part of subcall function 00007FF63CC049E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC04B25

?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CC255DC
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC25727
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2572E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2582F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC25870

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h, xrefs: 00007FF63CC2560A
created, xrefs: 00007FF63CC2579D
destroyed, xrefs: 00007FF63CC25774
{}{}, xrefs: 00007FF63CC25635
__cdecl sj::ScopedLogger<2>::ScopedLogger(const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struc, xrefs: 00007FF63CC2562A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@Vlogger@1@
String ID: created$ destroyed$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h$__cdecl sj::ScopedLogger<2>::ScopedLogger(const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struc${}{}
API String ID: 1965997411-467006353
Opcode ID: 24f54d5c7ecbbf42aec03c149b52548008d0132ef9376027c60540c5d373dcde
Instruction ID: d13be52a73b420c42ee676672c07cc6c6b80c59e8de6167591196e502b9dbaae
Opcode Fuzzy Hash: 24f54d5c7ecbbf42aec03c149b52548008d0132ef9376027c60540c5d373dcde
Instruction Fuzzy Hash: 29A1AD72A08B8196EB10DB64E4503AE73B1FB55B84F006235FB8D56B9AEF78E1D4D300

Function 00007FF63CBFE760 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139COMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE79F
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE7CC
CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE851
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE860
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE86B

Strings

event, xrefs: 00007FF63CBFE90C, 00007FF63CBFE923
win_event, xrefs: 00007FF63CBFE7C0
., xrefs: 00007FF63CBFE821
C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/detail/impl/win_event.ipp, xrefs: 00007FF63CBFE7B9
<, xrefs: 00007FF63CBFE8BE

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CreateErrorEventLast$CloseHandle
String ID: .$<$C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/detail/impl/win_event.ipp$event$win_event
API String ID: 781342481-683092726
Opcode ID: 88bfd23d812b0dc710e713a61489a50072035aea9213597882c3c86b08321031
Instruction ID: e060c556e18e9543b5ba07dc9f298833ccb1225ecc4d634c2316d6d2579b27d8
Opcode Fuzzy Hash: 88bfd23d812b0dc710e713a61489a50072035aea9213597882c3c86b08321031
Instruction Fuzzy Hash: AC51BE32B18B8686EB609F11E84026A73E4FB84754F100235FA9E83B94CF7CD446DB01

Function 00007FF63CC56310 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 237COMMON

Download Yara Rule

APIs

?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CC56460
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC564A7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC564FD
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CC5663B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC56682
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC5670C

Strings

#, xrefs: 00007FF63CC56623
Unable to read file '{}': {}, xrefs: 00007FF63CC5643C
Failed to parse file '{}', desc: {}, xrefs: 00007FF63CC56617

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@
String ID: #$Failed to parse file '{}', desc: {}$Unable to read file '{}': {}
API String ID: 2762475784-1842396143
Opcode ID: 5842dfcec9742fdd6a1f02b111a3477cb56ddff484136fa9e0437d59496efc7f
Instruction ID: 5606cd3b925d02a45a9f10749b345db6cd38004d1f1ce523426f579ac5987a55
Opcode Fuzzy Hash: 5842dfcec9742fdd6a1f02b111a3477cb56ddff484136fa9e0437d59496efc7f
Instruction Fuzzy Hash: B7B16672A18BC581EA608B55F4403ADA3B1FB897A4F505331FADD42BA9DF7CD584E700

Function 00007FF63CBF3850 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 236COMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140 ref: 00007FF63CBF38EE
memchr.VCRUNTIME140 ref: 00007FF63CBF398B
memchr.VCRUNTIME140 ref: 00007FF63CBF39F8
memchr.VCRUNTIME140 ref: 00007FF63CBF3AB7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF3ADE
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBF3B54
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBF3B93

Strings

escape character '~' must be followed with '0' or '1', xrefs: 00007FF63CBF3B5A
JSON pointer must be empty or begin with '/' - was: ', xrefs: 00007FF63CBF3B1F

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memchr$ExceptionThrow$_invalid_parameter_noinfo_noreturn
String ID: JSON pointer must be empty or begin with '/' - was: '$escape character '~' must be followed with '0' or '1'
API String ID: 535824585-3042630592
Opcode ID: 6c4c3c7adf04459d8d76c3136931c0c28aa64cbde34a54dd61a599d6d6b36dea
Instruction ID: 099f94382ae4f45b0e27111b747d80ea232cef7a5d8c7a0326d47a69b087d03a
Opcode Fuzzy Hash: 6c4c3c7adf04459d8d76c3136931c0c28aa64cbde34a54dd61a599d6d6b36dea
Instruction Fuzzy Hash: 8191D062F08A9699EB10DB65D4002BD63E0EB05BA4F444632FE2E977C5EF3CE545E300

Function 00007FF63CBF8370 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 167COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBF83BB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBF83CF
memset.VCRUNTIME140 ref: 00007FF63CBF83F6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBF84FC
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBF8601
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBF861A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF866E

Strings

bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const, xrefs: 00007FF63CBF8376
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF63CBF837A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const
API String ID: 3906636330-4290690388
Opcode ID: cc0e8f2a7b399039082bb127cdca5a37c5d626e2fd1400119cc8cc97f8a7567b
Instruction ID: 69392d7ef9b6eceecd293130e96cb5191ac10be1b8c844fb2344426c6db57db7
Opcode Fuzzy Hash: cc0e8f2a7b399039082bb127cdca5a37c5d626e2fd1400119cc8cc97f8a7567b
Instruction Fuzzy Hash: 62812836608BC582DB618B15F4843AAB3A4FB89794F404226EBCD43B68EF7DD595DB00

Function 00007FF63CCF74D0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE7240: __std_fs_code_page.MSVCPRT ref: 00007FF63CBE7263
Part of subcall function 00007FF63CBE7240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CBE72B1
Part of subcall function 00007FF63CBE7240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CBE72E9

Part of subcall function 00007FF63CC428F0: memset.VCRUNTIME140 ref: 00007FF63CC42930
Part of subcall function 00007FF63CC428F0: GetModuleFileNameW.KERNEL32 ref: 00007FF63CC42942

Part of subcall function 00007FF63CBE5C70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE5CCB

__std_fs_code_page.MSVCPRT ref: 00007FF63CCF7601
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CCF764D
__std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF63CCF768B
sentry_options_set_handler_path.SENTRY ref: 00007FF63CCF76B0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF76E8

Part of subcall function 00007FF63CBF6540: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBF6588

Part of subcall function 00007FF63CBE93F0: _CxxThrowException.VCRUNTIME140 ref: 00007FF63CBE9423

Part of subcall function 00007FF63CBE93B0: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF63CBE93E3

Strings

bool __cdecl sj::CrashHandler::Impl::initHandlerPath(void), xrefs: 00007FF63CCF75A4
crashpad_handler.exe, xrefs: 00007FF63CCF74FA
crashpad_handler executable not found at path {}, xrefs: 00007FF63CCF75AF
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashHandler.cpp, xrefs: 00007FF63CCF7599

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow__std_fs_code_page__std_fs_convert_narrow_to_wide__std_fs_convert_wide_to_narrow_invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@FileModuleNameVlogger@1@memsetsentry_options_set_handler_path
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashHandler.cpp$bool __cdecl sj::CrashHandler::Impl::initHandlerPath(void)$crashpad_handler executable not found at path {}$crashpad_handler.exe
API String ID: 2297559408-2725342653
Opcode ID: 4ac8c9642c532bc9bcaa9bb5619c61d2b7cc63dede49773e473bbcbd7de4fe47
Instruction ID: 25f853b92e8eaa147c8ff14239a415f60b9cb05ab2b5678567d141e92398592b
Opcode Fuzzy Hash: 4ac8c9642c532bc9bcaa9bb5619c61d2b7cc63dede49773e473bbcbd7de4fe47
Instruction Fuzzy Hash: 5F616B32B14A459AFB10DF74E4553ED23F1AB45788F401232EA0D96B9AEF38D545D380

Function 00007FF63CBE80B0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBE80FB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBE810F
memset.VCRUNTIME140 ref: 00007FF63CBE8136
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBE821D
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBE8322
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBE833B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE838F

Strings

initialCheckDelay, xrefs: 00007FF63CBE80B3
<, xrefs: 00007FF63CBE819F

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: <$initialCheckDelay
API String ID: 3906636330-2457864576
Opcode ID: e8f2cd1f34f893a1bd19302fb1ea429a1f2908c6eef12f8b7a6f3ad480f1382b
Instruction ID: fd006f75346941255655d2c1874bc9ad0033adae6fc9d4c7d8bec3d1a744f91e
Opcode Fuzzy Hash: e8f2cd1f34f893a1bd19302fb1ea429a1f2908c6eef12f8b7a6f3ad480f1382b
Instruction Fuzzy Hash: 1E812732608FC582DB618B19F4443AAB3A4FB89794F405222EBCD43B69EF78D595DB40

Function 00007FF63CBF7D30 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 158COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBF7D7B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBF7D8F
memset.VCRUNTIME140 ref: 00007FF63CBF7DB6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBF7E92
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBF7FA7
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBF7FC0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF8014

Strings

bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const, xrefs: 00007FF63CBF7D36
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF63CBF7D3A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$bool __cdecl sj::Updater::Impl::updateComponent(const class sj::Component &) const
API String ID: 3906636330-4290690388
Opcode ID: 559aa2695a4f495cb18d4a9e2d29d9abf39c3bed67e6de4ea7b8c1f20ea301fc
Instruction ID: d878bf93e4e15a20e2e323d996b349c2412a0c37942fbef49f347fce16d7f46a
Opcode Fuzzy Hash: 559aa2695a4f495cb18d4a9e2d29d9abf39c3bed67e6de4ea7b8c1f20ea301fc
Instruction Fuzzy Hash: 23812A32609BC585DB618F19F4843EAB3A4FB89794F404222EACD53B69EF7CD195DB00

Function 00007FF63CBF6CB0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 155COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBF6CFB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBF6D0F
memset.VCRUNTIME140 ref: 00007FF63CBF6D36
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBF6E0B
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBF6F17
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBF6F30
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF6F84

Strings

Skip: {}, xrefs: 00007FF63CBF6CB6
class nlohmann::json_abi_v3_11_2::basic_json<class std::map,class std::vector,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,bool,__int64,unsigned __int64,double,class std::allocator,struct nlohmann::json_abi_v3_11_2::a, xrefs: 00007FF63CBF6CBA

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: Skip: {}$class nlohmann::json_abi_v3_11_2::basic_json<class std::map,class std::vector,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,bool,__int64,unsigned __int64,double,class std::allocator,struct nlohmann::json_abi_v3_11_2::a
API String ID: 3906636330-3879659612
Opcode ID: e677bd11590f1e5904471a6ce7d6954ef26394f098cdcce1f7a066ade6fad61e
Instruction ID: 521511b4b3ce4f8a2285b88d85e6675d36222d93aca9ae448be7d41505709b59
Opcode Fuzzy Hash: e677bd11590f1e5904471a6ce7d6954ef26394f098cdcce1f7a066ade6fad61e
Instruction Fuzzy Hash: 07713C32609BD585DB718B15F8843EAB3A4FB89754F404222EACD43B68EF3CD195DB00

Function 00007FF63CC0AD00 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBFC300: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBFC3AC

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC0ADF0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC0AF20

Strings

*, xrefs: 00007FF63CC0AEAD
<-- , xrefs: 00007FF63CC0AD34
--> , xrefs: 00007FF63CC0AD58
bool __cdecl sj::Updater::Impl::updateComponents(void) noexcept, xrefs: 00007FF63CC0AE92
updateComponents, xrefs: 00007FF63CC0AD89
Version information file is downloaded{}, xrefs: 00007FF63CC0AEA1
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF63CC0AE83

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@Vlogger@1@memcpy
String ID: *$--> $<-- $C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$Version information file is downloaded{}$bool __cdecl sj::Updater::Impl::updateComponents(void) noexcept$updateComponents
API String ID: 2778819636-2649363370
Opcode ID: 40c8369a06b7e6bb3d283250fd811241f6f34a5991d5ca84975c3030587f2813
Instruction ID: 02468e50eb577d7d03901fbc945ab0bdc3a1d3ec764b5c47d7bd7553fe7ed3ca
Opcode Fuzzy Hash: 40c8369a06b7e6bb3d283250fd811241f6f34a5991d5ca84975c3030587f2813
Instruction Fuzzy Hash: 4E616171A0CAD691EA21DB24E4513EA73E0FF85790F405232F6DD86799DF6CD189D700

Function 00007FF63CC33440 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 142COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC33515
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC3364E

Strings

trace, xrefs: 00007FF63CC33543
event, xrefs: 00007FF63CC3356E
Sending NewRelic {}: '{}', xrefs: 00007FF63CC335A5
void __cdecl sj::nr::NewRelicService::Impl::send(const enum sj::nr::MessageType,class nlohmann::json_abi_v3_11_2::basic_json<class std::map,class std::vector,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,bool,__int64,u, xrefs: 00007FF63CC3359A
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp, xrefs: 00007FF63CC3358F
metric, xrefs: 00007FF63CC3354C
log, xrefs: 00007FF63CC3355D

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp$Sending NewRelic {}: '{}'$event$log$metric$trace$void __cdecl sj::nr::NewRelicService::Impl::send(const enum sj::nr::MessageType,class nlohmann::json_abi_v3_11_2::basic_json<class std::map,class std::vector,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,bool,__int64,u
API String ID: 3668304517-958141585
Opcode ID: adf11d9a6af54a0aa89c450b2eddd30db7b5bc3a6bd5338bb469d2547833071a
Instruction ID: 2891ed70e7532cc38bf5ecd294dffb793c91ee7424e5a2d6016c3e1678d6a6cf
Opcode Fuzzy Hash: adf11d9a6af54a0aa89c450b2eddd30db7b5bc3a6bd5338bb469d2547833071a
Instruction Fuzzy Hash: DE614C72F08B8599FB00CBA8E4453BC33B1AB4875CF444235EE5D66B98EF78A195D350

Function 00007FF63CC445D0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 98libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF63CC44731
memset.VCRUNTIME140 ref: 00007FF63CC44746
GetProcAddress.KERNEL32 ref: 00007FF63CC4475A
GetLastError.KERNEL32 ref: 00007FF63CC4478F

Strings

RtlGetVersion, xrefs: 00007FF63CC44750
Failed to get OS version, xrefs: 00007FF63CC4477A
{}.{}.{}, xrefs: 00007FF63CC446CB
ntdll.dll, xrefs: 00007FF63CC4472A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: AddressErrorHandleLastModuleProcmemset
String ID: Failed to get OS version$RtlGetVersion$ntdll.dll${}.{}.{}
API String ID: 1371268722-418650401
Opcode ID: 8d7f4d0ff32dec40d18458a543befdfde198ebe3ac4c0484f996103339b731d0
Instruction ID: 6e013b67458b07cf8c1747bfd16b3b6ca279d789e8d4c155b6ec93a7af46ea9d
Opcode Fuzzy Hash: 8d7f4d0ff32dec40d18458a543befdfde198ebe3ac4c0484f996103339b731d0
Instruction Fuzzy Hash: 45512D32E18B8186E720CB24E8402A973E0FF98754F544335FA8D82B69EF3CE655DB40

Function 00007FF63CC27AE0 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 98COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMT ref: 00007FF63CC27C0A
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC27C1B

Part of subcall function 00007FF63CC44AD0: std::bad_exception::bad_exception.LIBCMT ref: 00007FF63CC44AFC
Part of subcall function 00007FF63CC44AD0: _CxxThrowException.VCRUNTIME140 ref: 00007FF63CC44B0D
Part of subcall function 00007FF63CC44AD0: _CxxThrowException.VCRUNTIME140 ref: 00007FF63CC44B95

Strings

__cdecl sj::WindowsService::WindowsService(const class std::shared_ptr<class sj::Runnable> &,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >), xrefs: 00007FF63CC27B94
Runnable initialization attempt with nullptr, xrefs: 00007FF63CC27C45
WindowsService is already initialized, xrefs: 00007FF63CC27C21
Service name is not specified!, xrefs: 00007FF63CC27BFE
Working as a windows service, xrefs: 00007FF63CC27BA0
C, xrefs: 00007FF63CC27B78
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\WindowsService.cpp, xrefs: 00007FF63CC27B88

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow$std::bad_exception::bad_exception
String ID: C$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\WindowsService.cpp$Runnable initialization attempt with nullptr$Service name is not specified!$WindowsService is already initialized$Working as a windows service$__cdecl sj::WindowsService::WindowsService(const class std::shared_ptr<class sj::Runnable> &,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >)
API String ID: 387331647-3463644464
Opcode ID: 4549967a1557c6629ed4993ce1faa10ece34ebdb84e8ff6315ea06df01cac2e1
Instruction ID: b9529ae6204ccd981f57419252169c4abdf841ec13b7936a7987c016cae566cd
Opcode Fuzzy Hash: 4549967a1557c6629ed4993ce1faa10ece34ebdb84e8ff6315ea06df01cac2e1
Instruction Fuzzy Hash: 82411A72A18B8581EB10CF24E4413A973F4FB98B48F645236FA8D92765EF3CE594D740

Function 00007FF63CC24B90 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 71COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC24CD1

Part of subcall function 00007FF63CBEF340: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBEF383
Part of subcall function 00007FF63CBEF340: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF63CBEF3D4

Strings

Failed to start crash detection service: {}, xrefs: 00007FF63CC24C3A
+, xrefs: 00007FF63CC24C49
, details: , xrefs: 00007FF63CC24BA5
auto __cdecl sj::CrashDetectionService::start::<lambda_1>::operator ()(void) const, xrefs: 00007FF63CC24BEC, 00007FF63CC24C71
Started crash detection service, xrefs: 00007FF63CC24BF8
#, xrefs: 00007FF63CC24C55
M, xrefs: 00007FF63CC24C5D
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashDetectionService.cpp, xrefs: 00007FF63CC24BE0, 00007FF63CC24C65

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@?log@logger@spdlog@@D@v10@fmt@@@Usource_loc@2@V?$basic_string_view@Vlogger@1@W4level_enum@level@2@_invalid_parameter_noinfo_noreturn
String ID: #$+$, details: $C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashDetectionService.cpp$Failed to start crash detection service: {}$M$Started crash detection service$auto __cdecl sj::CrashDetectionService::start::<lambda_1>::operator ()(void) const
API String ID: 298516329-1322712142
Opcode ID: ca4a0297727a0cd6c204dcbaa7e37a330f1319a4e16cd76b92d85ed9aae7b0de
Instruction ID: 0d9676e977232eaae84ad4e2cc3094619fb3b37a985ee9282681ae526b56a48f
Opcode Fuzzy Hash: ca4a0297727a0cd6c204dcbaa7e37a330f1319a4e16cd76b92d85ed9aae7b0de
Instruction Fuzzy Hash: 2B312A72A08B8685EA10DB58F4503EA73E1FB85794F404236F69D83BA9DF7CE458E700

Function 00007FF63CC37540 Relevance: 15.1, APIs: 10, Instructions: 125COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF63CC3757C
??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF63CC37591
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF63CC375C8
??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF63CC376F8

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

??0_Locinfo@std@@QEAA@PEBD@Z.MSVCP140 ref: 00007FF63CC37633
??0facet@locale@std@@IEAA@_K@Z.MSVCP140 ref: 00007FF63CC3764A
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ.MSVCP140 ref: 00007FF63CC37663
??1_Locinfo@std@@QEAA@XZ.MSVCP140 ref: 00007FF63CC37683
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC376C4
std::_Facet_Register.LIBCPMT ref: 00007FF63CC376DB

Part of subcall function 00007FF63CC3F3D0: ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF63CC37618), ref: 00007FF63CC3F3F9
Part of subcall function 00007FF63CC3F3D0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF63CC37618), ref: 00007FF63CC3F511

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Locinfo@std@@$??0_??1_Lockit@std@@_invalid_parameter_noinfo_noreturn$??0facet@locale@std@@?c_str@?$_Bid@locale@std@@Collvec@@D@std@@Facet_Getcoll@_Getgloballocale@locale@std@@Locimp@12@RegisterYarn@mallocstd::_
String ID:
API String ID: 770176852-0
Opcode ID: b1adb42a13c6693f8ab160bfb8b6194fd320847d41616f86927bdc0fb6e911c9
Instruction ID: f7c58169452ef185212a95d5b7220074a9e0e61bb0b4c366a89ef64a5939f3bc
Opcode Fuzzy Hash: b1adb42a13c6693f8ab160bfb8b6194fd320847d41616f86927bdc0fb6e911c9
Instruction Fuzzy Hash: 65515C32B09A4281EA149B15EA5437973F1FB88BE0F554236FA5D837A4DF3CE485DB40

Function 00007FF63CCDF250 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 181COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF63CCDF35A
memcpy.VCRUNTIME140 ref: 00007FF63CCDF36B
std::bad_exception::bad_exception.LIBCMT ref: 00007FF63CCDF3FC
std::bad_exception::bad_exception.LIBCMT ref: 00007FF63CCDF443

Strings

field name too large, xrefs: 00007FF63CCDF437
C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/beast/http/impl/fields.hpp, xrefs: 00007FF63CCDF3DC, 00007FF63CCDF423
field value too large, xrefs: 00007FF63CCDF3F0
new_element, xrefs: 00007FF63CCDF3CF, 00007FF63CCDF416

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpystd::bad_exception::bad_exception
String ID: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/beast/http/impl/fields.hpp$field name too large$field value too large$new_element
API String ID: 1157262936-3644844388
Opcode ID: 8c12241656f4b47ceb80d2d047a704909f028cfc9c23d66f22ed6909f06b2f45
Instruction ID: ebf0261d893e16dc5997ed3a6795f7037060d21421f1ba3a2718f9ef4bf268cf
Opcode Fuzzy Hash: 8c12241656f4b47ceb80d2d047a704909f028cfc9c23d66f22ed6909f06b2f45
Instruction Fuzzy Hash: AC61C332A0968281EA10CB15E4653B977E0FF55B88F449132FB9D8778AEF3CD596D310

Function 00007FF63CBF79D0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 173COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBF7A15
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBF7A29
memset.VCRUNTIME140 ref: 00007FF63CBF7A50
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBF7B7A
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBF7C87
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBF7CA0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF7CF4

Strings

bool __cdecl sj::Updater::Impl::checkForUpdate(const class sj::Component &,const struct sj::UpdaterManifest::Attributes &) const, xrefs: 00007FF63CBF79D4

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: bool __cdecl sj::Updater::Impl::checkForUpdate(const class sj::Component &,const struct sj::UpdaterManifest::Attributes &) const
API String ID: 3906636330-941177291
Opcode ID: 8bccd7b1025cba05118609d7755b6bb65666a9d9092d82dd8580f6b5e11bc240
Instruction ID: 3cefe235351b7f53fcfe7ef2b56365200cdebdf89665b711e35da615c1ba7002
Opcode Fuzzy Hash: 8bccd7b1025cba05118609d7755b6bb65666a9d9092d82dd8580f6b5e11bc240
Instruction Fuzzy Hash: 25912A36608BC586DB618B19F4443AAB3A4FB89794F404226EBCD53B69EF3CD195DB00

Function 00007FF63CBF7660 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBF76A5
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBF76B9
memset.VCRUNTIME140 ref: 00007FF63CBF76E0
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBF7817
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBF7927
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBF7940
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF7994

Strings

bool __cdecl sj::Updater::Impl::checkForUpdate(const class sj::Component &,const struct sj::UpdaterManifest::Attributes &) const, xrefs: 00007FF63CBF7664

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: bool __cdecl sj::Updater::Impl::checkForUpdate(const class sj::Component &,const struct sj::UpdaterManifest::Attributes &) const
API String ID: 3906636330-941177291
Opcode ID: b45a27d507d5a1f92ac54fd9441722b66895ca71883a35963c61990113dbf553
Instruction ID: 2bbe039fbbf64890f8286f1f5275b219019bd439e3a38e66c78e6ad78706d571
Opcode Fuzzy Hash: b45a27d507d5a1f92ac54fd9441722b66895ca71883a35963c61990113dbf553
Instruction Fuzzy Hash: C6914836609BC586EB618B14F4443EAB3A4FB89794F404226EBCD43B68EF7CD195DB00

Function 00007FF63CBE83C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBE840B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBE841F
memset.VCRUNTIME140 ref: 00007FF63CBE8446
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBE8540
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBE8651
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBE866A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE86BE

Strings

app.name, xrefs: 00007FF63CBE83C3

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: app.name
API String ID: 3906636330-2680132313
Opcode ID: a1abd8d85ab48d436a2a69a848019feb957c861f32b57d0af472e6a2e71bd9e3
Instruction ID: ace145b35bc5a38e3cc31fe9dcaa1faa0ee2e8e7559a8033f71864f4e2f41789
Opcode Fuzzy Hash: a1abd8d85ab48d436a2a69a848019feb957c861f32b57d0af472e6a2e71bd9e3
Instruction Fuzzy Hash: 31813C32608FC582D7618B19F4443AAB3A4FB89794F405226EBCD43B68EF7CD595DB40

Function 00007FF63CC01E00 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 164COMMON

Download Yara Rule

APIs

_Xtime_get_ticks.MSVCP140 ref: 00007FF63CC01E62
_localtime64_s.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF63CC01EAE
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CC01F26

Part of subcall function 00007FF63CBF65F0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBF6638

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC01FC0

Strings

void __cdecl sj::Updater::Impl::asyncWaitTimer(void) noexcept, xrefs: 00007FF63CC01F45
Next check scheduled on: {}, xrefs: 00007FF63CC01F50
{:%Y-%m-%d %H:%M:%S}, xrefs: 00007FF63CC01EEF
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF63CC01F3A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@Vlogger@1@Xtime_get_ticks_invalid_parameter_noinfo_noreturn_localtime64_s
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$Next check scheduled on: {}$void __cdecl sj::Updater::Impl::asyncWaitTimer(void) noexcept${:%Y-%m-%d %H:%M:%S}
API String ID: 2532722630-3149286030
Opcode ID: fa8436c991509790ae7b6e2ec7a6c3a95bb17aeda6efab635c7a325dd7123fad
Instruction ID: e6065097f4648818ed04e280740ed5141bcb6ba585923cbcc50276ca94bb0714
Opcode Fuzzy Hash: fa8436c991509790ae7b6e2ec7a6c3a95bb17aeda6efab635c7a325dd7123fad
Instruction Fuzzy Hash: 1D816A72A14B958AEB00CF24E8402EE73F0FB88748F505226EE8C57B59EF38E195D740

Function 00007FF63CBE7A80 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 161COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBE7ACB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBE7ADF
memset.VCRUNTIME140 ref: 00007FF63CBE7B06
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBE7BF6
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBE7D01
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBE7D1A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE7D6E

Strings

app.path, xrefs: 00007FF63CBE7A83

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: app.path
API String ID: 3906636330-3402131408
Opcode ID: 37236fcd9b7fb9c5f02c2468e3477a324a1c7a38487b24b09329f0f6f95c0c87
Instruction ID: f83829534c1aaf704c2d24e5c05b0d752acc2cbbcce419c61c2741f680a9e40f
Opcode Fuzzy Hash: 37236fcd9b7fb9c5f02c2468e3477a324a1c7a38487b24b09329f0f6f95c0c87
Instruction Fuzzy Hash: EB812932608BD582DB618B14F4843EAB3A4FB89794F405222EBDD53B68EF7CD595DB00

Function 00007FF63CBE7DA0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBE7DEB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBE7DFF
memset.VCRUNTIME140 ref: 00007FF63CBE7E26
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBE7F0B
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBE8011
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBE802A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE807E

Strings

maxRetryAttempts, xrefs: 00007FF63CBE7DA3

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: maxRetryAttempts
API String ID: 3906636330-3836769744
Opcode ID: 1d4abca1f4f3179f0921685532641b7b206257e9e0022d38d82c7d1beb9f2f4c
Instruction ID: b253b99a2af1c72eed70ef0456fc42162e724a7c5fe47bda028f98ff7ef29378
Opcode Fuzzy Hash: 1d4abca1f4f3179f0921685532641b7b206257e9e0022d38d82c7d1beb9f2f4c
Instruction Fuzzy Hash: 08813A32608BC582DB618B18F4443EAB3A4FB89794F405226EBCD43B69EF7CD595DB40

Function 00007FF63CC263D0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CC2641B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CC2642F
memset.VCRUNTIME140 ref: 00007FF63CC26456
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CC2652A
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CC26637
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CC26650
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC266A4

Strings

sj::ConsoleApplication::run, xrefs: 00007FF63CC263D3

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID: sj::ConsoleApplication::run
API String ID: 3906636330-432001771
Opcode ID: cc7278577617488992a980c7cb74f26a1aefd9c20f0afe1fa37d15278232f202
Instruction ID: 65bd5e8ac74cec06a709b7e8a61f5e9105e075e12b37559574744a4334d7e3af
Opcode Fuzzy Hash: cc7278577617488992a980c7cb74f26a1aefd9c20f0afe1fa37d15278232f202
Instruction Fuzzy Hash: BA712732609BC581DB618B15F8847EAB3A4FB88754F405222EACD43B68EF7CD199DB10

Function 00007FF63CC32D50 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 141COMMON

Download Yara Rule

APIs

_Mtx_lock.MSVCP140 ref: 00007FF63CC32E1C
_Mtx_unlock.MSVCP140 ref: 00007FF63CC32E7E

Part of subcall function 00007FF63CBF69C0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBF6A08

?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF63CC32EE9
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF63CC32EF4

Strings

Sending NewRelic {} is not enabled, xrefs: 00007FF63CC32DBF
bool __cdecl sj::nr::NewRelicService::Impl::isEnabled(const enum sj::nr::MessageType) noexcept const, xrefs: 00007FF63CC32DB4
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp, xrefs: 00007FF63CC32DA9
metric, xrefs: 00007FF63CC32D88

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Cpp_error@std@@Throw_$?default_logger_raw@spdlog@@Mtx_lockMtx_unlockVlogger@1@
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\new-relic\NewRelicService.cpp$Sending NewRelic {} is not enabled$bool __cdecl sj::nr::NewRelicService::Impl::isEnabled(const enum sj::nr::MessageType) noexcept const$metric
API String ID: 2215757343-4065012269
Opcode ID: fa2f9802cc518e1b998c9d7512411f9f020f14db03d953165377fcdaa5b5f194
Instruction ID: 5e79f0b46fd002b8184438c8138d15e8a8a5000732730fc7a0f179195ef16604
Opcode Fuzzy Hash: fa2f9802cc518e1b998c9d7512411f9f020f14db03d953165377fcdaa5b5f194
Instruction Fuzzy Hash: 8B616A32604A8589EB009F25E8413E833F4EB49B88F845136FB4D97796DF39E5A1D350

Function 00007FF63CC05350 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 128COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC53A90: _Xtime_get_ticks.MSVCP140(?,?,?,?,00007FF63CC2EF58), ref: 00007FF63CC53A94

_Xtime_get_ticks.MSVCP140 ref: 00007FF63CC053E6
_localtime64_s.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF63CC0542F
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CC0549F

Part of subcall function 00007FF63CBE39D0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBE3A18

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC05543

Strings

void __cdecl sj::`anonymous-namespace'::handleErrorsExpiration(class sj::UpdaterStorage &,class std::chrono::duration<__int64,struct std::ratio<1,1000> >), xrefs: 00007FF63CC054C3
Next expiration for '{}' will took place on: {}, xrefs: 00007FF63CC054DC
{:%Y-%m-%d %H:%M:%S}, xrefs: 00007FF63CC0547A
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF63CC054AD

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Xtime_get_ticks$?default_logger_raw@spdlog@@?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@Vlogger@1@_invalid_parameter_noinfo_noreturn_localtime64_s
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$Next expiration for '{}' will took place on: {}$void __cdecl sj::`anonymous-namespace'::handleErrorsExpiration(class sj::UpdaterStorage &,class std::chrono::duration<__int64,struct std::ratio<1,1000> >)${:%Y-%m-%d %H:%M:%S}
API String ID: 374219349-3552591738
Opcode ID: f5fb34671b482da7b82e4ad233f084f196c2680ea549da08b5570cf656f173d3
Instruction ID: a1aac65b673ac7629a92e00b53f46342a1c6ae80c1cfc4c5409eea5f7fc85a30
Opcode Fuzzy Hash: f5fb34671b482da7b82e4ad233f084f196c2680ea549da08b5570cf656f173d3
Instruction Fuzzy Hash: FB512C72F04B458AEB00DBB4E4412EC73B6EB58788F405635EE4D5AB5AEF38E155D380

Function 00007FF63CC020E0 Relevance: 13.6, APIs: 9, Instructions: 62COMMON

Download Yara Rule

APIs

?__ExceptionPtrCopy@@YAXPEAXPEBX@Z.MSVCP140 ref: 00007FF63CC02134
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z.MSVCP140 ref: 00007FF63CC0215D
?__ExceptionPtrDestroy@@YAXPEAX@Z.MSVCP140 ref: 00007FF63CC02167
?__ExceptionPtrCreate@@YAXPEAX@Z.MSVCP140 ref: 00007FF63CC0217A
?__ExceptionPtrDestroy@@YAXPEAX@Z.MSVCP140 ref: 00007FF63CC0219A
__std_exception_destroy.VCRUNTIME140 ref: 00007FF63CC021B0
?__ExceptionPtrCreate@@YAXPEAX@Z.MSVCP140 ref: 00007FF63CC021CC
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z.MSVCP140 ref: 00007FF63CC021E4
?__ExceptionPtrDestroy@@YAXPEAX@Z.MSVCP140 ref: 00007FF63CC021EE

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Exception$Destroy@@$Copy@@Create@@$Assign@@__std_exception_destroy
String ID:
API String ID: 1226646100-0
Opcode ID: 31dff0feb1699c8a4422c74ac2fb4a3a02ec7dff8dd1929e90be58e97bd81aaf
Instruction ID: eae53c34d087c74000164f278387cf29e732a467da2c82a4a4fb099d8ecf9b43
Opcode Fuzzy Hash: 31dff0feb1699c8a4422c74ac2fb4a3a02ec7dff8dd1929e90be58e97bd81aaf
Instruction Fuzzy Hash: DE214562F1CB8A91EA10DB24D4411BDA7A1FFD9344F504335F68D82696EF2CE6C5D740

Function 00007FF63CC2A1B0 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 307COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC2A42E

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2A427
memcmp.VCRUNTIME140 ref: 00007FF63CC2A4BF
memcmp.VCRUNTIME140 ref: 00007FF63CC2A4F3
memcmp.VCRUNTIME140 ref: 00007FF63CC2A588

Strings

gfffffff, xrefs: 00007FF63CC2A1DB
gfffffff, xrefs: 00007FF63CC2A3B1

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcmp$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID: gfffffff$gfffffff
API String ID: 97214780-161084747
Opcode ID: e03502ec7ecc94280be2ed7e6a13344c142164b2e312d7560dc89cbee86b7a1d
Instruction ID: 71f9710eb105b9de414a2d59dc976a4704b9749817c8f091295cd7460c3da599
Opcode Fuzzy Hash: e03502ec7ecc94280be2ed7e6a13344c142164b2e312d7560dc89cbee86b7a1d
Instruction Fuzzy Hash: 0BC19C72B08B8582EE20CB16F41456A67A5FB48BC4F48A136EE9D87B85DF3CE591D301

Function 00007FF63CC157F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 172COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE3769

Part of subcall function 00007FF63CBF2DD0: memmove.VCRUNTIME140 ref: 00007FF63CBF2EF6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF63CC53FA9), ref: 00007FF63CC158F7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF63CC53FA9), ref: 00007FF63CC15948
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF63CC53FA9), ref: 00007FF63CC15987
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF63CC53FA9), ref: 00007FF63CC159D7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF63CC53FA9), ref: 00007FF63CC15A52

Strings

parse_error, xrefs: 00007FF63CC1586F
parse error, xrefs: 00007FF63CC158B1

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$memmove
String ID: parse error$parse_error
API String ID: 1675611454-1820534363
Opcode ID: 36d097a5b747bfcb70958d877363c18ac4d8d05215aa0597913fa7995ad393c3
Instruction ID: 000820d045585a6541a43ad8a2c6344fa46fb545fd67659320a3c42f8f425220
Opcode Fuzzy Hash: 36d097a5b747bfcb70958d877363c18ac4d8d05215aa0597913fa7995ad393c3
Instruction Fuzzy Hash: 04716372F18B4644FA10DB69E4403BD67A1EB457A4F105332FA6D96BE9EE6CE0C5D300

Function 00007FF63CD13C20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 170COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,Opera/,OPR/,00007FF63CBE24F9), ref: 00007FF63CD13C99
memmove.VCRUNTIME140(00000000,Opera/,OPR/,00007FF63CBE24F9), ref: 00007FF63CD13CC8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CD13CEB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FF63CBE24F9), ref: 00007FF63CD13D57
memchr.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBE24F9), ref: 00007FF63CD13E02

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

Strings

OPR/, xrefs: 00007FF63CD13C2A
Opera/, xrefs: 00007FF63CD13C2B

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskmallocmemchrmemmove
String ID: OPR/$Opera/
API String ID: 2753702255-1531271886
Opcode ID: c9ba7e3ea939cfa4c84405637764614e8252604aee2d84b0f892cc165385e758
Instruction ID: 67d93e7a77a82798a6f27a58067927b49171f3fa4151205c72786ae062f3e9c5
Opcode Fuzzy Hash: c9ba7e3ea939cfa4c84405637764614e8252604aee2d84b0f892cc165385e758
Instruction Fuzzy Hash: F651BD22709B8585EA149F6AA4001A9A3E0EB48BE4F584735FFBD87BD9DF3CD591D300

Function 00007FF63CC1EBE0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 145COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC1ED8F

Strings

j, xrefs: 00007FF63CC1EDD3
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\FeatureFlags.cpp, xrefs: 00007FF63CC1EDE9
bool __cdecl sj::FeatureFlags::generateConfig(enum sj::ComponentType,const class std::filesystem::path &) const, xrefs: 00007FF63CC1EDF8
=, xrefs: 00007FF63CC1EE16
version, xrefs: 00007FF63CC1ECB1
Feature flags does not contain information for component '{}', xrefs: 00007FF63CC1EE07

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: =$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\FeatureFlags.cpp$Feature flags does not contain information for component '{}'$bool __cdecl sj::FeatureFlags::generateConfig(enum sj::ComponentType,const class std::filesystem::path &) const$j$version
API String ID: 3668304517-220080064
Opcode ID: e81428f6cfcba8bdea5d318c92e6691622b57c08598323300aa1873e395e6f1c
Instruction ID: db978aa2bb1cb166e5398d6cbf77e8cee26c658a64886f24b5e4d6bf34a3de3f
Opcode Fuzzy Hash: e81428f6cfcba8bdea5d318c92e6691622b57c08598323300aa1873e395e6f1c
Instruction Fuzzy Hash: 79617D72A1CBC581DA60DB25E4943AAB7A1FB85784F409136FACE83B99DF7CD144DB00

Function 00007FF63CBF8BF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 134COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF63CBF8CA5
?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT(?,?,?,?,?,?,?,?,?,?,?,00007FF63CBFA628), ref: 00007FF63CBF8DAB

Strings

cannot switch from automatic to manual argument indexing, xrefs: 00007FF63CBF8C9E
invalid format string, xrefs: 00007FF63CBF8CD2, 00007FF63CBF8D7D
cannot switch from manual to automatic argument indexing, xrefs: 00007FF63CBF8DA4

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@
String ID: cannot switch from automatic to manual argument indexing$cannot switch from manual to automatic argument indexing$invalid format string
API String ID: 4276112833-2389466755
Opcode ID: f96f31ba52da6647e1ac8f56c008f0bc7987eabce5b7e28dbee4173007e0f3de
Instruction ID: 419e1f006d82e3f386bb0dab4b9df1ca55e5e0c1dd48acbf34d76013ab424598
Opcode Fuzzy Hash: f96f31ba52da6647e1ac8f56c008f0bc7987eabce5b7e28dbee4173007e0f3de
Instruction Fuzzy Hash: 7951F82BA0CAA589E660CF14D4002B967E0FF57B90F844235FA9EC6795DF3DE491D701

Function 00007FF63CC004E0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC00628

Part of subcall function 00007FF63CBEF340: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBEF383
Part of subcall function 00007FF63CBEF340: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF63CBEF3D4

Strings

Feature flags check is postponed., xrefs: 00007FF63CC0068A
void __cdecl sj::Updater::Impl::performUpdate(void) noexcept, xrefs: 00007FF63CC0067E
<-- , xrefs: 00007FF63CC0058C
--> , xrefs: 00007FF63CC005A0
performUpdate, xrefs: 00007FF63CC005CA
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF63CC00672

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@?log@logger@spdlog@@D@v10@fmt@@@Usource_loc@2@V?$basic_string_view@Vlogger@1@W4level_enum@level@2@_invalid_parameter_noinfo_noreturn
String ID: --> $<-- $C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$Feature flags check is postponed.$performUpdate$void __cdecl sj::Updater::Impl::performUpdate(void) noexcept
API String ID: 298516329-4085169699
Opcode ID: 5856560ca6d758134cbf83f19b6790a059f74ba6c41449f8e19a53d1b1c5c2b3
Instruction ID: 48fbbb91779db25b1004910a5e607b1a61a7cdc11c77d3167efdff93f9f92b64
Opcode Fuzzy Hash: 5856560ca6d758134cbf83f19b6790a059f74ba6c41449f8e19a53d1b1c5c2b3
Instruction Fuzzy Hash: 2E51B472E08B9686EA10DB25F4502BA63F1FB85784F005236FA8D8B796DF7CE545D700

Function 00007FF63CBE5790 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 54COMMON

Download Yara Rule

APIs

?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBE57B9

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h, xrefs: 00007FF63CBE57F9
, details: , xrefs: 00007FF63CBE57A1
=, xrefs: 00007FF63CBE5867
,, xrefs: 00007FF63CBE57EE
{}{}, xrefs: 00007FF63CBE582D
auto __cdecl sj::ScopedLogger<2>::{dtor}::<lambda_1>::operator ()(void) const, xrefs: 00007FF63CBE581E

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@Vlogger@1@
String ID: ,$, details: $=$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h$auto __cdecl sj::ScopedLogger<2>::{dtor}::<lambda_1>::operator ()(void) const${}{}
API String ID: 3714795773-7912079
Opcode ID: c3e8b44bb5b772fa5a3cc45628adc2e92af1528e27643011ca1d7199d7e36f9b
Instruction ID: b9f2d987ea405e510674cda93f706cdd9d39a4a228fdbf89acd7431e2567408e
Opcode Fuzzy Hash: c3e8b44bb5b772fa5a3cc45628adc2e92af1528e27643011ca1d7199d7e36f9b
Instruction Fuzzy Hash: DE216B32909BC1D5E7619F20F0043AA73E4FB95748F50523AEA8D42B98EF7CD199DB02

Function 00007FF63CC00190 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 53COMMON

Download Yara Rule

APIs

?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CC001B9

Strings

,, xrefs: 00007FF63CC001EE
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h, xrefs: 00007FF63CC001F9
=, xrefs: 00007FF63CC00267
, details: , xrefs: 00007FF63CC001A1
{}{}, xrefs: 00007FF63CC0022D
auto __cdecl sj::ScopedLogger<0>::{dtor}::<lambda_1>::operator ()(void) const, xrefs: 00007FF63CC0021E

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@Vlogger@1@
String ID: ,$, details: $=$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h$auto __cdecl sj::ScopedLogger<0>::{dtor}::<lambda_1>::operator ()(void) const${}{}
API String ID: 3714795773-3554755221
Opcode ID: 63ab663453a1ebd481734043507adb35553b16dddc6b69db1e498707d21cc316
Instruction ID: ecfc2ddf0ba3c57da76ed86a51b5913515993bd1deaaf0709fb6ac8e05a6b3a2
Opcode Fuzzy Hash: 63ab663453a1ebd481734043507adb35553b16dddc6b69db1e498707d21cc316
Instruction Fuzzy Hash: D8212A7290DBD595EB618F24F0043AA73E4FB44348F40523AEA8D92BA9DF7CD199DB01

Function 00007FF63CBFFAE0 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF63CBFFB19
SetEvent.KERNEL32 ref: 00007FF63CBFFB3F
LeaveCriticalSection.KERNEL32 ref: 00007FF63CBFFB73
CloseHandle.KERNEL32 ref: 00007FF63CBFFB98
LeaveCriticalSection.KERNEL32 ref: 00007FF63CBFFBB4
CloseHandle.KERNEL32 ref: 00007FF63CBFFC1C
CloseHandle.KERNEL32 ref: 00007FF63CBFFC26
DeleteCriticalSection.KERNEL32 ref: 00007FF63CBFFC30

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$CloseHandle$Leave$DeleteEnterEvent
String ID:
API String ID: 1870084288-0
Opcode ID: c911e8eabcb18470f2729bc5f1e00cf57b61314b285eb44e439f9ef2ddbc456c
Instruction ID: 4fd5dc2d87a132a6a126557e8ed4886aea5b98731d89d4dfcd0c1c2b1c453187
Opcode Fuzzy Hash: c911e8eabcb18470f2729bc5f1e00cf57b61314b285eb44e439f9ef2ddbc456c
Instruction Fuzzy Hash: D4412C26A08B9689EB519F61D85436973E0FF89F88F484136EA4E87765DF3CD488D301

Function 00007FF63CC4EE30 Relevance: 12.1, APIs: 8, Instructions: 81COMMON

Download Yara Rule

APIs

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC4EE76
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC4EE84
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC4EE90
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC4EEB1
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC4EEC2
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC4EED0
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC4EEDC
memmove.VCRUNTIME140 ref: 00007FF63CC4EF12

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?pptr@?$basic_streambuf@$?eback@?$basic_streambuf@?egptr@?$basic_streambuf@?epptr@?$basic_streambuf@?gptr@?$basic_streambuf@?pbase@?$basic_streambuf@memmove
String ID:
API String ID: 1084301519-0
Opcode ID: 63a78ba685fe670b5381cd139ebff67eb31b732d5e5721fe063cb7ae6b7021b5
Instruction ID: ffa268859ac71c6e23b1dc0caf5eadc74092c2bb2f6af9a81d6386ba2d78654e
Opcode Fuzzy Hash: 63a78ba685fe670b5381cd139ebff67eb31b732d5e5721fe063cb7ae6b7021b5
Instruction Fuzzy Hash: B3319072B0974186FB258F26A404269B7E1EB89FC4F084135FA8D87B55DF3CE586D704

Function 00007FF63CC11B10 Relevance: 12.1, APIs: 8, Instructions: 64COMMON

Download Yara Rule

APIs

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC11B2D
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC11B3B
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC11B43
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC11B4F
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC11B5B
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140 ref: 00007FF63CC11B98
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z.MSVCP140 ref: 00007FF63CC11BA6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC11BCC

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?eback@?$basic_streambuf@$?egptr@?$basic_streambuf@?epptr@?$basic_streambuf@?pptr@?$basic_streambuf@?setg@?$basic_streambuf@?setp@?$basic_streambuf@D00@_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3548242540-0
Opcode ID: e4a3473cf8bb8f8b81c3db78e0d12dd373cc025e369511375e62d958eade09cb
Instruction ID: e0e0ed08e73c4d80b09260010d95f6d0abb4b6a2b546f36665768a14079e293a
Opcode Fuzzy Hash: e4a3473cf8bb8f8b81c3db78e0d12dd373cc025e369511375e62d958eade09cb
Instruction Fuzzy Hash: 00115731B15A4241EA149B6AA81833872E0EFCDFE4F140730F95E827A4EF3C9149D200

Function 00007FF63CC2C310 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 384COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2C6F2

Part of subcall function 00007FF63CBE7240: __std_fs_code_page.MSVCPRT ref: 00007FF63CBE7263
Part of subcall function 00007FF63CBE7240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CBE72B1
Part of subcall function 00007FF63CBE7240: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF63CBE72E9

Part of subcall function 00007FF63CBE5C70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE5CCB

Part of subcall function 00007FF63CC2A1B0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2A427
Part of subcall function 00007FF63CC2A1B0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC2A42E
Part of subcall function 00007FF63CC2A1B0: memcmp.VCRUNTIME140 ref: 00007FF63CC2A4BF
Part of subcall function 00007FF63CC2A1B0: memcmp.VCRUNTIME140 ref: 00007FF63CC2A4F3

Part of subcall function 00007FF63CC2A1B0: memcmp.VCRUNTIME140 ref: 00007FF63CC2A588

Strings

sj-common.json, xrefs: 00007FF63CC2C49D
.user.json, xrefs: 00007FF63CC2C849
env, xrefs: 00007FF63CC2C4E8
SJPulse, xrefs: 00007FF63CC2C3F9
config, xrefs: 00007FF63CC2C3D2

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemcmp$__std_fs_convert_narrow_to_wide$Concurrency::cancel_current_task__std_fs_code_page
String ID: .user.json$SJPulse$config$env$sj-common.json
API String ID: 758345005-546559227
Opcode ID: bcb82b46270fba77c42b15c136fbc1f5d7da0349af45b7d6153be3244755b65d
Instruction ID: 228ef94afbc8dad07b08342b1a0846a5952d9e7a5807f3838cf63cf5be471dd9
Opcode Fuzzy Hash: bcb82b46270fba77c42b15c136fbc1f5d7da0349af45b7d6153be3244755b65d
Instruction Fuzzy Hash: F512A462A18AC295EB10DF34E4503ED73A0FB95748F407232F68D96B6ADF78D688D740

Function 00007FF63CC57170 Relevance: 10.7, APIs: 7, Instructions: 203COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(00000002,?,00000000,00007FF63CC56DBB), ref: 00007FF63CC5722A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000002,?,00000000,00007FF63CC56DBB), ref: 00007FF63CC57243
memmove.VCRUNTIME140(00000002,?,00000000,00007FF63CC56DBB), ref: 00007FF63CC5726D
memmove.VCRUNTIME140(00000002,?,00000000,00007FF63CC56DBB), ref: 00007FF63CC5728B
memmove.VCRUNTIME140(00000002,?,00000000,00007FF63CC56DBB), ref: 00007FF63CC572B5
memset.VCRUNTIME140 ref: 00007FF63CC57370

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 1392643149-0
Opcode ID: 022f988f29079a02106b2ffc7a6c0b703d0e808805a31999be6f43207e2f8f7a
Instruction ID: ca7cc857f2743fe7afd3cf1098db92e184ea439162125f9c409a3df8210ff03c
Opcode Fuzzy Hash: 022f988f29079a02106b2ffc7a6c0b703d0e808805a31999be6f43207e2f8f7a
Instruction Fuzzy Hash: 4A71CD32B19B8685EA01CB26E8443AD63A4EB48BD0F588635FE4D87795EF3CE1D5D300

Function 00007FF63CBE7480 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 203COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBE953C), ref: 00007FF63CBE751E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBE953C), ref: 00007FF63CBE7576
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBE953C), ref: 00007FF63CBE7580
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBE76A2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE7748

Strings

{0}, xrefs: 00007FF63CBE767B

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemcpy$??$vformat_to@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@@12@V?$basic_format_args@V?$basic_format_context@V?$basic_string_view@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@
String ID: {0}
API String ID: 1452291513-1444373969
Opcode ID: 85d069f9a62ef2684019c043d1192520ff0fd4d764a6813e41d85d9f230a5784
Instruction ID: 0273d7753956f1a8198a2e29d5f0b6d1800578e33188fb279b37e230d0aac470
Opcode Fuzzy Hash: 85d069f9a62ef2684019c043d1192520ff0fd4d764a6813e41d85d9f230a5784
Instruction Fuzzy Hash: 9581AF62B04B9586EA10CF25E5442AEB3A0FB88BD4F445232EF9D57B98EF3CD185D300

Function 00007FF63CBF4F10 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF63CBF4F5A
?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF63CBF4FDE
?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF63CBF508F
??$get@Vlocale@std@@@locale_ref@detail@v10@fmt@@QEBA?AVlocale@std@@XZ.FMT ref: 00007FF63CBF50EA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF51D7

Part of subcall function 00007FF63CC01C80: memcmp.VCRUNTIME140 ref: 00007FF63CC01D19

Strings

argument not found, xrefs: 00007FF63CBF4FD7, 00007FF63CBF5088

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@$??$get@Vlocale@std@@Vlocale@std@@@locale_ref@detail@v10@fmt@@_invalid_parameter_noinfo_noreturnmemcmpmemset
String ID: argument not found
API String ID: 2706344375-3524968529
Opcode ID: 8ddaeadf23830fbfaf3a19409a215e032c998ec2118d3b36c8804dbe5eedb5d9
Instruction ID: 8f8de32eb991271b73982d2c268ab1c7d4b64714e72c888f11c786888e20be58
Opcode Fuzzy Hash: 8ddaeadf23830fbfaf3a19409a215e032c998ec2118d3b36c8804dbe5eedb5d9
Instruction Fuzzy Hash: 56919E22E18B958AFB01DB78D8402ED63F0FB96758F104225FE5E56B59EF38E185D700

Function 00007FF63CBE4730 Relevance: 10.7, APIs: 7, Instructions: 185COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBE477B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBE478F
memset.VCRUNTIME140 ref: 00007FF63CBE47B6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBE4945
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBE4A5B
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBE4A74
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE4AC8

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: 477caff914549137520409a76789c44fdde8969191c31e8308fcd1561b4dc563
Instruction ID: 232154d96965cf233281bf5994d5909b2b24dea75676e541f0d25c3ddd5dde56
Opcode Fuzzy Hash: 477caff914549137520409a76789c44fdde8969191c31e8308fcd1561b4dc563
Instruction Fuzzy Hash: 45A11636608BC595DB318B19F4443EAB3A4FB89B94F405226EBCD43B69EF38D195DB00

Function 00007FF63CBE4380 Relevance: 10.7, APIs: 7, Instructions: 180COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBE43CB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBE43DF
memset.VCRUNTIME140 ref: 00007FF63CBE4406
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBE4572
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBE468B
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBE46A4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE46F8

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: 5251e409ef4c27480c52c8a95b905093ffc9aaf0657bad49e8300587c316af58
Instruction ID: e3c83562ac49d138bb6ce3017339e8413347b7961cf0f09ee8792ae66a6fe550
Opcode Fuzzy Hash: 5251e409ef4c27480c52c8a95b905093ffc9aaf0657bad49e8300587c316af58
Instruction Fuzzy Hash: 10911536608BC585DA718B19F4443EAB3A4FB89B94F405222EBCD43B69EF38D195DB00

Function 00007FF63CBF72E0 Relevance: 10.7, APIs: 7, Instructions: 177COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBF7325
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBF7339
memset.VCRUNTIME140 ref: 00007FF63CBF7360
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBF74A8
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBF75B7
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBF75D0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF7624

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: ca399d3ec58a29a4a19a612613ee7fc495ef3d9279e0ab59c4cfcc9290e77174
Instruction ID: 7f658d5afcc760c5380de7488f8d3ad779c372bb5ad7d766e48f82b11d8193ba
Opcode Fuzzy Hash: ca399d3ec58a29a4a19a612613ee7fc495ef3d9279e0ab59c4cfcc9290e77174
Instruction Fuzzy Hash: 34914936609BC586DB618B18F4443AAB3A4FB89794F404226EBCD43B68EF7CD195DB00

Function 00007FF63CC4FB20 Relevance: 10.7, APIs: 7, Instructions: 173COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CC4FB65
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CC4FB79
memset.VCRUNTIME140 ref: 00007FF63CC4FBA0
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CC4FCDE
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CC4FDE9
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CC4FE02
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC4FE56

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: 786df2c517e17aeb9c2e58edc998353f7e174cb8cc10bf2970a98d6d8e40b1fb
Instruction ID: 04106afe329784c83fe6ac24af16017e39ef795dcbba29a2594f97840d67e623
Opcode Fuzzy Hash: 786df2c517e17aeb9c2e58edc998353f7e174cb8cc10bf2970a98d6d8e40b1fb
Instruction Fuzzy Hash: 1D911A32609BC581DB618B54F8443AAB3B4FB89794F408226EBCD43B69EF7CD595DB00

Function 00007FF63CBE3D30 Relevance: 10.7, APIs: 7, Instructions: 171COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBE3D7B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBE3D8F
memset.VCRUNTIME140 ref: 00007FF63CBE3DB6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBE3EC6
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBE3FD1
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBE3FEA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE403E

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: e22f9a8dae4e87dfb2867837728cd96dfc1fe08a7cbb77c3a63fe73f632f0a66
Instruction ID: 5d6cbbb834ed4cf5df33a7c761758e48cf495aa7c3ec7a0cf5fdfb9c4185c804
Opcode Fuzzy Hash: e22f9a8dae4e87dfb2867837728cd96dfc1fe08a7cbb77c3a63fe73f632f0a66
Instruction Fuzzy Hash: 2D814C32608BC581DB618B15F4843AAB3B4FB89B94F405226EBCD43B69EF7CD595DB00

Function 00007FF63CBF86A0 Relevance: 10.7, APIs: 7, Instructions: 165COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBF86EB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBF86FF
memset.VCRUNTIME140 ref: 00007FF63CBF8726
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBF8822
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBF8931
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBF894A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF899E

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: 2b5eec5e36ea4908f1b7b99489612c0141f7c9cc658afbeb9e8cece5d66bbc1a
Instruction ID: 55b5e798fb4063c0bff28cb67f252dab91f7b563aa97eb8cdc015f46d2fdf3ec
Opcode Fuzzy Hash: 2b5eec5e36ea4908f1b7b99489612c0141f7c9cc658afbeb9e8cece5d66bbc1a
Instruction Fuzzy Hash: 16813B32608BC581DB618B15F4443EAB3A4FB8A794F405222EBCD43B68EF7CD595DB00

Function 00007FF63CD080D0 Relevance: 10.7, APIs: 7, Instructions: 162COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CD0811B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CD0812F
memset.VCRUNTIME140 ref: 00007FF63CD08156
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CD08247
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CD08351
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CD0836A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CD083BE

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: 2c8bb85613cca43e580097fc06bae1eafb84174dc8e0fdea86be1d187ad1eecc
Instruction ID: ebb88e1ef81950540367ba73329673de297b6e28b36562e739676c5088d850d5
Opcode Fuzzy Hash: 2c8bb85613cca43e580097fc06bae1eafb84174dc8e0fdea86be1d187ad1eecc
Instruction Fuzzy Hash: DE811932609BC582DB618B18F8443EAB3A4FB89754F405226EBCD43B69EF78D595DB00

Function 00007FF63CBF6FC0 Relevance: 10.7, APIs: 7, Instructions: 161COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBF700D
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBF701E
memset.VCRUNTIME140 ref: 00007FF63CBF7045
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBF7129
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBF723A
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBF7253
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF72A7

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: bfe2785224e012604408371ff55be6b16cc8ffa755e39fd9eca93efcaf815295
Instruction ID: 7f2abae1a21d5278f32efdf5f77159664a83309ace3940547cac6d565887cfd0
Opcode Fuzzy Hash: bfe2785224e012604408371ff55be6b16cc8ffa755e39fd9eca93efcaf815295
Instruction Fuzzy Hash: 68815D36618FC586DB618B15F4843EAB3A4FB89794F404226EACD53B68EF3CD195DB00

Function 00007FF63CBED070 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 161COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF38EE
Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF398B

_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBED204
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBED28D

Strings

Rounding detected for '{}'. {} become {}, xrefs: 00007FF63CBED23E
(, xrefs: 00007FF63CBED24A
Attempting to assign negative number '{}' to a variable expecting positive number '{}', xrefs: 00007FF63CBED1BF
', xrefs: 00007FF63CBED2A9
Number expected for '{}', but {} given., xrefs: 00007FF63CBED29D

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrowmemchr
String ID: '$($Attempting to assign negative number '{}' to a variable expecting positive number '{}'$Number expected for '{}', but {} given.$Rounding detected for '{}'. {} become {}
API String ID: 4071565095-2198650091
Opcode ID: 74dc02c9c717f047005757f268b2aa3c334873b52a847ef64fb3c1be66dec98f
Instruction ID: 77164a4e4b1f9b8d8a6a38a3a245ba1ce7581ab88ad935f8e81894f8f9a26d38
Opcode Fuzzy Hash: 74dc02c9c717f047005757f268b2aa3c334873b52a847ef64fb3c1be66dec98f
Instruction Fuzzy Hash: E461F522A18A9695EA019B30F4412FAA3E0FF96780F405236FA4E93B99EF3CD145D701

Function 00007FF63CC27730 Relevance: 10.7, APIs: 7, Instructions: 156COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CC2777B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CC2778F
memset.VCRUNTIME140 ref: 00007FF63CC277B6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CC2788B
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CC27997
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CC279B0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC27A04

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: 6d7f3f8e7ed4ab6d9ba08be01be26cdee563922883153caada6aa637d8916fc9
Instruction ID: 52dbed5fd342cf51390e61dfb80e629b0e204680bf5fb499f36f7e881fbb603d
Opcode Fuzzy Hash: 6d7f3f8e7ed4ab6d9ba08be01be26cdee563922883153caada6aa637d8916fc9
Instruction Fuzzy Hash: FF711932609BC581DB618B19F8843EAB3B4FB89754F405226EACD43B68EF78D595DB00

Function 00007FF63CBE4070 Relevance: 10.7, APIs: 7, Instructions: 155COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CBE40BB
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CBE40CF
memset.VCRUNTIME140 ref: 00007FF63CBE40F6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CBE41CD
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CBE42D8
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CBE42F1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE4345

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: dd0194b5a12faf51e93738dfb1abf8c36334fbcde7dddc78c1cba55ed25f8f97
Instruction ID: e3d3d18a3eee9fcdb2ad8fe07d1267bf4eed7b0e69cc595fe1fc899e4c33f474
Opcode Fuzzy Hash: dd0194b5a12faf51e93738dfb1abf8c36334fbcde7dddc78c1cba55ed25f8f97
Instruction Fuzzy Hash: 5F712A32609BC581DB718B55F8843EAB3A4FB89754F405222EACD43B68EF7CD195DB00

Function 00007FF63CC25220 Relevance: 10.7, APIs: 7, Instructions: 155COMMON

Download Yara Rule

APIs

?should_log@logger@spdlog@@QEBA_NW4level_enum@level@2@@Z.SPDLOG ref: 00007FF63CC2526B
?enabled@backtracer@details@spdlog@@QEBA_NXZ.SPDLOG ref: 00007FF63CC2527F
memset.VCRUNTIME140 ref: 00007FF63CC252A6
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CC2537D
??0log_msg@details@spdlog@@QEAA@Usource_loc@2@V?$basic_string_view@D@v10@fmt@@W4level_enum@level@2@1@Z.SPDLOG ref: 00007FF63CC25488
?log_it_@logger@spdlog@@IEAAXAEBUlog_msg@details@2@_N1@Z.SPDLOG ref: 00007FF63CC254A1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC254F5

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@??0log_msg@details@spdlog@@?enabled@backtracer@details@spdlog@@?log_it_@logger@spdlog@@?should_log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@D@v10@fmt@@@12@Ulog_msg@details@2@_Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@W4level_enum@level@2@1@W4level_enum@level@2@@_invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 3906636330-0
Opcode ID: c1a8e7853a77cf52d7fc41c31ded951125bc15e8d19691b2e8185e7862f57f6b
Instruction ID: 09629a34c5714d9f5f074fc7662cee38ca24ef69913346b3b2806ed0830b4f93
Opcode Fuzzy Hash: c1a8e7853a77cf52d7fc41c31ded951125bc15e8d19691b2e8185e7862f57f6b
Instruction Fuzzy Hash: 01711932609BC581DB618B15F8843EAB3B4FB89755F405222EACD43B69EF7CD195DB00

Function 00007FF63CBFC300 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 153COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC049E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC04ACD
Part of subcall function 00007FF63CC049E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC04B25

?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBFC3AC
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBFC4F3
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBFC4FA

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h, xrefs: 00007FF63CBFC3DA
{}{}, xrefs: 00007FF63CBFC402
__cdecl sj::ScopedLogger<0>::ScopedLogger(const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struc, xrefs: 00007FF63CBFC3F7

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@Vlogger@1@
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h$__cdecl sj::ScopedLogger<0>::ScopedLogger(const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struc${}{}
API String ID: 1965997411-2365327245
Opcode ID: 98f6d69e185f5ce941139f3f2c5b52a76e29f0ca814b2cf19e7af23f4e4f4936
Instruction ID: e4bf39b303d67c423f44cb25269503c101816c59a5d44c2e9eaadabfbdb6c1e8
Opcode Fuzzy Hash: 98f6d69e185f5ce941139f3f2c5b52a76e29f0ca814b2cf19e7af23f4e4f4936
Instruction Fuzzy Hash: 37513B72A08B819AE721CF24E4443AD33F4FB16B88F405625EB8956B5ADF78E1E5D340

Function 00007FF63CC4F7B0 Relevance: 10.6, APIs: 7, Instructions: 148COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,?,?), ref: 00007FF63CC4F8B2
memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,?,?), ref: 00007FF63CC4F8C2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,?,?), ref: 00007FF63CC4F8FA
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,?,?), ref: 00007FF63CC4F904
memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,?,?), ref: 00007FF63CC4F912
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC4F94B
?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CC4F9AA

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpymemset$?vformat@v10@fmt@@Concurrency::cancel_current_taskD@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3674355824-0
Opcode ID: 553357235264cbe47d3ab93ff114a3c94fd35580af6d0d54b52bb9ba995142bd
Instruction ID: e76a1a98992bb3be47f6001a480a0fd74324c2c63c4ebad4eba8a68ab626fbc6
Opcode Fuzzy Hash: 553357235264cbe47d3ab93ff114a3c94fd35580af6d0d54b52bb9ba995142bd
Instruction Fuzzy Hash: 7551AF72B08B8581EA119F15E4042BAA3A1FB49BD0F544235FFAD4BB95EF3CD191E300

Function 00007FF63CBFC510 Relevance: 10.6, APIs: 7, Instructions: 147COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF63CBFC5A4
memmove.VCRUNTIME140 ref: 00007FF63CBFC5E8
memcpy.VCRUNTIME140 ref: 00007FF63CBFC600
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBFC683
memcpy.VCRUNTIME140 ref: 00007FF63CBFC6B5
memcpy.VCRUNTIME140 ref: 00007FF63CBFC6D0
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBFC6F3

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemmove
String ID:
API String ID: 1624905924-0
Opcode ID: 601c5481530e0f397be1479fba8c7a944ba2309148df3cdfb556d0716856c3ca
Instruction ID: 6129b344b0e568c5f0049234561373c3051220e96126f26792d93e6bee7b400a
Opcode Fuzzy Hash: 601c5481530e0f397be1479fba8c7a944ba2309148df3cdfb556d0716856c3ca
Instruction Fuzzy Hash: 5751F036A08B9196EA209F21E14027D33E0FB56B84F144636EF6E87782CF38E5D5E341

Function 00007FF63CC53F80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 139COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CC157F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF63CC53FA9), ref: 00007FF63CC158F7
Part of subcall function 00007FF63CC157F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000012C,-000000CB,00007FF63CC53FA9), ref: 00007FF63CC15948

Part of subcall function 00007FF63CC1F730: memmove.VCRUNTIME140 ref: 00007FF63CC1F81F

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,000001A4,00000001,00007FF63CC56280), ref: 00007FF63CC540AB
__std_exception_destroy.VCRUNTIME140(?,?,?,?,?,000001A4,00000001,00007FF63CC56280), ref: 00007FF63CC540D7
__std_exception_destroy.VCRUNTIME140(?,?,?,?,?,000001A4,00000001,00007FF63CC56280), ref: 00007FF63CC540E4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,000001A4,00000001,00007FF63CC56280), ref: 00007FF63CC5411C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,000001A4,00000001,00007FF63CC56280), ref: 00007FF63CC5416B

Strings

value, xrefs: 00007FF63CC53FEA

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$memcpymemmove
String ID: value
API String ID: 3736344271-494360628
Opcode ID: 288d04e3c262521ef4960561f3e11cbe8817ad90a21e14f412ff6aebfac9e90c
Instruction ID: 13a2fadacfb728a7202e6ee6acb4572f4c124cb994df45dba7ab73747d6db52b
Opcode Fuzzy Hash: 288d04e3c262521ef4960561f3e11cbe8817ad90a21e14f412ff6aebfac9e90c
Instruction Fuzzy Hash: 66517D62F08A4685FB10DB7AD4003FD23B1AB957A8F505331FA6D96BDADF38D185E240

Function 00007FF63CBFB5D5 Relevance: 10.6, APIs: 7, Instructions: 135COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF63CBFB664
??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF63CBFB67D
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF63CBFB6AF
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF63CBFB6D7
std::_Facet_Register.LIBCPMT ref: 00007FF63CBFB6F2
??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF63CBFB717
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z.MSVCP140 ref: 00007FF63CBFB75C
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFB7AD
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFB7DD
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBFB7E3

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Lockit@std@@Mbstatet@@@std@@$??0_??1_?in@?$codecvt@_Bid@locale@std@@Concurrency::cancel_current_taskExceptionFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterThrowV42@@Vfacet@locale@2@__std_exception_copystd::_
String ID:
API String ID: 1980819556-0
Opcode ID: 4e8b500a9831ba73ae607ce28a9e8650e87a1a22a1ad9aca4b6363d5e2f01a2e
Instruction ID: 842398249549aaa3f6c13c7f1a4a8dc4e1d13f07d1cee230763e5ab0afd15569
Opcode Fuzzy Hash: 4e8b500a9831ba73ae607ce28a9e8650e87a1a22a1ad9aca4b6363d5e2f01a2e
Instruction Fuzzy Hash: 05414B76B09B419AEB119F61E8503A833E0FB59B98F494232EE4D87794EF3CD559C300

Function 00007FF63CBE3820 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF63CBE3922
memset.VCRUNTIME140 ref: 00007FF63CBE3932
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE396A
memset.VCRUNTIME140 ref: 00007FF63CBE3982
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBE39BB

Strings

sj-app, xrefs: 00007FF63CBE3824

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memset$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemcpy
String ID: sj-app
API String ID: 1584038639-2340515614
Opcode ID: 3bef9efe2ad90a34ad4514a73887f4d0cafa64aedcbdaeea57daf3d12e439c70
Instruction ID: 43c10f880e90c9600b4421b0f6c936583491cf532c2589c4505144e62b037bbd
Opcode Fuzzy Hash: 3bef9efe2ad90a34ad4514a73887f4d0cafa64aedcbdaeea57daf3d12e439c70
Instruction Fuzzy Hash: DA41D176B0965181EA109B26E0042AD6391FB0AFD0F542235EFAE4B785DF3CD491E311

Function 00007FF63CBEA850 Relevance: 10.6, APIs: 7, Instructions: 109COMMON

Download Yara Rule

APIs

_Mtx_lock.MSVCP140 ref: 00007FF63CBEA874
_Mtx_unlock.MSVCP140 ref: 00007FF63CBEA8B6
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF63CBEA8D0
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF63CBEA8DB
_Mtx_lock.MSVCP140 ref: 00007FF63CBEA920
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF63CBEA970
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF63CBEA97B

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Cpp_error@std@@Throw_$Mtx_lock$Mtx_unlock
String ID:
API String ID: 134073552-0
Opcode ID: ab8af4836c3803c3d1614d797c9068100af42ed2297bfc98a56bb43e76902045
Instruction ID: dac2379d9ab8002a64cdd60855c0403006e2ca45b9b799236db68b9dd827f333
Opcode Fuzzy Hash: ab8af4836c3803c3d1614d797c9068100af42ed2297bfc98a56bb43e76902045
Instruction Fuzzy Hash: 4031D131B0868586EB089B38D06137D27A0EF85B88F588234FB5E83BD6DF2CD855D701

Function 00007FF63CBFEAF0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 109COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBFEC60

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h, xrefs: 00007FF63CBFEB31
3, xrefs: 00007FF63CBFEB29
~ScopedLogger, xrefs: 00007FF63CBFEAFF
3, xrefs: 00007FF63CBFEB45
__cdecl sj::ScopedLogger<0>::~ScopedLogger(void) noexcept, xrefs: 00007FF63CBFEB16

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: 3$3$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h$__cdecl sj::ScopedLogger<0>::~ScopedLogger(void) noexcept$~ScopedLogger
API String ID: 3668304517-2941667751
Opcode ID: 311d0b94104fc622cefa3433c9a713e480951b7e99620925dc2cc3bbe3bb7180
Instruction ID: dd630d690d1dd251e128e61d2efe4707868ba7b98f5f4d7475951c36d09e5c17
Opcode Fuzzy Hash: 311d0b94104fc622cefa3433c9a713e480951b7e99620925dc2cc3bbe3bb7180
Instruction Fuzzy Hash: 46415672A08B8485EB14CF24E09837D77E1FB45B88F504136EA8D4A78ADF7EC994D380

Function 00007FF63CC04500 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 109COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC046D6

Part of subcall function 00007FF63CBF65F0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBF6638

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC04613

Strings

Failed to download JSON file: '{}'., xrefs: 00007FF63CC04590
#, xrefs: 00007FF63CC0459C
class std::optional<class nlohmann::json_abi_v3_11_2::basic_json<class std::map,class std::vector,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,bool,__int64,unsigned __int64,double,class std::allocator,struct nlohmann:, xrefs: 00007FF63CC04581
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp, xrefs: 00007FF63CC04575

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$?default_logger_raw@spdlog@@Vlogger@1@
String ID: #$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\Updater.cpp$Failed to download JSON file: '{}'.$class std::optional<class nlohmann::json_abi_v3_11_2::basic_json<class std::map,class std::vector,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,bool,__int64,unsigned __int64,double,class std::allocator,struct nlohmann:
API String ID: 1965997411-2301830536
Opcode ID: aaa598d28d0ba1703fdfa66e926a40339ce5c342764f547ed5d16dc0cbca9074
Instruction ID: 53fe217b023c4ab984813137d2ceadcedb31eb0f2663676ff1c718b60d4ad89e
Opcode Fuzzy Hash: aaa598d28d0ba1703fdfa66e926a40339ce5c342764f547ed5d16dc0cbca9074
Instruction Fuzzy Hash: 4F514D72A18BC585EB20CB24E4543AE73A1FB89B94F504235EADC477A9EF7CD584DB00

Function 00007FF63CBE58A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 107COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE5A38

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h, xrefs: 00007FF63CBE58D9
3, xrefs: 00007FF63CBE58F7
__cdecl sj::ScopedLogger<2>::~ScopedLogger(void) noexcept, xrefs: 00007FF63CBE58CA
3, xrefs: 00007FF63CBE58E0
~ScopedLogger, xrefs: 00007FF63CBE58B3

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: 3$3$C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\ScopedLogger.h$__cdecl sj::ScopedLogger<2>::~ScopedLogger(void) noexcept$~ScopedLogger
API String ID: 3668304517-1355120257
Opcode ID: 191744375a2de65ab047132604da87dc71376fd87646923001e339cb40b87425
Instruction ID: c45da8038a46fe8a4f39a900d753dcb15f9ebdcaa2e0f20a6b45b896c1d96c0b
Opcode Fuzzy Hash: 191744375a2de65ab047132604da87dc71376fd87646923001e339cb40b87425
Instruction Fuzzy Hash: 9C417A72B08B9181EB149B64E0883BC33A1FB45F88F505235EA9D4A799DF7ED9D8D340

Function 00007FF63CC46BF0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF38EE
Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF398B

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC46C84

Strings

/metric, xrefs: 00007FF63CC46D1F
/newrelic, xrefs: 00007FF63CC46C33
/event, xrefs: 00007FF63CC46CC4
/trace, xrefs: 00007FF63CC46D4E
/log, xrefs: 00007FF63CC46CF0

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memchr$_invalid_parameter_noinfo_noreturnmemcpy
String ID: /event$/log$/metric$/newrelic$/trace
API String ID: 3101834445-764407026
Opcode ID: f548bbcb6fb1eea0f5484e6b0a2f2d4bd8b7e397df3af7f8c53ff400d2c63939
Instruction ID: bd23eeb84fe99e11a58aef1b1eeefdef9f0e73b9a525a09630c681ca9f53bb73
Opcode Fuzzy Hash: f548bbcb6fb1eea0f5484e6b0a2f2d4bd8b7e397df3af7f8c53ff400d2c63939
Instruction Fuzzy Hash: 14517B72F14B9298FB00DBB4D8412EC73B1BB49758F509235EE4D6AB59EF78A199C300

Function 00007FF63CBFAE80 Relevance: 10.6, APIs: 7, Instructions: 99COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF63CBFAEBD
__std_type_info_compare.VCRUNTIME140 ref: 00007FF63CBFAF0D
LeaveCriticalSection.KERNEL32 ref: 00007FF63CBFAF26
EnterCriticalSection.KERNEL32 ref: 00007FF63CBFAF48
__std_type_info_compare.VCRUNTIME140 ref: 00007FF63CBFAF80
LeaveCriticalSection.KERNEL32 ref: 00007FF63CBFAFA1
LeaveCriticalSection.KERNEL32 ref: 00007FF63CBFAFDA

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$Leave$Enter__std_type_info_compare
String ID:
API String ID: 1305417736-0
Opcode ID: 934303032dca120c12c4baf4570b7d858df67c2923e339e288e6d7572d2c8304
Instruction ID: dd795ef1d87f21726f65fbd98977b2e9a4e4d7a3e5344dd4480c1de8e76baca5
Opcode Fuzzy Hash: 934303032dca120c12c4baf4570b7d858df67c2923e339e288e6d7572d2c8304
Instruction Fuzzy Hash: 14413D6AB09B9289FE599F119440279A3E0FF89F84F084531FE8E97B45DF3CE440D211

Function 00007FF63CBFB160 Relevance: 10.6, APIs: 7, Instructions: 99COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF63CBF4C70), ref: 00007FF63CBFB19E
__std_type_info_compare.VCRUNTIME140 ref: 00007FF63CBFB1ED
LeaveCriticalSection.KERNEL32 ref: 00007FF63CBFB206
EnterCriticalSection.KERNEL32 ref: 00007FF63CBFB228
__std_type_info_compare.VCRUNTIME140 ref: 00007FF63CBFB260
LeaveCriticalSection.KERNEL32 ref: 00007FF63CBFB281
LeaveCriticalSection.KERNEL32 ref: 00007FF63CBFB2BA

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$Leave$Enter__std_type_info_compare
String ID:
API String ID: 1305417736-0
Opcode ID: b7ab21b11e32ef0b14fb0a12f2bf48d4ee7e65be1d4a5d5d2aaede0b50970431
Instruction ID: 3296b1d210745d76cff93514a5d7d4d375ceed8e3f05f4c45619a4a42a63ac52
Opcode Fuzzy Hash: b7ab21b11e32ef0b14fb0a12f2bf48d4ee7e65be1d4a5d5d2aaede0b50970431
Instruction Fuzzy Hash: 2C411B3AA19B9289EA558F129440279B7E0FB8AB84F084135FE8E57B59DF3CE440D701

Function 00007FF63CC26D50 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC26270: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CC262B8

Part of subcall function 00007FF63CBEF340: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBEF383
Part of subcall function 00007FF63CBEF340: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF63CBEF3D4

signal.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC26E13
signal.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC26E25

Strings

Registered SIGINT and SIGTERM, xrefs: 00007FF63CC26DF2
void __cdecl sj::ConsoleApplication::run(void) const, xrefs: 00007FF63CC26D96
sj::ConsoleApplication::run, xrefs: 00007FF63CC26DC6
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\ConsoleApplication.cpp, xrefs: 00007FF63CC26D8B

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@Vlogger@1@signal$?log@logger@spdlog@@D@v10@fmt@@@Usource_loc@2@V?$basic_string_view@W4level_enum@level@2@
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\ConsoleApplication.cpp$Registered SIGINT and SIGTERM$sj::ConsoleApplication::run$void __cdecl sj::ConsoleApplication::run(void) const
API String ID: 2709538909-2736404026
Opcode ID: 76665a8892fd6cc400b0e809d455ab74943f8cb60b669b62b3bb206923bf2aec
Instruction ID: ed30d2b46fa618a2ecd96db74cade958fbb78b029a7f2cea7ffd8b200f9f92d2
Opcode Fuzzy Hash: 76665a8892fd6cc400b0e809d455ab74943f8cb60b669b62b3bb206923bf2aec
Instruction Fuzzy Hash: 91413432B04B8189EB10CF25E4902A833F5FB48B88F489536FA4D97B58CF38D555D390

Function 00007FF63CC293A0 Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QEAA@H@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF63CC28DF0,?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC293CD
??Bid@locale@std@@QEAA_KXZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF63CC28DF0,?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC293E7
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF63CC28DF0,?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC29419
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,00007FF63CC28DF0,?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC29443
std::_Facet_Register.LIBCPMT ref: 00007FF63CC2945C
??1_Lockit@std@@QEAA@XZ.MSVCP140(?,?,?,?,?,?,00000000,00007FF63CC28DF0,?,?,?,00000000,?,?,?,00007FF63CC2970C), ref: 00007FF63CC2947B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC294A6

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$ctype@_Getgloballocale@locale@std@@Locimp@12@RegisterV42@@Vfacet@locale@2@W@std@@std::_
String ID:
API String ID: 3972169111-0
Opcode ID: 7190d2af73d65b90328849dad8d247bc0bb61af88903315c2e7bd7e9c7039273
Instruction ID: 40edc08202f97a856338054739aba8b638a78b68a95d7fdd99314b7a9bc32453
Opcode Fuzzy Hash: 7190d2af73d65b90328849dad8d247bc0bb61af88903315c2e7bd7e9c7039273
Instruction Fuzzy Hash: 9C313C32B08A4581EE149F15E450169B3B0FB88B94F485631FB9E87BA9DF3CE555D700

Function 00007FF63CBFA18C Relevance: 9.2, APIs: 6, Instructions: 175COMMON

Download Yara Rule

APIs

__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA39E
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA3CB
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA3EC
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA419
__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFA43A
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFA467

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow__std_exception_copy
String ID:
API String ID: 1552479455-0
Opcode ID: 17ff3a1a2724ef56e09fa7d03955a1be1c203bc3fc2dd94bc7b1faf0ebed9fab
Instruction ID: bbc4a1564f093cc85e83487f1cad6ca92e869e55cece77e5d4b35e119cb5683d
Opcode Fuzzy Hash: 17ff3a1a2724ef56e09fa7d03955a1be1c203bc3fc2dd94bc7b1faf0ebed9fab
Instruction Fuzzy Hash: 4A512B3364D7828FD7128F74D8501DC7BF0E791B28B958122E789C2687EBAD9987CB11

Function 00007FF63CC318E0 Relevance: 9.1, APIs: 6, Instructions: 141COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC319BB
memmove.VCRUNTIME140 ref: 00007FF63CC319EE
memmove.VCRUNTIME140 ref: 00007FF63CC31A28
memmove.VCRUNTIME140 ref: 00007FF63CC31A42
memmove.VCRUNTIME140 ref: 00007FF63CC31A65

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC31A79

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 2075926362-0
Opcode ID: 9d8632279ebb0ee8656ddec0a53f2c0a3f2a3af4e58a05a84ce15df877356b82
Instruction ID: 0120d37307cf4eb89ab12150c247b1af695708f340ae8e2924f9016c79a5c8c7
Opcode Fuzzy Hash: 9d8632279ebb0ee8656ddec0a53f2c0a3f2a3af4e58a05a84ce15df877356b82
Instruction Fuzzy Hash: C241CE73B05BA589EA10DB51F8441B822A4EB04BE0F8A8635EF6D477C5DF3CD586D300

Function 00007FF63CC51AE0 Relevance: 9.1, APIs: 6, Instructions: 138COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION ref: 00007FF63CC51B42
memset.VCRUNTIME140 ref: 00007FF63CC51BBA
GetFileVersionInfoW.VERSION ref: 00007FF63CC51BDA
VerQueryValueW.VERSION ref: 00007FF63CC51C02
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC51C77
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC51CC6
GetLastError.KERNEL32 ref: 00007FF63CC51CF8
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC51D28
GetLastError.KERNEL32 ref: 00007FF63CC51D2E
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC51D56

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC51DAE
GetLastError.KERNEL32 ref: 00007FF63CC51DB4
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC51DE3
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC51DE9
GetLastError.KERNEL32 ref: 00007FF63CC51DEF
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC51E1E

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow$ErrorLast$FileInfoVersion_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskQuerySizeValuemallocmemset
String ID:
API String ID: 3580527793-0
Opcode ID: d094d344cdc5789908d9915625bd0a99286dca60e812325d45b2271169d18777
Instruction ID: 0a7292f3ab5e645eee4970010f94eea2778ae7e6ef3736ab24ad26d2b361579e
Opcode Fuzzy Hash: d094d344cdc5789908d9915625bd0a99286dca60e812325d45b2271169d18777
Instruction Fuzzy Hash: 4B519072F14A8299EB15DF6AD4442BC23F1EB84798F008631FA5D96BD9EF39E580D300

Function 00007FF63CC52160 Relevance: 9.1, APIs: 6, Instructions: 84COMMON

Download Yara Rule

APIs

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF63CC521B6
_get_stream_buffer_pointers.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63CC521DF
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z.MSVCP140 ref: 00007FF63CC52206
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF63CC5222A

Part of subcall function 00007FF63CC4DA00: ??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF63CC4D91D
Part of subcall function 00007FF63CC4DA00: ??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF63CC4D937
Part of subcall function 00007FF63CC4DA00: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF63CC4D969
Part of subcall function 00007FF63CC4DA00: ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF63CC4D993
Part of subcall function 00007FF63CC4DA00: std::_Facet_Register.LIBCPMT ref: 00007FF63CC4D9AC
Part of subcall function 00007FF63CC4DA00: ??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF63CC4D9CB

?always_noconv@codecvt_base@std@@QEBA_NXZ.MSVCP140 ref: 00007FF63CC5223F
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF63CC52256

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$Init@?$basic_streambuf@$Lockit@std@@$??0_??1_?always_noconv@codecvt_base@std@@?getloc@?$basic_streambuf@Bid@locale@std@@Facet_Getcat@?$codecvt@Getgloballocale@locale@std@@H001@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@Vlocale@2@_get_stream_buffer_pointersstd::_
String ID:
API String ID: 438086469-0
Opcode ID: 7f571201aae912395869e43eb9757e61f122639b51d5bc545452760d667e6ffe
Instruction ID: 20d69db35a9431e15a652c78077a65b82f10d71f7612c2a25f8982967519d821
Opcode Fuzzy Hash: 7f571201aae912395869e43eb9757e61f122639b51d5bc545452760d667e6ffe
Instruction Fuzzy Hash: DC313636B09B8681EB409B66A81436A73E4FB89FD4F140135FA8D87B68DF3CE449D740

Function 00007FF63CC44AD0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 185COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMT ref: 00007FF63CC44AFC
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC44B0D
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC44B95
#111.WS2_32 ref: 00007FF63CC44CCA

Strings

?', xrefs: 00007FF63CC44C79

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow$#111std::bad_exception::bad_exception
String ID: ?'
API String ID: 1751064157-3155004840
Opcode ID: 60753bd758074273af37a94271c66123a120dccab6db30e6d1ab063559282264
Instruction ID: d0771e076771bc7046183b39cd91987a043c4b9896b151b8dee6f240fe9f439b
Opcode Fuzzy Hash: 60753bd758074273af37a94271c66123a120dccab6db30e6d1ab063559282264
Instruction Fuzzy Hash: FC51C672F1C64582EB529B29F4011AA63B0FFC47C4F58C231FA8D86B5AEE7CD5859701

Function 00007FF63CC24E90 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC53580: strnlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF63CC24EE8), ref: 00007FF63CC535B2

memset.VCRUNTIME140 ref: 00007FF63CC24F5C
??$vformat_to@D@detail@v10@fmt@@YAXAEAV?$buffer@D@012@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@Vlocale_ref@012@@Z.FMT ref: 00007FF63CC25074

Part of subcall function 00007FF63CC24D90: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CC24DD3
Part of subcall function 00007FF63CC24D90: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF63CC24E08

Strings

Thrown structured exception in file '{}', line {}, function '{}'{}{}, xrefs: 00007FF63CC2504E
, details: , xrefs: 00007FF63CC24F81
D, xrefs: 00007FF63CC2505A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: V?$basic_string_view@$??$vformat_to@?default_logger_raw@spdlog@@?log@logger@spdlog@@D@012@D@12@D@detail@v10@fmt@@D@v10@fmt@@@D@v10@fmt@@@12@Usource_loc@2@V?$basic_format_args@V?$basic_format_context@V?$buffer@Vappender@v10@fmt@@Vlocale_ref@012@@Vlogger@1@W4level_enum@level@2@memsetstrnlen
String ID: , details: $D$Thrown structured exception in file '{}', line {}, function '{}'{}{}
API String ID: 752384624-1457298303
Opcode ID: b11832fa27a8e5d4500b269d232beb03665b6bce695a123fbb7f2a3ea2f0b072
Instruction ID: f07811b94d930d5c326f12c2cb22a3f06386bb0c6073d42fd351f6693e42fdcd
Opcode Fuzzy Hash: b11832fa27a8e5d4500b269d232beb03665b6bce695a123fbb7f2a3ea2f0b072
Instruction Fuzzy Hash: 93915E32618FC486E721CF64E8402E9B7B4FB98748F449226EB8D53B19EF38D295C740

Function 00007FF63CC00EF0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

__std_fs_code_page.MSVCPRT ref: 00007FF63CC00F4F

Part of subcall function 00007FF63CD43D84: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FF63CBE97E9), ref: 00007FF63CD43D88
Part of subcall function 00007FF63CD43D84: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF63CBE97E9), ref: 00007FF63CD43D97

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC010E4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC01132

Strings

: ", xrefs: 00007FF63CC01017
", ", xrefs: 00007FF63CC0104A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ApisFile___lc_codepage_func__std_fs_code_page
String ID: ", "$: "
API String ID: 956348032-747220369
Opcode ID: 5855ae214c45b8c9575d129737d96dfe4a9c0936026e9b3a46c58d9a08613a75
Instruction ID: 2b40d516ce6ecfcf2b7a6ec405ada75e7185244c6d030a61e6951f41a1e25ba9
Opcode Fuzzy Hash: 5855ae214c45b8c9575d129737d96dfe4a9c0936026e9b3a46c58d9a08613a75
Instruction Fuzzy Hash: 5E717E72B08A518AEB00DF65E1403AC63B2FB49B88F004635EE9D57B99DF39D195E344

Function 00007FF63CCF6D40 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBE4BC0: memset.VCRUNTIME140(?,?,00000000,00007FF63CBE18E1), ref: 00007FF63CBE4C10

sentry_options_new.SENTRY ref: 00007FF63CCF6F9D
sentry_options_free.SENTRY ref: 00007FF63CCF6FB6

Strings

sentry.prd.amtr.disqotech.com//3, xrefs: 00007FF63CCF6D80
?, xrefs: 00007FF63CCF6EEE
sentry, xrefs: 00007FF63CCF6EB2

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpymemsetsentry_options_freesentry_options_new
String ID: ?$sentry$sentry.prd.amtr.disqotech.com//3
API String ID: 3970762193-410467485
Opcode ID: 04e5cacfe29f9aea9a5cf147dec9e3950c70b4c9e2dc2bc2160f0815cfe2f74c
Instruction ID: 011bcb279aba53e0f758bd9aeb15a9700b1143598bed1a498039d8a3a11d2dd6
Opcode Fuzzy Hash: 04e5cacfe29f9aea9a5cf147dec9e3950c70b4c9e2dc2bc2160f0815cfe2f74c
Instruction Fuzzy Hash: D6717F22608A82A6EB14DF74E4503AE77A0FB85744F406632F78D83B66DF3CD5A9D701

Function 00007FF63CBFB930 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBFFF00: ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ.MSVCP140(?,?,00000000,00007FF63CBF5124), ref: 00007FF63CBFFF33
Part of subcall function 00007FF63CBFFF00: ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ.MSVCP140(?,?,00000000,00007FF63CBF5124), ref: 00007FF63CBFFF56
Part of subcall function 00007FF63CBFFF00: ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ.MSVCP140(?,?,00000000,00007FF63CBF5124), ref: 00007FF63CBFFF71

Part of subcall function 00007FF63CBFB630: ??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF63CBFB664
Part of subcall function 00007FF63CBFB630: ??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF63CBFB67D
Part of subcall function 00007FF63CBFB630: ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ.MSVCP140 ref: 00007FF63CBFB6AF
Part of subcall function 00007FF63CBFB630: ?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF63CBFB6D7
Part of subcall function 00007FF63CBFB630: std::_Facet_Register.LIBCPMT ref: 00007FF63CBFB6F2
Part of subcall function 00007FF63CBFB630: ??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF63CBFB717
Part of subcall function 00007FF63CBFB630: ?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z.MSVCP140 ref: 00007FF63CBFB75C

memset.VCRUNTIME140 ref: 00007FF63CBFB9A0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBFBA9A

Part of subcall function 00007FF63CBE5F00: memmove.VCRUNTIME140 ref: 00007FF63CBE5F47

__std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFBB0C
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBFBB42

Strings

failed to format time, xrefs: 00007FF63CBFBAF1

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?c_str@?$_D@std@@Yarn@$Lockit@std@@Mbstatet@@@std@@$??0_??1_?in@?$codecvt@_Bid@locale@std@@ExceptionFacet_Getcat@?$codecvt@_Getgloballocale@locale@std@@Locimp@12@Mbstatet@@RegisterThrowV42@@Vfacet@locale@2@__std_exception_copy_invalid_parameter_noinfo_noreturnmemmovememsetstd::_
String ID: failed to format time
API String ID: 3487375415-3478406193
Opcode ID: 2debe2969c022d53dcb64362949d5e65cfdbbb9c60043b5fabb37456b58b986b
Instruction ID: 07adb01fbc50d7b5f7b5d53398d205cd568ebecbc2fd8c670cd762d81fd6ec11
Opcode Fuzzy Hash: 2debe2969c022d53dcb64362949d5e65cfdbbb9c60043b5fabb37456b58b986b
Instruction Fuzzy Hash: 8C516C72B18A5688EB00DB69E8403ED63A0FB49798F405131FE9E93B99EF38D145D700

Function 00007FF63CBEDEC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE3769

Part of subcall function 00007FF63CBF2DD0: memmove.VCRUNTIME140 ref: 00007FF63CBF2EF6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEDF8E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEDFDD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE01C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE08F

Strings

out_of_range, xrefs: 00007FF63CBEDF26

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$memmove
String ID: out_of_range
API String ID: 1675611454-3053435996
Opcode ID: 5857a3362f06b1e021c572f5196cf7b4abd5dbfae2aa511d81110b8af0e22a4b
Instruction ID: b12ea6fa649bd3831e2da4f84868eed945d11aeedc3759757780d443bc4a46b6
Opcode Fuzzy Hash: 5857a3362f06b1e021c572f5196cf7b4abd5dbfae2aa511d81110b8af0e22a4b
Instruction Fuzzy Hash: D351A362F14A5689FB10DB79E4413BC23A1EF4ABA4F005331FA2D56BD9EE68E485D300

Function 00007FF63CC111C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE3769

Part of subcall function 00007FF63CBF2DD0: memmove.VCRUNTIME140 ref: 00007FF63CBF2EF6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,-8000000000000000,?,?,00007FF63CC0F1C5), ref: 00007FF63CC1128E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,-8000000000000000,?,?,00007FF63CC0F1C5), ref: 00007FF63CC112DD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,-8000000000000000,?,?,00007FF63CC0F1C5), ref: 00007FF63CC1131C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,-8000000000000000,?,?,00007FF63CC0F1C5), ref: 00007FF63CC1138F

Strings

invalid_iterator, xrefs: 00007FF63CC11226

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$memmove
String ID: invalid_iterator
API String ID: 1675611454-2508626007
Opcode ID: 370467f2b25f2973224c4cbe2f9471fedf0aa129c0b87eb079668420b5ec6d47
Instruction ID: f965b1eaa59d3a8149e7424bd78b66d7128182f9d6856c9c13a08f9d27e7aa8d
Opcode Fuzzy Hash: 370467f2b25f2973224c4cbe2f9471fedf0aa129c0b87eb079668420b5ec6d47
Instruction Fuzzy Hash: 7E518362F18A4685FB10DB79D4403BC23B1EB497A4F505332FA6D96BD9EE2CE485E300

Function 00007FF63CBEDCC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE3769

Part of subcall function 00007FF63CBF2DD0: memmove.VCRUNTIME140 ref: 00007FF63CBF2EF6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,000001A4,000001A4,?,00007FF63CBEFA48), ref: 00007FF63CBEDD8E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,000001A4,000001A4,?,00007FF63CBEFA48), ref: 00007FF63CBEDDDD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,000001A4,000001A4,?,00007FF63CBEFA48), ref: 00007FF63CBEDE1C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,000001A4,000001A4,?,00007FF63CBEFA48), ref: 00007FF63CBEDE8F

Strings

other_error, xrefs: 00007FF63CBEDD26

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$memmove
String ID: other_error
API String ID: 1675611454-896093151
Opcode ID: 8d3778c16a33bb80b5c2d381c3b6933fd90dd14974ba479d2923a914388cbea6
Instruction ID: 1e89b01f31584a09f4ef71a63a49f1affe5dc549a9dd463af531e254baeda41c
Opcode Fuzzy Hash: 8d3778c16a33bb80b5c2d381c3b6933fd90dd14974ba479d2923a914388cbea6
Instruction Fuzzy Hash: 00519362F14A5685FB10DB75E4403BC23A1EB5ABE4F105332FA2D56BD9EF68E485D300

Function 00007FF63CBEE490 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE3769

Part of subcall function 00007FF63CBF2DD0: memmove.VCRUNTIME140 ref: 00007FF63CBF2EF6

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE55E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE5AD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE5EC
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE65F

Strings

type_error, xrefs: 00007FF63CBEE4F6

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$memmove
String ID: type_error
API String ID: 1675611454-1406221190
Opcode ID: cd57a0b419e4f3c311e881ce81f6a17751f47686868a109d96df47cd17d7c469
Instruction ID: b6a9a02b973f297b572631b566eb3df7073cda3b426d8685e4ed6ee39e23c0b9
Opcode Fuzzy Hash: cd57a0b419e4f3c311e881ce81f6a17751f47686868a109d96df47cd17d7c469
Instruction Fuzzy Hash: 5751A562F14A9685FB10DB75E4403BC23A1EF56BA4F105331FA2D56BD9EF28E585E300

Function 00007FF63CD0E9E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 131COMMON

Download Yara Rule

APIs

terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CD0EA79
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CD0EAFE

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\network\IocThread.cpp, xrefs: 00007FF63CD0EA2B
void __cdecl sj::IocThread::stop(class std::chrono::duration<__int64,struct std::ratio<1,1000> >) noexcept, xrefs: 00007FF63CD0EA36
T, xrefs: 00007FF63CD0EA41

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnterminate
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\network\IocThread.cpp$T$void __cdecl sj::IocThread::stop(class std::chrono::duration<__int64,struct std::ratio<1,1000> >) noexcept
API String ID: 664030348-206961168
Opcode ID: bef1ba6b60e897741a4cde974c7d32bb99dc7b7dbb2ac9b4fe04523f4559de71
Instruction ID: 97e7daa0990e0b8448c8ef7d137ac140806bcf4f87a1b59b41cdd58a7ee40c1c
Opcode Fuzzy Hash: bef1ba6b60e897741a4cde974c7d32bb99dc7b7dbb2ac9b4fe04523f4559de71
Instruction Fuzzy Hash: 4451BC72B18B9081EB108B28E48436E73A0FB49B98F241335FA9D8B795CF39D885D740

Function 00007FF63CC46520 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF38EE
Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF398B

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC465B9
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC466A3

Strings

/coralogix, xrefs: 00007FF63CC46568
/dir, xrefs: 00007FF63CC4660E
/log, xrefs: 00007FF63CC466AF

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemchr$memcpy
String ID: /coralogix$/dir$/log
API String ID: 3565627297-1670645063
Opcode ID: 4750bf17e99bdb18846f798fc89cd57b770d14cabcf687ed7df576f7b67be8da
Instruction ID: 3025826ba10004d013e9589665cb120105fd004495aa55bdc40f86dba5e559dc
Opcode Fuzzy Hash: 4750bf17e99bdb18846f798fc89cd57b770d14cabcf687ed7df576f7b67be8da
Instruction Fuzzy Hash: 5451C172F14A4699EB00DF74D4402FC23A1EF4A798F40A632FA5D92B99EE38E594D340

Function 00007FF63CC27C70 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 120COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC27CF9

Strings

, details: , xrefs: 00007FF63CC27D27
q, xrefs: 00007FF63CC27D8B
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\WindowsService.cpp, xrefs: 00007FF63CC27DA1
auto __cdecl sj::WindowsService::shutdown::<lambda_1>::operator ()(void) const, xrefs: 00007FF63CC27DB0

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: , details: $C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\WindowsService.cpp$auto __cdecl sj::WindowsService::shutdown::<lambda_1>::operator ()(void) const$q
API String ID: 3668304517-2717326734
Opcode ID: 267fdb89c4a3a93a076490ca27fd36b65a40b90e73a54e31afb4e3843c5a5b31
Instruction ID: 8e7b2a04a029b42cdb80b49016fa39e45dea4349fb4d69da1403079e6e80ceff
Opcode Fuzzy Hash: 267fdb89c4a3a93a076490ca27fd36b65a40b90e73a54e31afb4e3843c5a5b31
Instruction Fuzzy Hash: DE516932A08BC585EB618F25E4903AAB3F0FB89B84F585235EA8C87758DF3CD495D740

Function 00007FF63CC46180 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 104COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF38EE
Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF398B

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC46216

Strings

/heartbeat, xrefs: 00007FF63CC461C0
/memory-usage, xrefs: 00007FF63CC4629A
/cpu-usage, xrefs: 00007FF63CC46269
/disk-usage, xrefs: 00007FF63CC462CB

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memchr$_invalid_parameter_noinfo_noreturnmemcpy
String ID: /cpu-usage$/disk-usage$/heartbeat$/memory-usage
API String ID: 3101834445-720066337
Opcode ID: 72bc09f3ea018cedf471415c1c5334674dbfb0e7f1d0d5ef752af7975ee4f23e
Instruction ID: ad73a5939267d023dbfed03ee55f42c50afad9a37167f55a12cb710f904aaefe
Opcode Fuzzy Hash: 72bc09f3ea018cedf471415c1c5334674dbfb0e7f1d0d5ef752af7975ee4f23e
Instruction Fuzzy Hash: E5418462B18B8292DA50DB24E4412AEB3B0FB8A790F505231FB9D47B5AEF3DD554D700

Function 00007FF63CC258D0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC25170: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CC251B8

Part of subcall function 00007FF63CCF8650: memset.VCRUNTIME140 ref: 00007FF63CCF8716
Part of subcall function 00007FF63CCF8650: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CCF872B
Part of subcall function 00007FF63CCF8650: ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF63CCF874A
Part of subcall function 00007FF63CCF8650: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CCF877E
Part of subcall function 00007FF63CCF8650: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF63CCF87B0
Part of subcall function 00007FF63CCF8650: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF63CCF87DA

Part of subcall function 00007FF63CBF65F0: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBF6638

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC259F5

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\Tracer.cpp, xrefs: 00007FF63CC2590A
Stop request handled in {} ms, xrefs: 00007FF63CC25920
__cdecl sj::RuntimeTrace::~RuntimeTrace(void), xrefs: 00007FF63CC25915
Running time was {}, xrefs: 00007FF63CC2598C

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??6?$basic_ostream@?default_logger_raw@spdlog@@V01@Vlogger@1@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@D@std@@@1@_V?$basic_streambuf@_invalid_parameter_noinfo_noreturnmemset
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\Tracer.cpp$Running time was {}$Stop request handled in {} ms$__cdecl sj::RuntimeTrace::~RuntimeTrace(void)
API String ID: 2862231943-3762610784
Opcode ID: 673b989972531c358cd3e346d135ab5520f3b2c4bfbabfffe706e4f85799870b
Instruction ID: 574979035f6474e60b1dfa58710cf80c1348a925a78f5167f3aea44e5b9426af
Opcode Fuzzy Hash: 673b989972531c358cd3e346d135ab5520f3b2c4bfbabfffe706e4f85799870b
Instruction Fuzzy Hash: B8317532B04B459AEB10DFA4E0413ED33B4FB08398F404226FA4D66B89DF78C255D380

Function 00007FF63CBFC930 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 67COMMON

Download Yara Rule

APIs

#115.WS2_32 ref: 00007FF63CBFC971

Strings

H, xrefs: 00007FF63CBFCA0D
throw_on_error, xrefs: 00007FF63CBFC9F0
winsock, xrefs: 00007FF63CBFCA4A
C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/detail/impl/winsock_init.ipp, xrefs: 00007FF63CBFC9D8

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: #115
String ID: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/detail/impl/winsock_init.ipp$H$throw_on_error$winsock
API String ID: 646222842-725358513
Opcode ID: b78f613f568d0cf22fcc1572038d3c2c04a003b8273f93aab324d6a4860d2f36
Instruction ID: e511f3340ca23dfcd5468ce39b404fda262389f6e965907e17db1af1065bad19
Opcode Fuzzy Hash: b78f613f568d0cf22fcc1572038d3c2c04a003b8273f93aab324d6a4860d2f36
Instruction Fuzzy Hash: 02313A32A086968AEB61CF15F4943BA73E0FB95744F401236FA8E86758DF7CE449DB40

Function 00007FF63CC2EC50 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 219COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBFC930: #115.WS2_32 ref: 00007FF63CBFC971

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

memset.VCRUNTIME140 ref: 00007FF63CC2ECDB

Part of subcall function 00007FF63CBFE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE79F
Part of subcall function 00007FF63CBFE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE7CC
Part of subcall function 00007FF63CBFE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE851
Part of subcall function 00007FF63CBFE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE860
Part of subcall function 00007FF63CBFE760: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE86B

Part of subcall function 00007FF63CD08E90: _Mtx_init_in_situ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF63CC2EF32), ref: 00007FF63CD08FCE

Strings

CoralogixService, xrefs: 00007FF63CC2EF7B
coralogix, xrefs: 00007FF63CC2EDF4
8, xrefs: 00007FF63CC2EE42
SJPulse, xrefs: 00007FF63CC2EE1B

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CreateErrorEventLast$#115CloseHandleMtx_init_in_situmallocmemset
String ID: 8$CoralogixService$SJPulse$coralogix
API String ID: 627447141-2749166383
Opcode ID: 6530ce8c60280a866e04609a623624b765a45377b7098071e30fe95c71ff4f03
Instruction ID: 00f8e3a4f2ac6ba6834475e087e58600f11f4a8d819fb3ac62ebb7d33ce27180
Opcode Fuzzy Hash: 6530ce8c60280a866e04609a623624b765a45377b7098071e30fe95c71ff4f03
Instruction Fuzzy Hash: E1A16B32619B9196E710EB24E4503EAB3A4FB86344F905136FB8D93BA6DF38D568D700

Function 00007FF63CBE67F0 Relevance: 7.6, APIs: 5, Instructions: 148windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBE2C54), ref: 00007FF63CBE6847
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CBE2C54), ref: 00007FF63CBE6889
LocalFree.KERNEL32 ref: 00007FF63CBE69E1

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ByteCharFormatFreeLocalMessageMultiWide
String ID:
API String ID: 2906450291-0
Opcode ID: 0720c4bcef2423c73aa5e8288174af3120c828c6d9aa48f9011670c80f6e739a
Instruction ID: f03aaad39d929b77bdd0b0fdf9d242d3cd90113887ac595951b89b6d026ccf06
Opcode Fuzzy Hash: 0720c4bcef2423c73aa5e8288174af3120c828c6d9aa48f9011670c80f6e739a
Instruction Fuzzy Hash: 5851B333F28B6585F720CB75A4407AD36E1BB49B98F046635FE4E96B95DF38D0849700

Function 00007FF63CBEF540 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 131COMMON

Download Yara Rule

APIs

_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBEF674
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBEF6CE

Strings

Rounding detected for '{}'. {} become {}, xrefs: 00007FF63CBEF62C
Attempting to assign negative number '{}' to a variable expecting positive number '{}', xrefs: 00007FF63CBEF68F
Number expected for '{}', but {} given., xrefs: 00007FF63CBEF6DD

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow
String ID: Attempting to assign negative number '{}' to a variable expecting positive number '{}'$Number expected for '{}', but {} given.$Rounding detected for '{}'. {} become {}
API String ID: 432778473-3898387364
Opcode ID: 98d85df994309eff1e9782338a156de0961ffd3fb86e95b79c459fab43152b9b
Instruction ID: 2a1de42e6655e3673c63dffa0887b39b122dccaf043383224f3c12e4426b599b
Opcode Fuzzy Hash: 98d85df994309eff1e9782338a156de0961ffd3fb86e95b79c459fab43152b9b
Instruction Fuzzy Hash: 5A51B622B09B5698EB01DF30E4413F963E5EF52788F409672FA4E96B59FF28E144D301

Function 00007FF63CC070B0 Relevance: 7.6, APIs: 5, Instructions: 100COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF63CC0712A
LeaveCriticalSection.KERNEL32 ref: 00007FF63CC0718C
SetEvent.KERNEL32 ref: 00007FF63CC0719E
LeaveCriticalSection.KERNEL32 ref: 00007FF63CC071DB
LeaveCriticalSection.KERNEL32 ref: 00007FF63CC071EC

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$Leave$EnterEvent
String ID:
API String ID: 3394196147-0
Opcode ID: 7d168d637cff0bf55ef157c97221fe1e6b7e8df78117dc155d927791e92ae052
Instruction ID: 09e5b570a10be4f57a12ab769c878da4d8a648ed0ff2498d9ec8ec0903aae31a
Opcode Fuzzy Hash: 7d168d637cff0bf55ef157c97221fe1e6b7e8df78117dc155d927791e92ae052
Instruction Fuzzy Hash: B541AD72A087A195FB299F21A54037937E0FF49B88F084175EE8E86792CF3CD486E310

Function 00007FF63CC11070 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 99COMMON

Download Yara Rule

APIs

_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC111AB

Part of subcall function 00007FF63CC0F2E0: memcmp.VCRUNTIME140(?,?,00000000,00007FF63CC110E5), ref: 00007FF63CC0F312

_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC1115D

Strings

' not found, xrefs: 00007FF63CC11120
cannot use at() with , xrefs: 00007FF63CC11178
key ', xrefs: 00007FF63CC1112A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow$memcmp
String ID: ' not found$cannot use at() with $key '
API String ID: 195029943-3748837117
Opcode ID: d3987ad2706ede3f2bf8c917e409eb974039125bf30a535aeed444bf9a90220c
Instruction ID: 190fa90f876570b3dc0cf781e30294887266124c55952539668a5c4d76c4d0eb
Opcode Fuzzy Hash: d3987ad2706ede3f2bf8c917e409eb974039125bf30a535aeed444bf9a90220c
Instruction Fuzzy Hash: F6319162B08A8295EB10DB26E4402E973E1FB45BC4F944132FB4D83B96DF7ED656D700

Function 00007FF63CBF1885 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBEDEC0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEDF8E
Part of subcall function 00007FF63CBEDEC0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEDFDD
Part of subcall function 00007FF63CBEDEC0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE01C

_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBF1940

Part of subcall function 00007FF63CBEDEC0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBEE08F

_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBF1986

Strings

array index '-' (, xrefs: 00007FF63CBF190A
unresolved reference token ', xrefs: 00007FF63CBF1950
) is out of range, xrefs: 00007FF63CBF1900

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ExceptionThrow
String ID: ) is out of range$array index '-' ($unresolved reference token '
API String ID: 912942878-3172047162
Opcode ID: cb9dc0cc6c036a7aba1274e50b55283804e48b4d67db96d4807d0aa39c676a24
Instruction ID: 258cebd4b6c5dfdb6ae66b1344b5a95b2e28723e6d81dea3a5a83f9065477423
Opcode Fuzzy Hash: cb9dc0cc6c036a7aba1274e50b55283804e48b4d67db96d4807d0aa39c676a24
Instruction Fuzzy Hash: 0C31C036A086969ADB219F35D4502E973E1EB81B84F804436FA0EC3B92EE2DD905D741

Function 00007FF63CBE7330 Relevance: 7.6, APIs: 5, Instructions: 94COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF63CBE953C), ref: 00007FF63CBE73E6
memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF63CBE953C), ref: 00007FF63CBE73F4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00007FF63CBE953C), ref: 00007FF63CBE7432
memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF63CBE953C), ref: 00007FF63CBE743C
memcpy.VCRUNTIME140(?,?,?,?,?,?,00007FF63CBE953C), ref: 00007FF63CBE744A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2665656946-0
Opcode ID: 23cd7d818abff32a51851b12956baf6b28880998994fb634fbcd6705ebdef49e
Instruction ID: 91b0a4703b1ad63fb483c8de97343e6f2b9efc59f00043358bf4e7aaa50216f6
Opcode Fuzzy Hash: 23cd7d818abff32a51851b12956baf6b28880998994fb634fbcd6705ebdef49e
Instruction Fuzzy Hash: 6331B062718A8192DE10DF26E9041AE67A5FB49FC4F484236EF5E87B55DE3CD092D300

Function 00007FF63CC4F4E0 Relevance: 7.6, APIs: 5, Instructions: 83COMMON

Download Yara Rule

APIs

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CC4F52B
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF63CC4F54A
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CC4F57C
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF63CC4F597
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CC4F5E5

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_ios@??0?$basic_istream@??0?$basic_streambuf@?setstate@?$basic_ios@D@std@@@1@_Init@?$basic_streambuf@V?$basic_streambuf@
String ID:
API String ID: 1184074665-0
Opcode ID: f71828065cb3a09847807b586e683d5ee68e92d75a76b62909645915c3c4c711
Instruction ID: cc0a5e242835b78d0261e42be607b8a88c37f7aeb354b5cae9fb8cc74e2477ed
Opcode Fuzzy Hash: f71828065cb3a09847807b586e683d5ee68e92d75a76b62909645915c3c4c711
Instruction Fuzzy Hash: A1316D72705B8685EB10CF29EA5472977A0FB89BC9F449235EE4D83714DF38D169C740

Function 00007FF63CC42270 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 51COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF63CC42309
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC42338

Strings

Laptop, xrefs: 00007FF63CC422C3
GetPwrCapabilities() failed, xrefs: 00007FF63CC42319
Desktop, xrefs: 00007FF63CC422CA

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ErrorExceptionLastThrow
String ID: Desktop$GetPwrCapabilities() failed$Laptop
API String ID: 256353096-51484051
Opcode ID: a7a4828832e204bdec1b43b66c04416804cb912ca292263b5d822f5602f27d52
Instruction ID: b5f12e042e8d23e8062844d32b35c82123feabbf40709e4a16a2c029ca36e2cd
Opcode Fuzzy Hash: a7a4828832e204bdec1b43b66c04416804cb912ca292263b5d822f5602f27d52
Instruction Fuzzy Hash: F811C622F1CB8595EB109B20E4403BA73E0EB99754F405335FA9C86796EF3CE195C700

Function 00007FF63CC058D0 Relevance: 7.5, APIs: 5, Instructions: 43synchronizationthreadinjectionCOMMON

Download Yara Rule

APIs

WaitForMultipleObjects.KERNEL32 ref: 00007FF63CC0590C
CloseHandle.KERNEL32 ref: 00007FF63CC05916
TerminateThread.KERNEL32 ref: 00007FF63CC05930
QueueUserAPC.KERNEL32 ref: 00007FF63CC05956
WaitForSingleObject.KERNEL32 ref: 00007FF63CC05965

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Wait$CloseHandleMultipleObjectObjectsQueueSingleTerminateThreadUser
String ID:
API String ID: 3892215915-0
Opcode ID: 4cf57ee2fc5b170383fe730725d1badba4907ae668e0e134e002b0995a3b7a1f
Instruction ID: 777c93f31baf83aa656c1d695545a5a3690e5b64233213dcc0342b17e504c5fb
Opcode Fuzzy Hash: 4cf57ee2fc5b170383fe730725d1badba4907ae668e0e134e002b0995a3b7a1f
Instruction Fuzzy Hash: 94115E76B18A4583EB50AB25E85552A33A0FF8CBA4F845232FD5E867A4EF2CD445DB00

Function 00007FF63CC27090 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 23memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,?,?,?,00000010,00007FF63CC271BD), ref: 00007FF63CC27099
HeapFree.KERNEL32(?,?,?,?,?,?,00000010,00007FF63CC271BD), ref: 00007FF63CC270A7

Part of subcall function 00007FF63CBEF340: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBEF383
Part of subcall function 00007FF63CBEF340: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF63CBEF3D4

Strings

void __cdecl sj::HeapFreer<struct _TOKEN_GROUPS>::operator ()(struct _TOKEN_GROUPS *) const, xrefs: 00007FF63CC270CC
HeapFree failed, xrefs: 00007FF63CC270C5
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\SessionInfo.cpp, xrefs: 00007FF63CC270B1

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Heap$?default_logger_raw@spdlog@@?log@logger@spdlog@@D@v10@fmt@@@FreeProcessUsource_loc@2@V?$basic_string_view@Vlogger@1@W4level_enum@level@2@
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\win\SessionInfo.cpp$HeapFree failed$void __cdecl sj::HeapFreer<struct _TOKEN_GROUPS>::operator ()(struct _TOKEN_GROUPS *) const
API String ID: 264169876-2394565865
Opcode ID: b4abf7fdec0333eec11a5c3edec9a55713945de45ee1d64f3298563f01cbc374
Instruction ID: 22ef95e2353b242407d352f4f79574626110e9f6fbb1e48533b955742f0fedfd
Opcode Fuzzy Hash: b4abf7fdec0333eec11a5c3edec9a55713945de45ee1d64f3298563f01cbc374
Instruction Fuzzy Hash: A1F082B5B09B4682EB108B61F8401A673E5FB88784F404235F94E83715EF3CD518DB01

Function 00007FF63CC2A6B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 214COMMON

Download Yara Rule

APIs

ceilf.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?), ref: 00007FF63CC2A820
memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?), ref: 00007FF63CC2A8D7
?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?), ref: 00007FF63CC2A9C7

Strings

unordered_map/set too long, xrefs: 00007FF63CC2A9C0

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Xlength_error@std@@ceilfmemcmp
String ID: unordered_map/set too long
API String ID: 3940129459-306623848
Opcode ID: b7c3e42d31e08f1f229036e38b19c78ec8728113cc0b7affbf5464040b60ef20
Instruction ID: 6389e9d9506cd822c3636b9c271ca55bcda8f1449fe1d4bf58b7caad4b9b95de
Opcode Fuzzy Hash: b7c3e42d31e08f1f229036e38b19c78ec8728113cc0b7affbf5464040b60ef20
Instruction Fuzzy Hash: 4E81C132A18B4582DE109B16E45036AA3B1FB59BD4F189632FF8E97754DF3CE492E700

Function 00007FF63CCF7190 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 176COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF7215

Strings

logs, xrefs: 00007FF63CCF7294
>, xrefs: 00007FF63CCF7323
SJPulse, xrefs: 00007FF63CCF72BB

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: >$SJPulse$logs
API String ID: 3668304517-1499787770
Opcode ID: cf6c269c443d5e7a12e4abf60ce3972159cdc2e9717994f0d6055460fc7cd14d
Instruction ID: 364c4e3fc4b5f3fb72e732990f5f88c2bf4110bd71bcb9c11f65ff1f9898d0c7
Opcode Fuzzy Hash: cf6c269c443d5e7a12e4abf60ce3972159cdc2e9717994f0d6055460fc7cd14d
Instruction Fuzzy Hash: 9F717032A18A9196EB10DF74E8502ED63B0FB85784F506132FA8D93BA9EF3CD945D700

Function 00007FF63CC2BD40 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 169COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140 ref: 00007FF63CC2BE91
memcmp.VCRUNTIME140 ref: 00007FF63CC2BEFF
?_Xlength_error@std@@YAXPEBD@Z.MSVCP140 ref: 00007FF63CC2BFB9

Strings

invalid hash bucket count, xrefs: 00007FF63CC2BFB2

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcmp$Xlength_error@std@@
String ID: invalid hash bucket count
API String ID: 2545355192-1101463472
Opcode ID: 8a4cab149706610bf47fe5775953cfc87a546e317f748ed55aea9b2c09550483
Instruction ID: 542322c2094e93e9a68cd55ba69f4811411c58c1594f90e887abb27e72cad9c6
Opcode Fuzzy Hash: 8a4cab149706610bf47fe5775953cfc87a546e317f748ed55aea9b2c09550483
Instruction Fuzzy Hash: D4714576609B8582DB148F12E46016D73F8FB48BD4B549436EFAE87B94DF38E8A0D300

Function 00007FF63CBE9D7A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE9E8C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBE9F50
_Mtx_unlock.MSVCP140 ref: 00007FF63CBE9F6F

Strings

gfffffff, xrefs: 00007FF63CBE9F0C

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Mtx_unlock
String ID: gfffffff
API String ID: 3867719841-1523873471
Opcode ID: c347bb27043396684fb530333f19fcdac3c76703e959f30662b0f6ef17b9d8ff
Instruction ID: 41480f5672ea2d734b6c67cb9a2e106979a2c821464efdac19eb153be3cff841
Opcode Fuzzy Hash: c347bb27043396684fb530333f19fcdac3c76703e959f30662b0f6ef17b9d8ff
Instruction Fuzzy Hash: 2D51B362F046D145EF21DB39E4413EC2391EB46BA4F406332FAAE86BD9DF68D585E201

Function 00007FF63CC01A30 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 131COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBFC300: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CBFC3AC

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC01B14

Part of subcall function 00007FF63CC011A0: _CxxThrowException.VCRUNTIME140 ref: 00007FF63CC011C9

Strings

<-- , xrefs: 00007FF63CC01A61
applyFeatures, xrefs: 00007FF63CC01AB0
--> , xrefs: 00007FF63CC01A82

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@ExceptionThrowVlogger@1@_invalid_parameter_noinfo_noreturnmemcpy
String ID: --> $<-- $applyFeatures
API String ID: 2754777358-3880693748
Opcode ID: 47ba62d9c77227857e0959b267545b70627046f0f9cd6fe1a2594a67df9660b0
Instruction ID: 2243628806a1062a9ff182805162022e86ce04cde323c334324f1cfc9e838eab
Opcode Fuzzy Hash: 47ba62d9c77227857e0959b267545b70627046f0f9cd6fe1a2594a67df9660b0
Instruction Fuzzy Hash: 57517372A0CBD281EA21DB24F4403EAB3A1FB85790F405232F68D97B9AEF6CD545D740

Function 00007FF63CCF5EE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBF2010: memmove.VCRUNTIME140(?,?,?,?,?,00007FF63CCF5F54), ref: 00007FF63CBF2056

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF6009
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF6058

Strings

Status, xrefs: 00007FF63CCF5F2D
health, xrefs: 00007FF63CCF5F9F

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpymemmove
String ID: Status$health
API String ID: 3342947056-780223610
Opcode ID: 374f8e0efc4a2be6d927630b3a14ccab8e588f0b79b3d4f1a9ffaa31c54dd55c
Instruction ID: c634a739889e11ec7dcfddaa0598d658da526edce7f42652c5c81e763b5e6659
Opcode Fuzzy Hash: 374f8e0efc4a2be6d927630b3a14ccab8e588f0b79b3d4f1a9ffaa31c54dd55c
Instruction Fuzzy Hash: B6416D62F18B8589EB00DB74E4503AC23B2EB59798F005735FE5D62B9AEF38A194D344

Function 00007FF63CCF5B50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Part of subcall function 00007FF63CBF2010: memmove.VCRUNTIME140(?,?,?,?,?,00007FF63CCF5F54), ref: 00007FF63CBF2056

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF5C79
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF5CC8

Strings

Crashes, xrefs: 00007FF63CCF5B9D
health, xrefs: 00007FF63CCF5C0F

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpymemmove
String ID: Crashes$health
API String ID: 3342947056-1343094676
Opcode ID: 39ac023168b63cb63d0ed03efdb27b710be7cbf8612e8ce0afc7ffbe69ef2d5e
Instruction ID: 33ee21c9168a8c812df75027d6d6524ec1ca77ec885b0f8cca743cd192c73f15
Opcode Fuzzy Hash: 39ac023168b63cb63d0ed03efdb27b710be7cbf8612e8ce0afc7ffbe69ef2d5e
Instruction Fuzzy Hash: CE416D62F18B8589FB00DB74E4503AC23B1EB59798F005326FE5D62B9ADF38A194D384

Function 00007FF63CC50AB0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC50BE1

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\File.cpp, xrefs: 00007FF63CC50B43
bool __cdecl sj::file::createDirectories(const class std::filesystem::path &,class std::basic_string_view<char,struct std::char_traits<char> >), xrefs: 00007FF63CC50B59
Failed to create {0} directory: {1}, message: {2}, xrefs: 00007FF63CC50B7B

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\File.cpp$Failed to create {0} directory: {1}, message: {2}$bool __cdecl sj::file::createDirectories(const class std::filesystem::path &,class std::basic_string_view<char,struct std::char_traits<char> >)
API String ID: 3668304517-1138124595
Opcode ID: 8bbf276e30d0b0a0a7289de4286db50f3153d865d424e81a8149eff44283ccec
Instruction ID: ec947019c1e906bf789e3404722a36cae336e994a301fa0a92c570b1890f3cd8
Opcode Fuzzy Hash: 8bbf276e30d0b0a0a7289de4286db50f3153d865d424e81a8149eff44283ccec
Instruction Fuzzy Hash: 94412932B14E468AEB10CF69D4403EC33B5EB4879CF504229EA5C97B98EF38D596D740

Function 00007FF63CC42340 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON

Download Yara Rule

APIs

?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CC42431
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC4246C

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

Strings

M, xrefs: 00007FF63CC423EE
{}, errorCode = {}, desc: {}, xrefs: 00007FF63CC4240F

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@_invalid_parameter_noinfo_noreturnmemcpy
String ID: M${}, errorCode = {}, desc: {}
API String ID: 2203548047-1374277234
Opcode ID: 2ec4aa90d27d369503451c622cc6da923bc0ddefc1e607155f95c58265357023
Instruction ID: f152e89172d67fe65618a6a4f34f8a3a52401e5e47873d12abdf60ee640057f3
Opcode Fuzzy Hash: 2ec4aa90d27d369503451c622cc6da923bc0ddefc1e607155f95c58265357023
Instruction Fuzzy Hash: A2312F72A08B8581EA218B55F44136EB3A0FB997A4F109235EBDC42B59DF7CE1D5D700

Function 00007FF63CC2EB40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

memset.VCRUNTIME140 ref: 00007FF63CC2EBA5

Part of subcall function 00007FF63CC2EC50: memset.VCRUNTIME140 ref: 00007FF63CC2ECDB

Part of subcall function 00007FF63CBF4150: memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF63CC00F8D), ref: 00007FF63CBF4280

std::bad_exception::bad_exception.LIBCMT ref: 00007FF63CC2EC36
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC2EC47

Strings

Observable object is null., xrefs: 00007FF63CC2EC2A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memset$ExceptionThrowmallocmemmovestd::bad_exception::bad_exception
String ID: Observable object is null.
API String ID: 811297888-1264078947
Opcode ID: 8379f625c034ec5328940453baf03467528592e9c3b59f26a262ec4a5efa2fc4
Instruction ID: 1e87cedb765e4d3d1f488dc0c7659a62b376aa53bf73754477ee154b3a81e58e
Opcode Fuzzy Hash: 8379f625c034ec5328940453baf03467528592e9c3b59f26a262ec4a5efa2fc4
Instruction Fuzzy Hash: 0121AB32B09B4681EE24AB55E4600AA63E0FB89B84F584539FF8D87795EF3CE452D700

Function 00007FF63CC294B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

Part of subcall function 00007FF63CBEBAF0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF63CBEC44F), ref: 00007FF63CBEBB2E

Part of subcall function 00007FF63CC28FC0: memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC290F1
Part of subcall function 00007FF63CC28FC0: memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC29101

CreateMutexW.KERNEL32 ref: 00007FF63CC29538
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2957B
GetLastError.KERNEL32 ref: 00007FF63CC295A5

Strings

Global\, xrefs: 00007FF63CC29513

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpy$CreateErrorLastMutex_invalid_parameter_noinfo_noreturnmalloc
String ID: Global\
API String ID: 157778548-188423391
Opcode ID: e6bca1b41bb419770f6ffa834a410fd878bb7cc895152c258c93daf4573b267e
Instruction ID: e0d32c0fffe8c7dd71537bc7f81e925f5360d27d3dfab0de67641eaeccd8ca36
Opcode Fuzzy Hash: e6bca1b41bb419770f6ffa834a410fd878bb7cc895152c258c93daf4573b267e
Instruction Fuzzy Hash: AC318D72A08B8285EA208F64E4502AD77A0EB99B94F146335FA9D83799DF3CE580D344

Function 00007FF63CC059D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF63CC05A16
memcpy.VCRUNTIME140 ref: 00007FF63CC05A9B

Strings

string pointer is null, xrefs: 00007FF63CC05A0F
???, xrefs: 00007FF63CC05A30

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@memcpy
String ID: ???$string pointer is null
API String ID: 3266568664-321206555
Opcode ID: 86f585543508c5327c99ed386d71013f37be9285687acbf7d8dd3ee76f2ac370
Instruction ID: f0079d25c7ec0c8c83d292032a2d55c7522c2e954b3dede94296084fbd49ca36
Opcode Fuzzy Hash: 86f585543508c5327c99ed386d71013f37be9285687acbf7d8dd3ee76f2ac370
Instruction Fuzzy Hash: 262191B6B08A40C7D720AF15E44016AB7B0FB45BA4F480221EF9D47BA9CF3CD492D704

Function 00007FF63CC40550 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

CoTaskMemFree.OLE32 ref: 00007FF63CC405D2
GetLastError.KERNEL32 ref: 00007FF63CC40614
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC40643

Strings

SHGetKnownFolderPath failed, xrefs: 00007FF63CC40624

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ErrorExceptionFreeLastTaskThrow
String ID: SHGetKnownFolderPath failed
API String ID: 610400750-3999342879
Opcode ID: 71cb8c1f47cefbbeb995ad7ea0181c058c51c509a8fe54df2ec29b0fd790491c
Instruction ID: bf71e3aa975cf388e9bd7b7efb7336b95c0fd75093a95fea3e23bc02575869d3
Opcode Fuzzy Hash: 71cb8c1f47cefbbeb995ad7ea0181c058c51c509a8fe54df2ec29b0fd790491c
Instruction Fuzzy Hash: 9F215121A1CA8592EA109B65F4513ABA3E1EFD4790F505232FA9D83BA6DE7CE444DB00

Function 00007FF63CC05AD0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF63CC05B16
memcpy.VCRUNTIME140 ref: 00007FF63CC05B9B

Strings

string pointer is null, xrefs: 00007FF63CC05B0F
???, xrefs: 00007FF63CC05B30

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@memcpy
String ID: ???$string pointer is null
API String ID: 3266568664-321206555
Opcode ID: 443b089859f033496887ae98579ca935639ddf37ca743eb6820748fb60766d3d
Instruction ID: cc52bdcac98e220fc0305b0125def3a97b292cfa4acd4bc1b8ebbdbfa68c2eb7
Opcode Fuzzy Hash: 443b089859f033496887ae98579ca935639ddf37ca743eb6820748fb60766d3d
Instruction Fuzzy Hash: 2D2171B6B08A40C7D720AF15E440169B7B0FB45BA4F580225EF9D47BA9CF3DD552D704

Function 00007FF63CBF6416 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF63CBF6424
?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF63CBF644B

Strings

negative width, xrefs: 00007FF63CBF641D
number is too big, xrefs: 00007FF63CBF6444

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@
String ID: negative width$number is too big
API String ID: 4276112833-3850433991
Opcode ID: 4992826b4aaeef820654ec58dea5c6f29afef2cf689344ff19cbc58406afb27a
Instruction ID: e5c000c09fe73feb982ab16110c4627c6a82f077c75725f70c5053e4cd3e3539
Opcode Fuzzy Hash: 4992826b4aaeef820654ec58dea5c6f29afef2cf689344ff19cbc58406afb27a
Instruction Fuzzy Hash: 52E09A15F4941296EA14AB14E89127422D0EF55721F980235FD9EC67D0CF5CB9DAF221

Function 00007FF63CBF6430 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF63CBF6424
?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF63CBF644B

Strings

negative width, xrefs: 00007FF63CBF641D
number is too big, xrefs: 00007FF63CBF6444

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@
String ID: negative width$number is too big
API String ID: 4276112833-3850433991
Opcode ID: cb72e779278742215f8d0b135b92d509bf1e374171fdef89ed7e006aaebf5138
Instruction ID: b10424d6231d73f58e213161587948b25b655cf9fbe9c19f59718b800e7bdae3
Opcode Fuzzy Hash: cb72e779278742215f8d0b135b92d509bf1e374171fdef89ed7e006aaebf5138
Instruction Fuzzy Hash: F2E0B624F0881295FA14AB04E85127423D0AF26711FD80231FDAEC67E0CF2CB49AF222

Function 00007FF63CC2B9D0 Relevance: 6.3, APIs: 4, Instructions: 263COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2BADE
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC2BAFD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC2BB60
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC2BB97

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn$malloc
String ID:
API String ID: 3700908427-0
Opcode ID: 8ea52675089b041dee708b0995a6df6d67a795c6e258c87bb7d22281c1e9f697
Instruction ID: 7b520b6729631f76a4fd00c564dbc03d61dcec10673b5284299fcd550cf49730
Opcode Fuzzy Hash: 8ea52675089b041dee708b0995a6df6d67a795c6e258c87bb7d22281c1e9f697
Instruction Fuzzy Hash: 8FA1CE32B09B8A80EE15CB19E03437867E1EB44F94F585631EA5E877D5DE7CE491E340

Function 00007FF63CC56C40 Relevance: 6.2, APIs: 4, Instructions: 206COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,-00000001,00000110), ref: 00007FF63CC56D48
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,-00000001,00000110), ref: 00007FF63CC56E01
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,-00000001,00000110), ref: 00007FF63CC56E51
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,-00000001,00000110), ref: 00007FF63CC56E7A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency@@EventLogger@details@ScheduleTaskTask@_memmove
String ID:
API String ID: 396455994-0
Opcode ID: 2a8dd91546e4f4c81b8f2858e902edbbfc66d45c6a6d057d91a99eada70297d7
Instruction ID: be8d3035e228d7a9be7be021b3132761788583b133dd2181ff9a0742fae926e5
Opcode Fuzzy Hash: 2a8dd91546e4f4c81b8f2858e902edbbfc66d45c6a6d057d91a99eada70297d7
Instruction Fuzzy Hash: 6E819C72F05B8589EB10CBAAE4403AD73B1EB48BA4F158236EE5C53B99DF38D495D340

Function 00007FF63CBFBB50 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 186COMMON

Download Yara Rule

Strings

00000000, xrefs: 00007FF63CBFBCC0
00000000, xrefs: 00007FF63CBFBDAB

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID:
String ID: 00000000$00000000
API String ID: 0-1334471030
Opcode ID: dbe4742480f445492a1c01f9528298fba5bfef167ec8375b5b605829e4dc17d8
Instruction ID: 1f3a3deb8f678615fd7dd7150fdfbef3363b91757bb1d7aa1727f3dc781252fc
Opcode Fuzzy Hash: dbe4742480f445492a1c01f9528298fba5bfef167ec8375b5b605829e4dc17d8
Instruction Fuzzy Hash: AE81AA7BB08BA98ADB048F29D59026D7BA1F789FC8B048422EF5F43758DE38C452D741

Function 00007FF63CC18F60 Relevance: 6.2, APIs: 4, Instructions: 160COMMON

Download Yara Rule

APIs

_CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CC19EE4), ref: 00007FF63CC18F91

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ExceptionThrow
String ID:
API String ID: 432778473-0
Opcode ID: 94c3b8ba4955e49d7ca8d3c559f95e8769a566f88cb60d80466ea7a92f2a3978
Instruction ID: 67e9ee3a72679834b591fea3c8b7df0868c217b84a321b669ed29f0c69919c67
Opcode Fuzzy Hash: 94c3b8ba4955e49d7ca8d3c559f95e8769a566f88cb60d80466ea7a92f2a3978
Instruction Fuzzy Hash: 4D517E33608B8196DB54CB25E5803A977F4FB85B84F544125EB8D43B65CF3DE0A9D710

Function 00007FF63CC51F00 Relevance: 6.2, APIs: 4, Instructions: 151COMMON

Download Yara Rule

APIs

_Query_perf_frequency.MSVCP140 ref: 00007FF63CC52004
_Query_perf_counter.MSVCP140 ref: 00007FF63CC5200C
_Xtime_get_ticks.MSVCP140 ref: 00007FF63CC5209E
_Thrd_sleep.MSVCP140 ref: 00007FF63CC520F7

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Query_perf_counterQuery_perf_frequencyThrd_sleepXtime_get_ticks
String ID:
API String ID: 3083224308-0
Opcode ID: ade2907be6bac4d068bf5e4b1ecab8473e0259fc9cb2ba2ad9f45168235f72f0
Instruction ID: 646455da735b4731bb8783755552e056ac668bb6964e6f3e49d867c320dc8821
Opcode Fuzzy Hash: ade2907be6bac4d068bf5e4b1ecab8473e0259fc9cb2ba2ad9f45168235f72f0
Instruction Fuzzy Hash: 6C51F572B0978581DE14CB1AA4051BAA3E4BB887D4F545232FA5E9B791EE3DF042D700

Function 00007FF63CC53770 Relevance: 6.1, APIs: 4, Instructions: 143COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC5389A
WideCharToMultiByte.KERNEL32 ref: 00007FF63CC5391A
WideCharToMultiByte.KERNEL32 ref: 00007FF63CC5395E

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ByteCharMultiWide$Concurrency::cancel_current_task
String ID:
API String ID: 2514540991-0
Opcode ID: 389030662485acbe18035a11abb9e0daae1d41d88ffec9ff02d407f6e36ccd72
Instruction ID: 44eca367c1b556a25a0c962eba8f7302a858db7751af457a5cc02b85688f17c3
Opcode Fuzzy Hash: 389030662485acbe18035a11abb9e0daae1d41d88ffec9ff02d407f6e36ccd72
Instruction Fuzzy Hash: 0551A472A08B8186EB159F26E440329B7E1FB94F94F184236EB9D47B99DF3CD491E340

Function 00007FF63CBF4150 Relevance: 6.1, APIs: 4, Instructions: 135COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF63CC00F8D), ref: 00007FF63CBF4280

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF63CC00F8D), ref: 00007FF63CBF426D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF63CC00F8D), ref: 00007FF63CBF42EF
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBF42F6

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 2075926362-0
Opcode ID: 284e2d78b6a9c917c61611b10cee082f74cbe1be00ce1472c9e51d2375fb44da
Instruction ID: fffca35a1f3b2287d848ec9942dd3b4d36e42dc13a1d95f0d9ba953fb0054f9f
Opcode Fuzzy Hash: 284e2d78b6a9c917c61611b10cee082f74cbe1be00ce1472c9e51d2375fb44da
Instruction Fuzzy Hash: 0841DD66728B9585DA14CB65E0442AE73E0FB49BE0F908635EB6E837C4DF3CE191D300

Function 00007FF63CBF4310 Relevance: 6.1, APIs: 4, Instructions: 135COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140 ref: 00007FF63CBF443F

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

memmove.VCRUNTIME140 ref: 00007FF63CBF442C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF44B1
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBF44B8

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 2075926362-0
Opcode ID: e2e27bf9525e3c454ec943c6ef759883ffde707cb72a8567a517c27fb0db6143
Instruction ID: f0afff5a86e977a31b157e07c3c6ab50876ec12c1f2a0e4c22e91ddfc38c323d
Opcode Fuzzy Hash: e2e27bf9525e3c454ec943c6ef759883ffde707cb72a8567a517c27fb0db6143
Instruction Fuzzy Hash: F941D062B18AA586EA14CB65E44417A62D0FB45BE4F504735EBBE93BC5DF3CE091D300

Function 00007FF63CC02920 Relevance: 6.1, APIs: 4, Instructions: 129COMMON

Download Yara Rule

APIs

#21.WS2_32 ref: 00007FF63CC0298C
#3.WS2_32 ref: 00007FF63CC029A3
#10.WS2_32 ref: 00007FF63CC02ABF
#3.WS2_32 ref: 00007FF63CC02ACC

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97e7b3923b4e7e253eeac2e5ee6b6dc9f5c91ff5a412ff6ceabbf544e8eeb099
Instruction ID: e9b1cc9871c3a9874e63dadfb115a836cb5044c6e6296ec63e525a481f5ae84e
Opcode Fuzzy Hash: 97e7b3923b4e7e253eeac2e5ee6b6dc9f5c91ff5a412ff6ceabbf544e8eeb099
Instruction Fuzzy Hash: DC513F72B08AA18AE720CF65A4513AE23F1FB45B88F404135FE4E97B85DF38E559E340

Function 00007FF63CD08C80 Relevance: 6.1, APIs: 4, Instructions: 128COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

Part of subcall function 00007FF63CBE3690: memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CD08D8B
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 00007FF63CD08DA6
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF63CD08DD8
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF63CD08DF3

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_ios@??0?$basic_iostream@??0?$basic_streambuf@D@std@@@1@@Init@?$basic_streambuf@V?$basic_streambuf@mallocmemcpy
String ID:
API String ID: 4276565042-0
Opcode ID: 2a3d35135513db8fce08fafc9321c7b03ffc2304d2fc382de11b0cb013cffa81
Instruction ID: 33e7612623910f801da76dd7ad3de635ba54a9c5834d3e983763bee680c0d20a
Opcode Fuzzy Hash: 2a3d35135513db8fce08fafc9321c7b03ffc2304d2fc382de11b0cb013cffa81
Instruction Fuzzy Hash: 62516032A18B8586E711CF29F8403AA77A4FB99B44F559235EB8D83720DF38E1A5C740

Function 00007FF63CBEBD70 Relevance: 6.1, APIs: 4, Instructions: 113COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000002,00007FF63CBF2B13), ref: 00007FF63CBEBE39
memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000002,00007FF63CBF2B13), ref: 00007FF63CBEBEAC

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000002,00007FF63CBF2B13), ref: 00007FF63CBEBE99
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBEBEE0

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 2075926362-0
Opcode ID: b8ffe146ab6153751a4f2112104dee007a84bd9599e5a7fadec61f1b6c665ac3
Instruction ID: b49d8f62f971864921941231a7bbb03fcf9b66311f325d6ac8197f1fcdd7933f
Opcode Fuzzy Hash: b8ffe146ab6153751a4f2112104dee007a84bd9599e5a7fadec61f1b6c665ac3
Instruction Fuzzy Hash: 2141AF62709B9A81DA10CB66B44407A62E4FB49FE0B548B35EFAE83BD5CE3CE041D204

Function 00007FF63CBEBC00 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000010,?,00000000,?,00000002,00007FF63CBF2B13), ref: 00007FF63CBEBCBB
memmove.VCRUNTIME140(?,?,00000010,?,00000000,?,00000002,00007FF63CBF2B13), ref: 00007FF63CBEBD2A

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

memmove.VCRUNTIME140(?,?,00000010,?,00000000,?,00000002,00007FF63CBF2B13), ref: 00007FF63CBEBD17
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBEBD59

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 2075926362-0
Opcode ID: 8fef0472069c821175c2c846d5dceda37912b9250457431948ef2f37dbc0b77a
Instruction ID: 7aca74073621bae5730e219b76e099d32371b0b8cacec87db641f41a06fc5435
Opcode Fuzzy Hash: 8fef0472069c821175c2c846d5dceda37912b9250457431948ef2f37dbc0b77a
Instruction Fuzzy Hash: B331D26270ABA581ED14CB66B4042B966D0AB49FE0F548B34EFAE47BD5DE3CE081D305

Function 00007FF63CC28FC0 Relevance: 6.1, APIs: 4, Instructions: 107COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC290C1
memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC290F1
memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000,00000000,00007FF63CC29524), ref: 00007FF63CC29101
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC29135

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1775671525-0
Opcode ID: 8f888e23a4a2d030ab1ae8c541eac15482c98a6ea2d8d95329dcc3c816cd923a
Instruction ID: c0a51c7c461afe2d1213d5a5c5a14f96b9fdf5204a4e6a314c1a8adc6489978d
Opcode Fuzzy Hash: 8f888e23a4a2d030ab1ae8c541eac15482c98a6ea2d8d95329dcc3c816cd923a
Instruction Fuzzy Hash: 9B31BF72B09B5981EA10DB22A414179A2E4EB08BF4F549731FE7E97BD4DF38E496D300

Function 00007FF63CBF3F00 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF3FEA
memcpy.VCRUNTIME140 ref: 00007FF63CBF4017
memcpy.VCRUNTIME140 ref: 00007FF63CBF4026
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBF4058

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1775671525-0
Opcode ID: 8b4c48627a163a35239f91b9667ca76d414c5d0c4c8cd65418465c9b50966000
Instruction ID: ca316719af63da704a52c6233ae6e0b95c93165ece2da6e83f0d0537534cc321
Opcode Fuzzy Hash: 8b4c48627a163a35239f91b9667ca76d414c5d0c4c8cd65418465c9b50966000
Instruction Fuzzy Hash: 9031D222B09B9645EA10DB25A54423962E5EB05BE0F594731FE7F87BC9DF3CE0859301

Function 00007FF63CBEB4D0 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF63CBEB53E

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: e4f6586f6e2c904826065ead7285321132ca18020fa282a82dbc1e7897f69e42
Instruction ID: 28cf4cf68834a196fb5508be586b5baac8ea7f169fb2a937f5d8e654ddb2a0e3
Opcode Fuzzy Hash: e4f6586f6e2c904826065ead7285321132ca18020fa282a82dbc1e7897f69e42
Instruction Fuzzy Hash: A331B022B0A79645EA169B79B55037822D09F06FE4F241670EE2E47BD1DE38A8D3E305

Function 00007FF63CC535D0 Relevance: 6.1, APIs: 4, Instructions: 98COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF63CC53628
memmove.VCRUNTIME140 ref: 00007FF63CC53681
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF63CC536A7
memmove.VCRUNTIME140 ref: 00007FF63CC536EE

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: isspacememmove
String ID:
API String ID: 2277018807-0
Opcode ID: 589159fc9197f31c52cc9c3876d15ceaeff90be577bcd55d8144fc6578f68daa
Instruction ID: 518161055b8f3efebff70a0cb0a9f195dfbbf6efc46406293576bd0846620084
Opcode Fuzzy Hash: 589159fc9197f31c52cc9c3876d15ceaeff90be577bcd55d8144fc6578f68daa
Instruction Fuzzy Hash: 0B319132B08AA582EA109F2AD6441AC67F0FB44FD4F2C4535EB1D9BB95CF38D566E300

Function 00007FF63CBEBA80 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF63CBEC44F,?,?,?,?,?,?,00000000,00007FF63CBF2375), ref: 00007FF63CBEBACD
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBEBAE9
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF63CBEC44F), ref: 00007FF63CBEBB2E
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00007FF63CBEC44F), ref: 00007FF63CBEBB89

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 1155477157-0
Opcode ID: 569a150717ac1c7e450aa9e0b7952a267951aa34f9fba8ee3a445350757a466b
Instruction ID: ee607bf10633df8810a72d36abbdac2508b2095fecc63683e90d0bfedd7929d3
Opcode Fuzzy Hash: 569a150717ac1c7e450aa9e0b7952a267951aa34f9fba8ee3a445350757a466b
Instruction Fuzzy Hash: FC21F562F0675545ED24AB61B8403A922D0EF0ABB0F481731EF3E867D5EE3CE5C29301

Function 00007FF63CBE4BC0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,?,00000000,00007FF63CBE18E1), ref: 00007FF63CBE4C10
memset.VCRUNTIME140(?,?,00000000,00007FF63CBE18E1), ref: 00007FF63CBE4CAA
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBE4CC8

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memset$Concurrency::cancel_current_task
String ID:
API String ID: 3006004123-0
Opcode ID: 728753e0d56d2ad63d178040301d9b301dcee230adc17bdb2e1a5ac7cf472fe2
Instruction ID: 1de3c36816add152af4f6ecd70a2ee4e1bd30bff74a2e2e9528cd71a69342416
Opcode Fuzzy Hash: 728753e0d56d2ad63d178040301d9b301dcee230adc17bdb2e1a5ac7cf472fe2
Instruction Fuzzy Hash: 3A21F223B0A79641FA159BA5A54037822C09F05FE4F245730EF2E47BD1EE3CA4D2A201

Function 00007FF63CC118F0 Relevance: 6.1, APIs: 4, Instructions: 84COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CC119AC

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

memcpy.VCRUNTIME140 ref: 00007FF63CC119D9
memcpy.VCRUNTIME140 ref: 00007FF63CC119E8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CC11A09

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 1155477157-0
Opcode ID: ed6c2af39ee7660d0bed833a37bc19893379659f5e0fe59dfa76f0b8dd468947
Instruction ID: 8cf9764e675cd7c1c102ef33790c17d5678f6c8719bee7016d653564bc07b952
Opcode Fuzzy Hash: ed6c2af39ee7660d0bed833a37bc19893379659f5e0fe59dfa76f0b8dd468947
Instruction Fuzzy Hash: 8731E532B09B4540EA25DB57A5003A962E1AF44BE4F584735EFBD87BD1DE3CE086D300

Function 00007FF63CBE3690 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE36C8
memcpy.VCRUNTIME140(?,00000000,?,?,00007FF63CBE1360), ref: 00007FF63CBE3769
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CBE3787

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task
String ID:
API String ID: 326894585-0
Opcode ID: e84bc5a91a15ea117522a25a566df0ee6343534123993101346500784b5fb2fd
Instruction ID: 0a9dd611ea5b70936aa12fcb4c5c990d87e1d3a442262326735c3c133067bb2d
Opcode Fuzzy Hash: e84bc5a91a15ea117522a25a566df0ee6343534123993101346500784b5fb2fd
Instruction Fuzzy Hash: F921E562B0976645FA159B62B50037822D49B15FE0F542B70FF6E47BC1EF3CA492A311

Function 00007FF63CC5A360 Relevance: 6.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

_Mtx_lock.MSVCP140 ref: 00007FF63CC5A39E
_Mtx_unlock.MSVCP140 ref: 00007FF63CC5A3E3
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF63CC5A412
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF63CC5A422

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Cpp_error@std@@Throw_$Mtx_lockMtx_unlock
String ID:
API String ID: 3599876872-0
Opcode ID: 60265d954e970cebc199702e4548074a3d1b4a73bfd2f80d6fac9bd404776c72
Instruction ID: c90077e28a4755f258563b782cd49ca860d9030d7f306c9365a29af3ec4ec38f
Opcode Fuzzy Hash: 60265d954e970cebc199702e4548074a3d1b4a73bfd2f80d6fac9bd404776c72
Instruction Fuzzy Hash: CE21CF32A0868186E720DB26E45137E67E0FB89788F044235FB8D87BD5DF2CE481DB00

Function 00007FF63CD43F18 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00007FF63CD43F61
GetLastError.KERNEL32 ref: 00007FF63CD43F6F
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF63CBF40C9), ref: 00007FF63CD43FA4
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF63CBF40C9), ref: 00007FF63CD43FB2

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 93d6d66120067a7be0434c076a81461df443d59f5a315318fc383829697d1ba0
Instruction ID: b4f12aefd88fc61de26d0479d84b8e2de6abca6f7a0aefd32198b3fde10c6d28
Opcode Fuzzy Hash: 93d6d66120067a7be0434c076a81461df443d59f5a315318fc383829697d1ba0
Instruction Fuzzy Hash: 1221F976A18B8186E7208F15A44432EB6F4F799B94F644239EB8997B54DF3CD445CB00

Function 00007FF63CC4E000 Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF63CC4E01C
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140 ref: 00007FF63CC4E03F
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF63CC4E05C
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ.MSVCP140 ref: 00007FF63CC4E07E

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?eback@?$basic_streambuf@?setg@?$basic_streambuf@D00@Init@?$basic_streambuf@fclose
String ID:
API String ID: 1330854910-0
Opcode ID: 1af0b482c404b12b21c1fe4c5533ed09c4cb117b630ac41331082a0a84f3a560
Instruction ID: 2ca73bc8965dd206b9356bb303a505217e35817b9c4239405119189f01818048
Opcode Fuzzy Hash: 1af0b482c404b12b21c1fe4c5533ed09c4cb117b630ac41331082a0a84f3a560
Instruction Fuzzy Hash: 7A117032B08B4292EB448B66E64436977E1FB88BC4F454135EB5987B64CF3CE469D340

Function 00007FF63CBE35B1 Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF63CBE35CE
?uncaught_exceptions@std@@YAHXZ.MSVCP140 ref: 00007FF63CBE35D5
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF63CBE35E1
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF63CBE35F3

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$?rdbuf@?$basic_ios@?setstate@?$basic_ios@?uncaught_exceptions@std@@D@std@@@2@Osfx@?$basic_ostream@V?$basic_streambuf@
String ID:
API String ID: 3156628947-0
Opcode ID: 2b16a58e7f79a2b7e58f2c7fc8d8c964df8711148af7e36e5ca8e02e71ea44f9
Instruction ID: 33c3e6e832a6e7d09c29cc48e9d70ec0cf5a914029ccfdb0b28b65819a4ef170
Opcode Fuzzy Hash: 2b16a58e7f79a2b7e58f2c7fc8d8c964df8711148af7e36e5ca8e02e71ea44f9
Instruction Fuzzy Hash: 38F03126B14B5582EB14CB2AE45413E67E0FF8AF95B455422EE4E93714CF3CE486DB00

Function 00007FF63CD43D0C Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

SetFileInformationByHandle.KERNEL32 ref: 00007FF63CD43D2C
GetLastError.KERNEL32 ref: 00007FF63CD43D36
SetFileInformationByHandle.KERNEL32 ref: 00007FF63CD43D69
GetLastError.KERNEL32 ref: 00007FF63CD43D73

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ErrorFileHandleInformationLast
String ID:
API String ID: 275135790-0
Opcode ID: b9748472765abdbe411f80428384f578a8a47290666029b16d576a7d48743f65
Instruction ID: 048e7d0fc9acb2b1a1072a7dd9871a6317557cf61f2e03f90949dc4b7d46e224
Opcode Fuzzy Hash: b9748472765abdbe411f80428384f578a8a47290666029b16d576a7d48743f65
Instruction Fuzzy Hash: 70F08C35B0864282FB644B7898986B936E0DF98745F840335F70AC2BA4DF6CE989E641

Function 00007FF63CD18CF0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 208COMMON

Download Yara Rule

Strings

Empty host name, xrefs: 00007FF63CD18F3A
Invalid http protocol: {}, xrefs: 00007FF63CD18F66

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID:
String ID: Empty host name$Invalid http protocol: {}
API String ID: 0-3721568922
Opcode ID: 85d91dd5a24688f098aaea6ad137ceeaf44574177736c6170d1251d57fdf29e5
Instruction ID: c8fb464bd3ea7517a118b3a3c9c46ea70d05dbc095712beef63c6882ef0bccc9
Opcode Fuzzy Hash: 85d91dd5a24688f098aaea6ad137ceeaf44574177736c6170d1251d57fdf29e5
Instruction Fuzzy Hash: 03A16B72A04B918AE715CB68E8443EC33F5FB58B48F648235EA8D87761EF399596D300

Function 00007FF63CC0CDA0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 171COMMON

Download Yara Rule

APIs

_Mtx_init_in_situ.MSVCP140 ref: 00007FF63CC0CDEE

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

Part of subcall function 00007FF63CBFC930: #115.WS2_32 ref: 00007FF63CBFC971

Part of subcall function 00007FF63CD44DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CD44DF0
Part of subcall function 00007FF63CD44DC0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63CD44DF6

memset.VCRUNTIME140 ref: 00007FF63CC0CE65

Part of subcall function 00007FF63CBFE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE79F
Part of subcall function 00007FF63CBFE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE7CC
Part of subcall function 00007FF63CBFE760: CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE851
Part of subcall function 00007FF63CBFE760: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE860
Part of subcall function 00007FF63CBFE760: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,000000E0,00000000,00007FF63CC32337), ref: 00007FF63CBFE86B

Strings

SynchronousDownloader, xrefs: 00007FF63CC0CFF2

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: Concurrency::cancel_current_taskCreateErrorEventLast$#115CloseHandleMtx_init_in_situmallocmemset
String ID: SynchronousDownloader
API String ID: 1929616685-1236417834
Opcode ID: 4c0ec8cd42f221e3856db36630d032f99867ee9a4e8e232b5733c5224368e29b
Instruction ID: 891b835412be64c1d496b650003b5efbdbd479cb0ef8a4da541980256533a9b0
Opcode Fuzzy Hash: 4c0ec8cd42f221e3856db36630d032f99867ee9a4e8e232b5733c5224368e29b
Instruction Fuzzy Hash: 4A71CF32609B9186EB04DF25E4402A973F8FB85B90F144239FB9D87B91DF38E4A1D341

Function 00007FF63CBF2DD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 165COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140 ref: 00007FF63CBF2EF6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBF3025

Strings

[json.exception., xrefs: 00007FF63CBF2EEC, 00007FF63CBF2F0A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemmove
String ID: [json.exception.
API String ID: 4032823789-791563284
Opcode ID: b390ec8f9af7463146ca04b12ed2aeed8b35a9531a73bd46fe9c72df6ff1ea84
Instruction ID: bc2fa054cc38302beacd489604f078384eae070e41041e06700b1e5e4e4d073a
Opcode Fuzzy Hash: b390ec8f9af7463146ca04b12ed2aeed8b35a9531a73bd46fe9c72df6ff1ea84
Instruction Fuzzy Hash: 0561E226B28A9186EB10CB29E14036D77E1FB86BC0F405131FA9E43B95CF7DE091E742

Function 00007FF63CBED2F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF38EE
Part of subcall function 00007FF63CBF3850: memchr.VCRUNTIME140 ref: 00007FF63CBF398B

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CBED424
_CxxThrowException.VCRUNTIME140 ref: 00007FF63CBED4A0

Strings

type must be string, but is , xrefs: 00007FF63CBED470

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: memchr$ExceptionThrow_invalid_parameter_noinfo_noreturn
String ID: type must be string, but is
API String ID: 3608948996-1861512233
Opcode ID: c1288b6ea4e385bbba9f34e49b2e74f732b2e3705969180e2eec5f19c6fd9361
Instruction ID: c50e49e56454476c115755a65a34564476f4fab438c4ca9797dd8d6d8bfa2ada
Opcode Fuzzy Hash: c1288b6ea4e385bbba9f34e49b2e74f732b2e3705969180e2eec5f19c6fd9361
Instruction Fuzzy Hash: 1251D662F0864299EB00DFB0D4503FD23F1EB52B88F805572FA0E97B99DE68E599D340

Function 00007FF63CC541A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118COMMON

Download Yara Rule

APIs

__std_exception_destroy.VCRUNTIME140 ref: 00007FF63CC55068
__std_exception_destroy.VCRUNTIME140 ref: 00007FF63CC55075

Strings

value, xrefs: 00007FF63CC54F9D

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: 120ff347780bebb6b864a59579c506270729c4525bd8babaa6c612a8c1da210d
Instruction ID: 1c575ba4dadd1e5abc3f8f63e0086f918af22b5057d61dc71ab0450907d143f0
Opcode Fuzzy Hash: 120ff347780bebb6b864a59579c506270729c4525bd8babaa6c612a8c1da210d
Instruction Fuzzy Hash: 0651B122E18BC586E701DB75E8012EE63B0FB95754F402222FE8D53B9ADF78D585D740

Function 00007FF63CC191A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

__std_exception_destroy.VCRUNTIME140 ref: 00007FF63CC19F1E
__std_exception_destroy.VCRUNTIME140 ref: 00007FF63CC19F2B

Strings

value, xrefs: 00007FF63CC19E6A

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: __std_exception_destroy
String ID: value
API String ID: 2453523683-494360628
Opcode ID: e7261f1b1aa2e4bc0d1fdcba35ae9b5817c6e220d6578cda23aced0531577bf7
Instruction ID: fffafee359338c5fa9a5d563cb36d316d85b993a632ead69a1b642b96b2ac755
Opcode Fuzzy Hash: e7261f1b1aa2e4bc0d1fdcba35ae9b5817c6e220d6578cda23aced0531577bf7
Instruction Fuzzy Hash: CE41B032E18B8585E701DB79E8402ED67B0FB95788F501236FA4E53B5ADF38E185D740

Function 00007FF63CCF8C50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON

Download Yara Rule

APIs

?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CCF8D4C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF8DD0

Strings

Bearer {}, xrefs: 00007FF63CCF8D2D

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@_invalid_parameter_noinfo_noreturn
String ID: Bearer {}
API String ID: 448292810-2946171165
Opcode ID: cc4fa06fef6759143cf7ab9e5ba66c8570a5346837d1c5ebbb1b9bbc50ec41b5
Instruction ID: 7ab8444b756e392891dbb0b3701c2ec028782c052e4081ef091d0edf4fb5e0ce
Opcode Fuzzy Hash: cc4fa06fef6759143cf7ab9e5ba66c8570a5346837d1c5ebbb1b9bbc50ec41b5
Instruction Fuzzy Hash: EB514832B14B459AE700CFA5E4402EC73B1FB49B98F404226EE9DA3B58EF38D695D354

Function 00007FF63CBFA560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT(?,?,?,?,?,00007FF63CC06F56), ref: 00007FF63CBFA64A

Strings

invalid format string, xrefs: 00007FF63CBFA643
number is too big, xrefs: 00007FF63CBFA5F8

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@
String ID: invalid format string$number is too big
API String ID: 4276112833-4130106228
Opcode ID: 7685011a27de2bccb8cdd5f5240c374d0dd95c05714106fed2110c0798d49b06
Instruction ID: bd14815fbd68977dda34e3f964f033a83ca3bb02c18b6ad0ccd1fd579f6b77a0
Opcode Fuzzy Hash: 7685011a27de2bccb8cdd5f5240c374d0dd95c05714106fed2110c0798d49b06
Instruction Fuzzy Hash: BF21E566B18566C9EE658B09E5002BD73E1FB46FC4FC80131EA2E877D1DE2CE9859B01

Function 00007FF63CCF6140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF63CCF6207

Strings

C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashDetector.cpp, xrefs: 00007FF63CCF616C
__cdecl sj::CrashDetector::~CrashDetector(void) noexcept, xrefs: 00007FF63CCF614F

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\services\crash-detector\CrashDetector.cpp$__cdecl sj::CrashDetector::~CrashDetector(void) noexcept
API String ID: 3668304517-622803845
Opcode ID: 29d1a1a8700e94298505865ca03f563e8c4a06911b2947dfc9c8271ae3d0154d
Instruction ID: f931fc3a854de2517550b0195957f3d009b96cd2bbb06b1002ee0a0cc9385edc
Opcode Fuzzy Hash: 29d1a1a8700e94298505865ca03f563e8c4a06911b2947dfc9c8271ae3d0154d
Instruction Fuzzy Hash: ED218B72609B8495EB10CF64E8443AD73E4FB49BA4F504335E6AC86B98DF3CC598C740

Function 00007FF63CC44420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CC41620: ?default_logger_raw@spdlog@@YAPEAVlogger@1@XZ.SPDLOG ref: 00007FF63CC41663
Part of subcall function 00007FF63CC41620: ?log@logger@spdlog@@QEAAXUsource_loc@2@W4level_enum@level@2@V?$basic_string_view@D@v10@fmt@@@Z.SPDLOG ref: 00007FF63CC416B5

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF63CC447AC), ref: 00007FF63CC444BD

Strings

void __cdecl sj::sys::logError(class std::basic_string_view<char,struct std::char_traits<char> >,unsigned __int64) noexcept, xrefs: 00007FF63CC44469
C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\Sys.cpp, xrefs: 00007FF63CC4445D

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?default_logger_raw@spdlog@@?log@logger@spdlog@@D@v10@fmt@@@Usource_loc@2@V?$basic_string_view@Vlogger@1@W4level_enum@level@2@_invalid_parameter_noinfo_noreturn
String ID: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\utils\Sys.cpp$void __cdecl sj::sys::logError(class std::basic_string_view<char,struct std::char_traits<char> >,unsigned __int64) noexcept
API String ID: 298516329-1219557809
Opcode ID: 74ba7621bcb060175016eebe0053ce773e17a64ea4a2c787ff87fb66cfffdf27
Instruction ID: b013602a8a27b7e41be97d3f2d97103b0519dd84a99a78de5ae6557041c167d4
Opcode Fuzzy Hash: 74ba7621bcb060175016eebe0053ce773e17a64ea4a2c787ff87fb66cfffdf27
Instruction Fuzzy Hash: 69116072B08A8281EA11DB14E4412AA73B0FF85794F505331F69C46BA9EE3CE185D740

Function 00007FF63CBF9069 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

?throw_format_error@detail@v10@fmt@@YAXPEBD@Z.FMT ref: 00007FF63CBF908E
memcpy.VCRUNTIME140 ref: 00007FF63CBF90F4

Strings

string pointer is null, xrefs: 00007FF63CBF9087

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?throw_format_error@detail@v10@fmt@@memcpy
String ID: string pointer is null
API String ID: 3266568664-3607014066
Opcode ID: ab65d7a8ee0861cbda4b976a951de194d4b674da85fb3cd8e80882ded8c830d9
Instruction ID: 2862eaf028f8acb6fe4c6c09a855457a5299036f9812956a9831bb60ff722329
Opcode Fuzzy Hash: ab65d7a8ee0861cbda4b976a951de194d4b674da85fb3cd8e80882ded8c830d9
Instruction Fuzzy Hash: 90113C26B08A1695EB18DF25D45023927E1FB02FA4F840632EF2E877D4CF39E854E345

Function 00007FF63CC478F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

?vformat@v10@fmt@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string_view@D@12@V?$basic_format_args@V?$basic_format_context@Vappender@v10@fmt@@D@v10@fmt@@@12@@Z.FMT ref: 00007FF63CC4797F

Strings

"", xrefs: 00007FF63CC47949
{0}.{1}.{2}.{3}, xrefs: 00007FF63CC47942

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: ?vformat@v10@fmt@@D@12@D@2@@std@@D@std@@D@v10@fmt@@@12@@U?$char_traits@V?$allocator@V?$basic_format_args@V?$basic_format_context@V?$basic_string@V?$basic_string_view@Vappender@v10@fmt@@
String ID: ""${0}.{1}.{2}.{3}
API String ID: 2793583501-2861956240
Opcode ID: c8406281fd46a207923ddaa1e9e22a369e366dc2522e3131d628f1cb390a642f
Instruction ID: 55be5dff4e6d6265aca4b5aefd43f1dcfc5f2b4caef28c259d5337c89c34f7be
Opcode Fuzzy Hash: c8406281fd46a207923ddaa1e9e22a369e366dc2522e3131d628f1cb390a642f
Instruction Fuzzy Hash: 8011D776508BC496E7218B2CE00579AB3B0FB98758F145325EFCC42715EB3ED686CB40

Function 00007FF63CC09FC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__std_exception_copy.VCRUNTIME140 ref: 00007FF63CC0A004

Part of subcall function 00007FF63CBFDFC0: __std_exception_copy.VCRUNTIME140 ref: 00007FF63CBFDFE4

_CxxThrowException.VCRUNTIME140 ref: 00007FF63CC0A03A

Strings

no format, xrefs: 00007FF63CC09FE9

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: __std_exception_copy$ExceptionThrow
String ID: no format
API String ID: 391329204-3685095023
Opcode ID: 10cf889178c9e3f664efd049b926dc0df05791ab3fbae8b3c57afc1507dc0831
Instruction ID: 77b5cbc1066a5e7582c35cade2b4c378e38daa35c225f8aaf250f6f6cea8f93d
Opcode Fuzzy Hash: 10cf889178c9e3f664efd049b926dc0df05791ab3fbae8b3c57afc1507dc0831
Instruction Fuzzy Hash: 4D01483161CB8695EB10DB10E45019AB7A4F799344F544235F6CD46769EF7CD285DB00

Function 00007FF63CBF4810 Relevance: 5.2, APIs: 4, Instructions: 175COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF63CBF4843
LeaveCriticalSection.KERNEL32 ref: 00007FF63CBF494B
EnterCriticalSection.KERNEL32 ref: 00007FF63CBF49B9
LeaveCriticalSection.KERNEL32 ref: 00007FF63CBF4A07

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 129f1f8990404c67cd8dddf24f8df5419b01036c19c459ceb7d1a340435ad99f
Instruction ID: edc016486c5f5a8675ba877e6620aa7bdb46f805f3222b5b0c91a9e4babf697d
Opcode Fuzzy Hash: 129f1f8990404c67cd8dddf24f8df5419b01036c19c459ceb7d1a340435ad99f
Instruction Fuzzy Hash: E5716D26F08BA588FB15CF6198502BD27E4FB4AB88F189135EE4E67B48DF38D485D701

Function 00007FF63CBF4BE0 Relevance: 5.1, APIs: 4, Instructions: 92COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF63CD44DC0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FF63CBE38C4), ref: 00007FF63CD44DDA

Part of subcall function 00007FF63CBFB160: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF63CBF4C70), ref: 00007FF63CBFB19E
Part of subcall function 00007FF63CBFB160: __std_type_info_compare.VCRUNTIME140 ref: 00007FF63CBFB1ED
Part of subcall function 00007FF63CBFB160: LeaveCriticalSection.KERNEL32 ref: 00007FF63CBFB206
Part of subcall function 00007FF63CBFB160: EnterCriticalSection.KERNEL32 ref: 00007FF63CBFB228
Part of subcall function 00007FF63CBFB160: __std_type_info_compare.VCRUNTIME140 ref: 00007FF63CBFB260
Part of subcall function 00007FF63CBFB160: LeaveCriticalSection.KERNEL32 ref: 00007FF63CBFB281

EnterCriticalSection.KERNEL32 ref: 00007FF63CBF4C8A
LeaveCriticalSection.KERNEL32 ref: 00007FF63CBF4D02
EnterCriticalSection.KERNEL32 ref: 00007FF63CBF4D14
LeaveCriticalSection.KERNEL32 ref: 00007FF63CBF4D30

Memory Dump Source

Source File: 00000000.00000002.3228080943.00007FF63CBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF63CBE0000, based on PE: true

Associated: 00000000.00000002.3228056939.00007FF63CBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228249566.00007FF63CD5C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228269260.00007FF63CD5E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228313928.00007FF63CDB4000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228333609.00007FF63CDB5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228349860.00007FF63CDB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3228379406.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff63cbe0000_sj-updater-app.jbxd

Similarity

API ID: CriticalSection$EnterLeave$__std_type_info_compare$malloc
String ID:
API String ID: 2801097596-0
Opcode ID: c9c13417e019b7047018e2c4698dfa376b7fec7e758ea7216874753a9204436d
Instruction ID: 911d355a7974650ed2b656d7dd2285fbc56cd37efd6dbbf397e829f9d468a13d
Opcode Fuzzy Hash: c9c13417e019b7047018e2c4698dfa376b7fec7e758ea7216874753a9204436d
Instruction Fuzzy Hash: 0F419C37A08B9186E760CF11E4402AD77E8FB99B84F065236EACE43764DF38E1A5C701

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report sj-updater-app.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

UDP Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: sj-updater-app.exePID: 3716, Parent PID: 1028

General

Chronological Activities

Analysis Process: conhost.exePID: 1864, Parent PID: 3716

General

Chronological Activities

Disassembly

Windows Analysis Report
sj-updater-app.exe